Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Why is Proofpoint Being Taken Private for $12.3bn?
Email security heavyweight Proofpoint has announced its acquisition, for $12.3bn, by Thoma Bravo, the private equity firm that is among the most active in the cybersecurity market. This is the highest price yet paid for a security vendor: What is its significance, and what does it say about the current state and future of the email security market?
Zscaler First Big-Name Company to Buy Into CPM with Trustdome Acquisition
Zscaler has become the first major player in cybersecurity to buy a specialist vendor in the emerging market segment of cloud permissions management (CPM) with its acquisition of Israeli startup Trustdome. This technology works by first discovering all of a customer's cloud assets and cataloging all the extant permissions to access those assets. From there, it provides a list of those permissions and highlights the ones that it deems excessive or unnecessary. CPM can be classed as an expression of the Zero Trust approach to security alongside technologies such as microsegmentation; privileged access management (PAM); and zero-trust access (ZTA).
On the Radar: Solvo Offers CPM as a Service
Solvo is a startup and new entrant in the cloud permissions management (CPM) market segment. CPM is at a very early stage in its development, and it is Omdia’s opinion that over time it will attract larger tech vendors, some of which may favor the M&A route over developing the technology themselves. Solvo's market opportunity, therefore, is to sign up a roster of marquee clients to raise its profile before the sector is consolidated by larger players.
Lookout Enters SASE Fray With CipherCloud Buy
Endpoint security vendor Lookout is the latest entrant in the busy so-called secure access service edge (SASE) market thanks to its acquisition of CipherCloud. There will be cross-sell opportunities in Lookout's and CipherCloud's enterprise customer bases. In addition, Lookout has relationships with many telecoms operators, a sector that is waking up to the need to respond to the SASE challenge
Okta’s PAM and IGA Launch Underpins "Primary Cloud" Ambitions
Okta, a leading player in identity-as-a-service (IDaaS), has announced its entry into two other segments of the identity market: privileged access management (PAM) and identity governance and administration (IGA). Though it pits the IDaaS heavyweight against entrenched incumbents in both segments, the move is consistent with its plan to become its customers' cloud provider of choice for the entire gamut of their identity-related requirements.
Data Theorem Speeds Commoditization of Cloud Security Posture Management
Data Theorem, a developer of application security technology, has launched Cloud Secure, a two-part offering for apps in the cloud consisting of a cloud security posture management (CSPM) platform and a series of so-called cloud hacker toolkits. As its name suggests, CSPM technology focuses on the automated identification and remediation of risks across a company’s cloud assets.
NHS Scotland Delivers COVID-19 Vaccination Program with ServiceNow's Now
NHS National Services Scotland (NSS) began using the Now Platform from ServiceNow back in 2018, starting with IT service management (ITSM). NHS NSS extended the use of the Now Platform into other parts of the organization. Built on ServiceNow’s Now Platform, in six weeks, NHS Scotland’s vaccine management system enables the scheduling and recording of vaccinations for citizens and allows the general population to book their appointments through the Citizen Portal. The success of the project has encouraged NHS NSS business users to consider what the integration capabilities of the Now Platform could be extended to, such as taking on more of NHS Scotland's vaccination programs going forward.
Fundamentals of XDR Versus SIEM and SOAR: Understanding SecOps Architecture Evolution
The rapid emergence of Extended Detection and Response (XDR) as a discrete cybersecurity market segment has caused some upheaval in the enterprise cybersecurity operations (SecOps) domain. XDR has emerged because existing solutions could not consistently meet key enterprise threat detection and response requirements. If it can fulfill its sizable potential, XDR is the solution that the cybersecurity industry has long been waiting for.
On the Radar: Index Engines Offers Content Analytics for Threat Mitigation
Index Engines is a developer of data management and data governance technology, focused specifically on unstructured data. In recent years it has enjoyed success with CyberSense, a data analytics tool carved out of one of its products and sold alongside Dell EMC’s Cyber Recovery Vault product, to ensure the integrity of backup data. The continued evolution of the ransomware threat will keep vendors like Index Engines in high demand.
