根据 Bloomberg 基于对 15 名前 Ivanti 与 Pulse 员工及其他消息来源的采访报导,在利率上升压力下,收购后削减成本呈现出一种模式:据称 Ivanti 背负 $2.8 billion 债务,于 2020 年末收购后开始裁员,并在 2022 年借贷成本上升时加大削减力度。前员工表示,工程与安全能力被掏空,交易完成后 Pulse 立即裁掉 70 人(约占 650 名员工的 11%),加州与英国也有大幅缩编,且工作转移至印度;Ivanti 对这些人数说法提出异议,并称安全投入有所改善。在此期间,至少 3 场与中国国家有关联的大型行动攻击了 Connect Secure,利用了超过 12 个先前未知的漏洞;其中一起早期事件与 119 个受害组织有关,而 Ivanti 表示没有证据显示中国骇客在 2021 年入侵 Pulse 或 Ivanti 内部 IT,并否认曾交付任何后门。
其后果扩散至客户、政策与金融层面:五角大厦相关机构、MITRE、FAA、海军、海军陆战队、财政部等单位移除或缩减了 Connect Secure,而部分营运者因替换停机风险仍保留有限部署。到 2025 年 2 月,Ivanti 客户数由约 50,000 降至 34,000(接近 1/3 下滑),据报现金降至 $8 million,并已动用 $76 million 信贷;公司于 2025 年 5 月执行困境债务交换,新增一笔 $350 million 贷款,将总债务推升至约 $3.1 billion,并把到期日延长至 2029。整体市场数据勾勒出更广泛的张力:网路安全支出由 2024 年的 $193 billion 上升至 2025 年预期的 $213 billion,年成长率 >10%;私募股权在 2020-2025 年间于 >1,600 笔资安交易中投入约 $208 billion(交易笔数接近前一期间的 3x);而困境交换在最近 3 年达 182 件,前一期间为 100 件;所引研究显示,此类交换超过半数再次违约,且往往在 2 年内发生,进一步强化了外界对所有权激励可能与长期软体安全不一致的疑虑。
The article argues that Ivanti’s Connect Secure VPN crisis was shaped by private equity financing as much as by hostile cyber activity. After Ivanti was assembled in 2017 through leveraged buyouts and bought Pulse Secure in 2020 in another debt-funded deal, US agencies and major enterprises remained deeply exposed because the product was widely deployed across federal and defense systems, critical infrastructure, and finance, including more than 2,000 banks. In early 2024, CISA issued an emergency order to disconnect Connect Secure, then found 2 of its own sensitive databases compromised despite applying Ivanti’s patch, prompting US and Five Eyes authorities to warn of “significant risk” and senior officials to advise customers not to use the product.
Bloomberg’s reporting, based on interviews with 15 former Ivanti and Pulse employees plus other sources, describes a pattern of post-acquisition cost cutting during rising-rate stress: Ivanti reportedly carried $2.8 billion in debt, began layoffs after late-2020 acquisition, and intensified cuts in 2022 as borrowing costs rose. Former staff said engineering and security capability was hollowed out, with 70 Pulse layoffs immediately after close (about 11% of 650 staff), major reductions in California and the UK, and a shift of work to India; Ivanti disputes these headcount claims and says security investment improved. During this period, at least 3 major Chinese state-linked campaigns hit Connect Secure, exploiting more than 12 previously unknown flaws; one early incident was tied to 119 compromised organizations, while Ivanti says it has no evidence Chinese hackers breached Pulse or Ivanti internal IT in 2021 and denies shipping any backdoor.
The consequences spread across customers, policy, and finance: Pentagon entities, MITRE, FAA, Navy, Marine Corps, Treasury, and others removed or reduced Connect Secure, while some operators kept limited deployments due to replacement downtime risk. Ivanti’s customer count fell from about 50,000 to 34,000 by February 2025 (nearly 1/3 decline), cash reportedly dropped to $8 million with $76 million drawn on credit, and the firm executed a distressed debt exchange in May 2025 that added a new $350 million loan and pushed total debt to about $3.1 billion with maturities extended to 2029. Market-wide figures frame the broader tension: cybersecurity spending rose from $193 billion in 2024 to an expected $213 billion in 2025 with >10% annual growth, private equity spent about $208 billion across >1,600 cyber deals from 2020-2025 (nearly 3x prior period deal count), and distressed exchanges reached 182 in the last 3 years versus 100 in the prior period; studies cited show more than half of such exchanges re-defaulted, often within 2 years, reinforcing concerns that ownership incentives may be misaligned with long-term software security.