Chief Information Security Officers have been grumbling for some time about the perplexing abundance of cyber security point solutions and the lack of integration among them. Enterprise security departments often need to buy a separate solution per threat or vulnerability. In many cases, these newly introduced solutions don’t communicate with one another, and, worse, they tend to require security teams to log on to multiple, vendor-specific management consoles maintaining dozens of point solutions, each targeted at a niche gap within a comprehensive defense strategy.
We agree with the CISOs on both counts: the need to consolidate resources and the claim that, historically, vendors have done little to "play together." However, we also believe that in 2014 there has been increased cooperation and partnership among cyber security vendors to the point that the CISOs’ concerns are finally being addressed, albeit gradually.
Understandably, the cyber security industry has followed the progression of most enterprise technology sectors:
- First, there’s innovation scattered across hundreds of isolated startups.
- Then, there’s healthy competition for the customers’ mindshare and budgets.
- Finally, the economies of scale kick in and drive vendors to collaborate through partnership and consolidation.
This year, for example, we have seen the formation of the Cyber Threat Alliance, founded by Fortinet, McAfee, Palo Alto Networks, and Symantec to work together in good faith to improve defenses against advanced cyber adversaries by sharing with each other their most recent threat information. Concurrently, Check Point announced a similar alliance with a number of vendors, including iSIGHT Partners, CrowdStrike, NetClean, PhishLabs, and others. In this case, threat intelligence from vendors is natively integrated into Check Point’s ThreatCloud security intelligence infrastructure in a way that customers can simply “turn on” intelligence feeds from non-Check Point vendors with the click of a mouse.
Earlier this year, Hewlett Packard introduced HP Threat Central, a collaborative security intelligence platform that lets security vendors exchange threat data, analysis, and mitigation strategies in order to battle threats as an industry. Arbor Networks was one of the first vendors to participate in HP Threat Central by delivering intelligence about DDoS, malware, and botnets that threaten Internet infrastructure and network availability. In fact, Arbor Networks formed its own global threat analysis network, dubbed ATLAS, and secured more than 300 ISPs, which have agreed to share anonymous traffic data.
Also during 2014, the market witnessed partnerships occurring between cyber security software companies that wanted to make it easy for their customers to concurrently use solutions from separate vendors. For example, now Sophos Mobile Control is fully integrated with Check Point Mobile VPN so that customers can have network access control for any mobile devices attempting to use the corporate network. And Tenable is now integrated with ThreatGRID for better malware detection. There are many other such alliances that have been formed across the industry.
The most aggressive form of integration among cyber security vendors has come in the form of mergers and acquisitions, which have been undertaken partly with the goal of offering customers more comprehensive security suites of integrated solutions that work seamlessly together. For example, FireEye, which detects and blocks attacks, acquired Mandiant, a company providing cyber incident response services, for $1 billion. It then bought nPulse, a provider of network forensics. Palo Alto Networks, a provider of next-generation firewalls, spent $200 million to acquire Cyvera, which developed cyber defense products preventing remote attacks on Microsoft-based servers and end-points. Then there was the acquisition of incident response provider NetCitadel by email security company Proofpoint, and the acquisition of incident response developer Carbon Black by endpoint security provider Bit9. Lastly, Cisco acquired a cyberthreat intelligence company, ThreatGRID.
In summary, while we agree that, so far, cyber security vendors have been almost entirely inwardly focused and concerned predominantly with pushing their own solutions, this year we have witnessed a turning point in which many vendors realized that addressing customers in unison with pre-integrated solutions can increase sales for everyone. Integrated solutions are easier for customers to buy and operate. They simplify and expedite buying decisions, and represent more formidable competition versus solutions that are more difficult to onboard harmoniously.
In the year ahead and going forward, we foresee increased collaboration among cyber security vendors as an accelerating trend that will help the industry combat the villains. In the long run, if cyber security companies fail to cooperate, they risk facing growth challenges and may damage the industry’s momentum -- a losing proposition for all.