Analytics
11/12/2014
10:45 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Better Together: Why Cyber Security Vendors Are Teaming Up

Alliances, mergers, and acquisitions are ushering in an era of unprecedented "co-opetition" among former rivals for your point solution business.

Chief Information Security Officers have been grumbling for some time about the perplexing abundance of cyber security point solutions and the lack of integration among them. Enterprise security departments often need to buy a separate solution per threat or vulnerability. In many cases, these newly introduced solutions don’t communicate with one another, and, worse, they tend to require security teams to log on to multiple, vendor-specific management consoles maintaining dozens of point solutions, each targeted at a niche gap within a comprehensive defense strategy.

We agree with the CISOs on both counts: the need to consolidate resources and the claim that, historically, vendors have done little to "play together." However, we also believe that in 2014 there has been increased cooperation and partnership among cyber security vendors to the point that the CISOs’ concerns are finally being addressed, albeit gradually.

Understandably, the cyber security industry has followed the progression of most enterprise technology sectors:

  • First, there’s innovation scattered across hundreds of isolated startups.
  • Then, there’s healthy competition for the customers’ mindshare and budgets.
  • Finally, the economies of scale kick in and drive vendors to collaborate through partnership and consolidation.

This year, for example, we have seen the formation of the Cyber Threat Alliance, founded by Fortinet, McAfee, Palo Alto Networks, and Symantec to work together in good faith to improve defenses against advanced cyber adversaries by sharing with each other their most recent threat information. Concurrently, Check Point announced a similar alliance with a number of vendors, including iSIGHT Partners, CrowdStrike, NetClean, PhishLabs, and others. In this case, threat intelligence from vendors is natively integrated into Check Point’s ThreatCloud security intelligence infrastructure in a way that customers can simply “turn on” intelligence feeds from non-Check Point vendors with the click of a mouse.

Earlier this year, Hewlett Packard introduced HP Threat Central, a collaborative security intelligence platform that lets security vendors exchange threat data, analysis, and mitigation strategies in order to battle threats as an industry. Arbor Networks was one of the first vendors to participate in HP Threat Central by delivering intelligence about DDoS, malware, and botnets that threaten Internet infrastructure and network availability. In fact, Arbor Networks formed its own global threat analysis network, dubbed ATLAS, and secured more than 300 ISPs, which have agreed to share anonymous traffic data.

Also during 2014, the market witnessed partnerships occurring between cyber security software companies that wanted to make it easy for their customers to concurrently use solutions from separate vendors. For example, now Sophos Mobile Control is fully integrated with Check Point Mobile VPN so that customers can have network access control for any mobile devices attempting to use the corporate network. And Tenable is now integrated with ThreatGRID for better malware detection. There are many other such alliances that have been formed across the industry.

The most aggressive form of integration among cyber security vendors has come in the form of mergers and acquisitions, which have been undertaken partly with the goal of offering customers more comprehensive security suites of integrated solutions that work seamlessly together. For example, FireEye, which detects and blocks attacks, acquired Mandiant, a company providing cyber incident response services, for $1 billion. It then bought nPulse, a provider of network forensics. Palo Alto Networks, a provider of next-generation firewalls, spent $200 million to acquire Cyvera, which developed cyber defense products preventing remote attacks on Microsoft-based servers and end-points. Then there was the acquisition of incident response provider NetCitadel by email security company Proofpoint, and the acquisition of incident response developer Carbon Black by endpoint security provider Bit9. Lastly, Cisco acquired a cyberthreat intelligence company, ThreatGRID.

In summary, while we agree that, so far, cyber security vendors have been almost entirely inwardly focused and concerned predominantly with pushing their own solutions, this year we have witnessed a turning point in which many vendors realized that addressing customers in unison with pre-integrated solutions can increase sales for everyone. Integrated solutions are easier for customers to buy and operate. They simplify and expedite buying decisions, and represent more formidable competition versus solutions that are more difficult to onboard harmoniously.

In the year ahead and going forward, we foresee increased collaboration among cyber security vendors as an accelerating trend that will help the industry combat the villains. In the long run, if cyber security companies fail to cooperate, they risk facing growth challenges and may damage the industry’s momentum -- a losing proposition for all.

Yoav Leitersdorf and Ofer Schreiber are Managing Partner and Partner, respectively, at YL Ventures, which invests early in cybersecurity, cloud computing, big data, and software-as-a-service software companies, and accelerates their evolution via strategic advice and Silicon ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Yoav Leitersdorf
50%
50%
Yoav Leitersdorf,
User Rank: Author
11/12/2014 | 10:02:15 PM
"Co-Opetition" Indeed
It is not easy to be a CISO (Chief Information Security Officer) at an enterprise these days.  Not least because enterprises are now experiencing a tsunami of cybersecurity attack vectors that is unprecedented in both the magnitude and variety of attacks.  New cybersecurity threat categories are constantly being created, resulting in the nonstop introduction of myriad point solutions – with hundreds of security vendors emerging every year.  Increased collaboration among these vendors is key to helping CISOs fight cybercrime thereby making cyberspace safer for all of us.  We are delighted to see "co-opetition" become one of the key cybersecurity industry trends of this year.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/12/2014 | 3:31:13 PM
Re: NSA, FBI, CIA...
I agree Marilyn. Everybody wins with collaboration. Obviously no one has unlimited resources to address big challenges.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/12/2014 | 3:24:00 PM
Re: NSA, FBI, CIA..
I would be surprised if NSA, FBI and CIA are not collaborating. They certainly share information.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/12/2014 | 3:22:05 PM
Collaboration
Collaboration amount vendors is a good news for us. Getting resources together and addressing the today's security issues is the way to go. No vendor standalone can really handle it properly.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/12/2014 | 2:34:08 PM
Re: NSA, FBI, CIA...
I think the fact that the cybersecurity vendors are collaborating is a big plus for enterprises  -- and hopefully -- will produce a more integrated and comprehensive defense against attackers. Go co-opetition!
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
11/12/2014 | 12:59:25 PM
NSA, FBI, CIA...
It kind of makes sense for these organisations to cooperate, considering they serve the same goals. Yes it's a little different than agencies working on a national level, but if it offers better security and doesn't compromise any ideals each of those individual companies have, then why not?
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.