Verizon Responds to SASE Challenge With a Two-pronged Strategy
Verizon is adopting a two-pronged approach to the challenge the growing secure access service edge (SASE) vendor community has been mounting to the telco business model for the last couple of years. On the one hand, it is about to change the way it takes security services to market, unveiling a combination of bundling of basic functionality with a freemium model whereby customers will be invited to pay for the more advanced version. Meanwhile, further down the road it plans to launch its own Verizon SASE service.
Okta Bets $6.5bn on Auth0 to Bolster its B2C Identity Offering
At the beginning of March, Okta, the market leader in the identity-as-a-service (IDaaS) space, announced it was spending $6.5bn, entirely in stock, to purchase Auth0, which offers an authentication and authorization (Authn and Authz) platform as a service. The Auth0 platform is sure to enhance Okta’s offerings in those spaces, where it is already a heavy hitter. However, it is really in the consumer segment that Omdia sees the greatest benefits of the acquisition.
On the Radar: Deduce Combats Account Takeover with Crowdsourced Login Intel
Deduce develops technology, delivered in SaaS mode, to help companies counter the threat of account takeover (ATO) in online and mobile interaction scenarios (e-commerce, m-commerce, online banking, gaming/gambling, etc.). The technical underpinning of the vendor's product offering is the Deduce Identity Network. This is the vendor's data coalition, formed by some 150,000 websites that it has instrumented with its JavaScript code to collect intelligence on the login requests they receive.
Content Security Gateway Appliances, Software & SaaS Market Tracker – 4Q20 Analysis
This report looks at three key markets in the content security gateway space: email/web/malware/cloud access security broker (CASB) security, content security SaaS, and network advanced threat prevention (ATP). The fundamental demand for all types of content security solutions has never been higher, and there has never been so much critical business traffic running over the internet. Buyers are in the middle of a series of technology transformations and pandemic implications that affect major purchases.
Evolution of Continuous Authentication
The zero-trust approach to security has enjoyed increasing adoption in recent years as has its mantra "Never trust, always verify," and one manifestation of that ethos in the IAA world is continuous authentication.
Network Security Appliances and Software Market Tracker – 4Q20 Analysis
The network security market finished 4Q20 with revenue up by 8.6% quarter-over-quarter (QoQ) and up by 5.4% year-over-year (YoY). Many pre-COVID-19 trends still hold true—vendors with a strong platform/fabric story and execution who have embraced helping customers secure their journeys to the cloud are experiencing the most long-term success and an incredibly heightened global awareness of cybersecurity issues continues to keep cybersecurity technology spending a high priority for all types of buyers.
Content Security Gateway Appliances, Software & SaaS Market Tracker – 4Q20 Database
Tracks market size and share for e-mail security, web security, CASB, and ATP. It covers appliances, software, and SaSS. Vendor coverage includes Cisco, FireEye, Microsoft, McAfee, Proofpoint, Symantec, Trend Micro, zScaler, and more.
Ransomware protection means more than a simple backup
New and evolving ransomware attack tactics mean that a backup/restore strategy is no longer enough to keep data safe. Successful ransomware defense now requires intelligence and agility—in the backup process, in intrusion and malware detection, and in rapidly learning (and applying) lessons from successful intrusions.
Fundamentals of Privileged Access Management (PAM)
Privileged access management (PAM) is a specialized branch of identity, authentication, and access technology that manages the access rights of users who have elevated permissions to critical corporate resources. This report describes the evolution of PAM and outlines the main components that any PAM platform must have to compete in this market, ahead of an Omdia Universe vendor comparison report to be published in the third quarter of 2021.
