Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

2/28/2019
10:25 AM
Joe Stanganelli
Joe Stanganelli
Joe Stanganelli
50%
50%

Endpoint-Security Companies in High Demand for Buyouts, Partnerships

Since last year, endpoint-protection firms have been among the biggest movers and shakers in the cybersecurity realm – with the endpoint-security market seeing more than a typical share of acquisitions and strategic partnerships. Joe Stanganelli takes a look at why this might be happening.

Endpoint security has become a hot topic of late -- so hot that endpoint-security companies are being courted, partnered with, and purchased left and right. But why?

Take a look at just a sampling of what's happened over the past few months:

In early November, Symantec announced planned acquisitions of Javelin Networks and Appthority, respectively -- both specifically for the purpose of "strengthen[ing]" its endpoint-security stack.

Later that same month, BlackBerry announced that it would be buying out Cylance -- a cybersecurity firm that specializes in machine learning for endpoint protection -- in the hopes of making BlackBerry's own IoT-security platform BlackBerry Spark "indispensable". BlackBerry announced on February 22 that the deal had closed. (See BlackBerry Acquiring Security & AI Firm Cylance for $1.4B.)

In December, it was announced that HCL would be acquiring IBM's BigFix endpoint-security software (among other IBM software solutions) in a deal expected to close in the middle of this year.

Then, on January 31, Dell introduced an endpoint-security product line in partnership with endpoint-security company CrowdStrike and Dell subsidiary SecureWorks.

Five days later, security-analytics firm Interset also announced a partnership with CrowdStrike -- to enhance both companies' respective offerings.

And two days after that, Carbonite announced it was buying Webroot Software Inc. -- with the expressly stated purpose of developing enhanced endpoint-security solutions. That deal is expected to close in March.

"The combined business will address a top vulnerability of businesses -- the endpoint," declares an investor-targeted website dedicated to the planned acquisition. "The combination is expected to create a next-generation business platform powered by machine learning to serve growing customer needs."

Coincidence?
Perhaps, as Frank Dickson, IDC's research vice president for cybersecurity products, recently suggested it is all pseudo-coincidence, with the only meaningful trend being that of so-called acqui-hiring -- to mitigate what many call a cybersecurity-talent shortage. Indeed, private-equity firm Thoma Bravohas had a flurry of cybersecurity-company acquisition announcements in the past several months -- even among those companies without a strict focus on endpoint protection. (See Cybersecurity AI: Addressing the 'Artificial' Talent Shortage and Over 300K Cybersecurity Jobs Remain Open in the US, Study Finds.)

In an interview with Security Now, though, Dickson identified another factor driving generic cybersecurity-firm buyouts and partnerships: rising enterprise demand for vendor consolidation. (See Unknown Document 731928.)

"IDC cannot help but see an era of increased competition as companies look to consolidate from a potpourri of endpoint security products that they have cobbled together over time to a single solution provider," said Dickson. "Not only is it easier to manage a single vendor but the drive to reduce the number of agents is very, very real."

Gartner vice president Peter Firstbrook similarly related to Security Now his doubt that the above examples necessarily show a trend -- but postulated that if there's not already a trend of larger fish eating smaller endpoint-focused fish, there soon will be.

"We expect more acquisitions and consolidation in the endpoint market," said Firstbrook. "There are too many vendors to survive long term."

It's the data, stupid
Still, it is undeniable that endpoint market drives interest in itself because of how highly prized a target an endpoint is.

"Why the endpoint market? [Because] that is what the attackers are attacking," continued Firstbrook. "They are not compromising networks, except to get to an endpoint."

"The most common method of attack is via the human element, which means that you have to be where the greatest human threat is: the endpoint," Monica White, senior director of marketing and partner enablement at Interset, told Security Now. "And the endpoint has the right data: stored local documents, mapped network drives, applications with access to sensitive information, and more."

Moreover, as Firstbrook would point out, unlike other attack targets, endpoints offer more than one way to skin a cat monetization-wise, beyond mere data compromise -- such as by way of cryptojacking and botnets. Further, he and White agree that yet one more reason endpoints are such attractive targets is because they can be easier to attack -- particularly in the case of legacy endpoint devices. (See Endpoint Security: 3 Big Obstacles to Overcome.)

"Endpoints are difficult to secure because of the scale and complexity," said Firstbrook. "So they are low-hanging fruit for attackers."

"Endpoints offer a greater attack surface, too," offered White. "There are more endpoints available to attackers than servers."

Still, data seems to be the reigning reason why endpoints are so widely targeted and so in need of protection -- whether from data breach or data loss (or, at least, threatened data loss, as in the case of ransomware). White adds, however, that this helps to explains why endpoint-protection firms are similarly valuable to other companies -- likewise because of endpoint data.

"Endpoint-security vendors are a target for acquisitions and partnerships because of the nature of their wheelhouse," said White. "Rich endpoint data can give you a world of insight into your company's security posture."

"[Endpoint-protection] companies are such a hot commodity for direct acquisition or partnerships," added a separate spokesperson for Interset. "This is a huge part of why we partner with folks like CrowdStrike. Rich endpoint data is incredibly valuable."

Related posts:

—Joe Stanganelli is managing director at research and consulting firm Blackwood King LC. In addition to being an attorney and consultant, he has spent several years analyzing and writing about business and technology trends. Follow him on Twitter at @JoeStanganelli.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.