In a Crowded Endpoint Security Market, Consolidation Is Underway

  /     /     /  
Publicated : 23/11/2024   Category : security


In a Crowded Endpoint Security Market, Consolidation Is Underway


Experts examine the drivers pushing todays endpoint security market to consolidate as its many players compete to meet organizations changing demands and transition to the cloud.



The overcrowded endpoint security market is rife with activity as its many players compete to meet new enterprise demands and large companies buy small ones in hopes of staying afloat.
Gartner listed 20 companies in its 2019 Magic Quadrant for Endpoint Protection Products, says Peter Firstbrook, research vice president with the company and one of the reports authors, but he could have easily invited another 10. Theres far too many, he points out. This market is overdue for consolidation.
What made it so crowded? There are two types of companies in the endpoint security market, which, in general, provides centrally managed technology to lock down the endpoint. The traditional giants, including McAfee, Symantec, and Kaspersky, were early players in the market and historically provided antivirus tools and firewalls to defend machines against cyberattacks.
Then someone would come up with a new way to attack endpoints, and someone else would come up with a way to block those attacks, says John Pescatore, SANS director of emerging security trends, of how the market evolved – until a new wave of companies introduced the idea that protection is never perfect. Businesses must be able to detect and respond to threats.
The shift to endpoint detection and response (EDR), and the consequent proliferation of endpoint-focused companies, began when ransomware started to become a major enterprise problem, Firstbrook explains. Incumbent providers were complacent in their roles and caught flat-footed when ransomware hit. It wasnt necessarily the vendors fault, he adds, noting that customers didnt always upgrade their systems as needed. Still, the problem demanded a change in how organizations approached security and kept their security software up-to-date. 
Ransomware was a big wake-up call, costing serious amounts of money, and companies were going out of business, Firstbrook says. Incoming EDR companies, including CrowdStrike, Carbon Black, SentinelOne, and Endgame, took an approach to security the older players hadnt, with behavioral-based detection instead of seeking indicators of compromise. Its much more efficient to watch for strange behavior than to watch for every version of malicious software.
Its really hard for [attackers] to completely rearchitect a program, Firstbrook says. Behavioral-based detection forces them to rewrite it. EDR and behavioral detection are becoming primary components of endpoint detection solutions. EDR companies brought several new advantages — for example, the ability to run on top of more traditional platforms.
These startups, with their new behavioral-based approach and assumed breach mindset, generated venture capital money, Firstbrook explains, and the market grew. Both old and new endpoint security businesses have their strengths. Now, there are simply too many of them.
Redefining the Endpoint
One of the biggest trends in todays endpoint security market is product management, and much of the decision-making for security products is moving to the cloud. Traditional endpoint companies sold on-premises systems to communicate with a central cloud server that provides IOC data. That made it tough to keep users updated; however, moving management servers to the cloud eliminates this requirement and gives users the most current protection.
Cloud and virtualization are changing the definition of the endpoint and companies approach to securing it, SANS Pescatore explains. As the attack surface grows to include firmware and supply chain attacks, organizations are investing more in cloud-native products to protect themselves.
The promise of a cloud-based platform is as threats change, companies can detect and react to changes without having to install any new management software. They dont have to maintain the management server, its easy to get up and running, and its easy to pull data from clients outside the network. While cloud native is hard to define, Firstbrook points to CrowdStrike as the best example, citing its lightweight architecture and role as a rules enforcement engine and data collection engine. If a company has an idea for how to create a rule, it can do it.
Amid such a disruptive period, it can be difficult for bigger firms to keep up. Firstbrook points to Symantec: It offers a cloud-based management console, but there is not a lot of integration between protective technology and EDR technology. He says it may be a little more clunky, and a little less efficient, until the company converges to fully cloud-native architecture.
They see the changes, and theyre addressing them, but I think at this point its such a big change they may not make the changes in time to really capture it, Firstbrook adds.
On top of the move to cloud, there is a greater demand for simplicity, says Hank Thomas, partner at Strategic Cyber Ventures. Security buyers in the enterprise are tired of dealing with complex systems and multiple point products for narrowly focused needs. They want to focus on security tools that they can remotely maintain and are consolidated in one place, he said.
Endpoint security products are becoming harder to use, Firstbrook points out. People want them to be more sensitive, but theyre not always qualified to review the data and say whether its a false positive or actual threat. As a result, vendors are starting to provide more operational services, from installation, to configuration, to light management, to full management. IT teams dont have time to swap out their vendors, learn a new tool, and continuously monitor it.
Endpoint is something everyone has to do, but not every company has to be an expert in, he adds. Going forward, it will be important for endpoint security tools to adopt to different detection technologies or new machine learning techniques without the client needing to act.
Too Many Cooks in the Kitchen?
The endpoint security market has grown packed with companies old and young attempting to meet these new enterprise demands. Several recent acquisitions underscore the growing importance of new technologies among older companies struggling to innovate, experts say.
{Continued on next page} 
Ultimately, the reason why the consolidation is occurring is people have to remain competitive in a very, very crowded market right now, Thomas says. Larger security companies are stuck on creating new offerings, and they look to the startup community to help them fill the gaps. He points to a lack of innovation in larger endpoint players, including McAfee and Symantec, and he believes their goal will likely be to grow through acquisition of smaller companies.
The stream of M&A is constant and telling: VMware
agreed
to buy Carbon Black, HP recently agreed to
acquire
Bromium, BlackBerry
picked up
Cylance, and Thoma Bravo
snapped up
Sophos. There are probably too many vendors coming at this market in different ways, so a degree of simplification is in order, says Rik Turner, principal analyst at Ovum, of the ongoing activity.
Some of these deals could hold clues for where the future of the market is headed. VMware, for example, could boost the appeal of its infrastructure platform if it promises to integrate security; both Firstbrook and Thomas agree the deal could accelerate growth for the company. Elastics acquisition of Endgame is another deal bringing security into a non-security business.
But it poses an important question, Firstbrook notes: What if others – Kubernetes, Red Hat, Google – did the same thing? Companies buying operating system technology will find security already built in, and they could choose to enable that directly rather than buy a separate product. He thinks we can expect these types of acquisitions to continue into the future.
This is also why Microsoft is a company to watch, he adds. Theyre the biggest threat to all of these vendors because theyre built right into the OS and theyre proving a good product now, Firstbrook says.
Still, the security landscape is littered with acquisitions of security companies that didnt work, Pescatore says. There is a belief that baking in security can overcome obstacles, but the big issue is one thing weve proven: its really, really hard for the infrastructure to protect itself, he says. Microsoft integrated security into Windows, for example, but Windows still has vulnerabilities.
Looking Ahead
Not every endpoint security startup will be acquired by a security company. Some will move into an adjacent business, like the Internet of Things (IoT) and operation tech (OT) security; others will be bought by OS or hardware vendors. Firstbrook anticipates well see some rolled into other technology vendors.
Thomas says he thinks the industry will also see the private equity community get more involved. Thoma Bravo, for example, has developed expertise in buying security firms: Barracuda, Veracode, Imperva, McAfee, and LogRhythm are among its investments. Its not just the big players jumping into the acquisition game – private investment firms have joined as well.
Essentially, the best private equity guys are taking companies private to relieve them from the pressure of Wall Street, allowing them to grow in private and then potentially go public again at a later date, Turner says.  
Related Content:
8 Ways Businesses Unknowingly Help Hackers
Glitching: The Hardware Attack that can Disrupt Secure Software
State of SMB Insecurity by the Numbers
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for 
more information
 and, to register, 
here
.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
In a Crowded Endpoint Security Market, Consolidation Is Underway