Network Security Appliances & Software Market Tracker – 4Q20 Database
Tracks market size and share for next-gen firewall, SSL VPN, and IPS appliances, software, and virtual appliances. Vendor coverage includes Check Point, Cisco, Fortinet, Huawei, Juniper, Palo Alto Networks, SonicWALL, and more.
McAfee's Breakup Closes the Book on Playing it Safe in Enterprise Cybersecurity
For decades, two names -- Symantec and McAfee -- dominated the enterprise cybersecurity landscape. Now both former industry titans have essentially been dismantled, and the sum of their parts is worth more than the companies themselves. It's a cautionary tale for today's cybersecurity market leaders
On the Radar: CyGlass offers network detection and response (NDR) as a service
CyGlass is a wholly owned subsidiary of UK domain registry Nominet. It offers a network detection and response (NDR) platform delivered as a cloud-based service and targets the midmarket (i.e., companies of up to 5,000 employees). CyGlass’s opportunity is to attract customers that lack extensive in-house security skills with a service that can deliver security without too much heavy lifting on their part.
TPG plans a PAM powerhouse to challenge CyberArk, buying Thycotic and merging it with Centrify
Private equity firm TPG Capital has acquired privileged access management (PAM) vendor Thycotic for $1.4bn. It plans to merge it with Centrify, the other PAM vendor it acquired in January this year. Centrify will thereby hope to present a serious challenge to PAM market leader CyberArk.
Omdia Universe: Selecting an Identity-as-a-Service Solution 2020–21
Increasingly, enterprises are employing cloud-based or at least hybrid environments that integrate optimally with cloud-based systems. Enterprises should consider whether cloud-based identity could be deployed more quickly and help reduce costs around scalability. Cloud-based software-as-a-service (SaaS) applications have transformed the business world. The identity-as-a-service (IDaaS) segment is the natural evolution of on-premises identity and access management (IAM).
DDoS is back – bigger, badder, and more variegated
Distributed denial-of-service (DDoS) attacks enjoyed what one mitigation provider has described as a "renaissance" in 2020, with more volume, variety, and velocity than ever before. With 2021 shaping up to be another atypical year for business despite the rollout of vaccines around the world, the prospect is that we will see yet another busy time for DDoS.
Data security accountability in an age of regular breaches
Unfortunately, our modern digital era is one frequently characterized by large scale data breaches recurring with considerable regularity. As the number of additional vendors impacted by such breaches show little sign of slowing, one constant question remains: where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?
On the Radar: Twingate Offers an Easy-to-Use Zero-Trust Access Service
Twingate is a developer of zero-trust access (ZTA) technology, which delivers remote access in a more secure fashion than virtual private networks (VPNs). It delivers its technology as a service. As a fully managed SaaS product with multiple product tiers and price points to suit customers’ needs, Twingate will be a strong option for companies looking to simplify their remote access experience.
Fortinet's FortiXDR Challenges Rivals with Automated Investigation and Response
Fortinet, per its style, is not among the first vendors to enter the enterprise Extended Detection and Response (XDR) product segment, but the debut iteration of FortiXDR is based on proven technology that pushes the envelope on threat detection and response automation. FortiXDR immediately pressures top-tier XDR competitors, whose solutions can be complicated to deploy and offer less automation.
On the Radar: IBM Security SOAR Breach Response Enables Data Breach Response
Data privacy is a bigger issue than ever, with hundreds of varying regulations around the globe dictating the use of personally identifiable information (PII). The IBM Security security orchestration, automation, and response (SOAR) Breach Response offering helps facilitate a coordinated response across the organization by leveraging case management, automation of manual tasks, and incident response playbooks, which can incorporate a raft of regulations from different countries and regions as part of the response.
Google’s BeyondCorp Enterprise is a ZTA Service Using the Chrome Browser
Google has announced an Enterprise version of its BeyondCorp implementation of zero-trust access (ZTA) technology for secure remote access. The novelty is that it has obviated the need for software agents on end-user devices by using the Chrome browser as its source of endpoint data. With BeyondCorp Enterprise, Google is expanding its offering to any company accessing applications in any location (on the company’s premises or in any cloud) and thus becomes a fully fledged competitor in the ZTA market.
On the Radar: Keyavi Data Corp. Makes Data Intelligent, Helping it Secure Itself
Keyavi Data seeks to grant data intelligent, self-protecting, and self-awareness capabilities that ultimately help make the native security of the data itself more robust. As a result of the growing challenges that remain in place for information protection, Omdia projects that investment in data security solutions will see significant growth in the near term. The consistent demand for fluid data protection presents a welcoming market to vendors such as Keyavi.
On the Radar: SecureAge Delivers File-level Encryption on the Endpoint
SecureAge Technology is a Singapore-based cybersecurity company with a product portfolio that spans data, endpoint, and network security. Omdia sees an opportunity for smaller vendors like SecureAge, who are not yet household names, to prosper with products that are differentiated by the strength of their security offering, its ease of use, and its manageability.
On the Radar: Sonrai Security Delivers Cloud Permissions Management
Sonrai Security offers a cloud permissions management (CPM) platform that surveys the access entitlements across a company’s cloud data stores, recommends where they should be curtailed, and takes remedial action either through escalations or in an automated fashion if the customer so desires. Omdia was impressed with Sonrai Dig’s simplicity of deployment and with Sonrai’s straightforward charging mechanism.
Enterprise Case Study: Innovation and Rapid Response to COVID-19 using ServiceNow Now Platform
CDL was one of the few companies that had pandemic planning in its business continuity plans. The company had already put capabilities in place to enable remote working well in advance of COVID-19, and these plans, alongside ServiceNow’s Now Platform, has enabled CDL to continue delivering strong customer service as well as continuing to build on the Now Platform for its future development throughout 2020.
Cloud and Security are Hot in 2021, but Cloud Security is Incandescent
Lacework raises an impressive $525 million in a funding round, while Red Hat spends an undisclosed amount on container security vendor StackRox, with a particular focus on Kubernetes (K8s) security, and F5 splashes out $500 million for edge app platform start-up Volterra. All these developments in the first week of 2021 put cloud and security front and center for the coming year, but also show that the place where these two trends intersect (i.e., cloud security), is at the epicenter of investment priorities for this year.
On the Radar: Ermetic Uses Identity to Limit Permissions in the Cloud
Ermetic provides security for data stores, databases, and some compute instances in the infrastructure- and platform-as-a-service (IaaS and PaaS) delivery modes of cloud computing. It does this with a software-as-a-service (SaaS) platform that refers to a company’s identity and cloud infrastructures to manage the access rights granted both to human users and systems (applications, services, etc.). Omdia calls this emerging class of technology cloud permissions management (CPM).
2021 Trends to Watch: Data Security
This report will be of use to enterprise security teams researching current trends in encryption and privacy, plus business units moving data into the cloud. Vendors will benefit from Omdia’s take on what is driving customer uptake.
IoT Cybersecurity Market Tracker – 2H20 Analysis
This document provides an explanation of forecast changes, drivers, and inhibitors; presents visual representations of top-line trends for IoT cybersecurity; and informs customers of projected changes.
Fundamentals of Next-Generation Application Security
With the multiple disparate application security capabilities now being delivered as services from the cloud and packaged together by single vendors as part of broad portfolios, Omdia sees the emergence of a sector it calls next-generation application security (NGAS). In this fundamentals report, we consider the core capabilities being brought together for runtime security, then list the criteria we will use to gage and rank the vendors profiled in that report as leaders, challengers, or market prospects.
Omdia Market Radar for Next-Generation Application Security: Runtime
Defending web applications has never been more important. As ever more private applications (i.e., ones that face not the general public but rather an organization’s employees and business partners) are relocated to the cloud and are accessed over the internet instead of a private WAN link, next-generation application security (NGAS) portfolios gain even greater importance.
2021 Trends to Watch: Enterprise Cybersecurity Operations (SecOps)
As enterprise SecOps technology migrates to the cloud in 2021, SOC teams will increasingly debate the role of XDR versus SIEM and SOAR, and work to integrate a culture of proactive threat hunting.
2021 Trends to Watch: Identity, Authentication, Access
The current annual Trend to Watch report highlights four key areas within identity, authentication, and access (IAA) in which Omdia forecasts significant movement for 2021. These are IDaaS, continuous authentication, ZTA, and PAM.
Network Security Appliances and Software - Quarterly Market Tracker: Q3 2020
Before COVID-19, vendors were generally reporting strength across their portfolios, good traction for firewalls as the key platform for network security, and strong traction for the integration of next-generation ATP protection and virtualization and cloud applications. Many pre-COVID-19 trends still hold true. Overall, the cybersecurity technology market has been very resilient in the first year of the pandemic, with multiple vendors revising their CY20 projections up in the 2Q20 and 3Q20 earnings announcements.
Content Security Gateway Appliances, Software, and SaaS: Q3 2020 Analysis
Although the market for traditional messaging and web/malware security gateways has been trending flat to down, SaaS, network ATP, and CASB have been growing aggressively, signaling a shift to new deployment models and solutions that deal directly with unknown threats. For this market, the impact of COVID-19 is an immediate acceleration of those trends already in place.
Alkira’s "Network Cloud" Offers a New Twist on SASE
Alkira, a networking startup that has just announced a $54m B round of VC funding, offers a service it calls a "network cloud," which represents an interesting new take on the current industry buzzword of secure access service edge (SASE). Rather than deploying a network of PoPs across all the leading CSPs, Alkira’s approach is to deploy dedicated PoPs for each customer when they sign up to the service, as well as additional ones as the need arises.
ServiceNow Pushes for Center Stage Helping Organizations Deal with Changed Priorities from COVID-19
The appeal of ServiceNow’s Now Platform is growing across the C-suite as businesses look to better integrate the processes and workflows that guide how employees work across an entire organization. ServiceNow is not the only vendor working on providing such solutions, but the fact that ServiceNow’s capabilities are based on a single Now Platform, and have a breadth of capabilities for IT and beyond, is a significant advantage.
The Value of Outbound Email Security Goes Beyond Highly Regulated Industries
Email will continue to be used to share, sometimes quite casually, sensitive information, both within and beyond the organization, introducing risks that can and should be addressed. In its latest Market Radar, Omdia has assessed four vendors delivering outbound email security – Egress, Tessian, Virtru, and Zivver – against a set of criteria for what can be expected from such a service.
Exabeam Spotlight 2020 Recap: Standout Analytics Drives SecOps Vendor's Evolution
With established behavioral analytics leadership and accelerating momentum in SIEM and SOAR, cybersecurity vendor Exabeam is one of the best-kept secrets in SecOps. Its next challenge will be transitioning to a cloud-native platform.
Palo Alto Networks adds Attack Surface Management with $800 Million Expanse Buy
For Palo Alto Networks, the $800m acquisition of Expanse, a provider of services it describes as attack surface management, adds a proactive dimension beyond traditional threat detection and response capabilities.
Identity, Authentication, and Access Market Database: 1H20 Update
The IAA Database is part of Omdia's new Identity, Authentication, and Access Intelligence Service. This database offers revenue figures for 2018 and 2019. It is segmented by the authentication and on-premises IAM/IDaaS categories, as well as by five global regions.
On the Radar: NetFoundry Offers Network-as-a-Service with Zero-Trust Access to Apps
NetFoundry is a network-as-a-service (NaaS) provider. Its eponymous platform is cloud-native and API-driven, combining security based on the zero-trust principle with enhanced internet as a replacement for MPLS connectivity.
|
How Enterprises are Attacking the Cybersecurity ProblemConcerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
0 Comments
