Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

2/28/2019
10:25 AM
Joe Stanganelli
Joe Stanganelli
Joe Stanganelli
50%
50%

Endpoint-Security Companies in High Demand for Buyouts, Partnerships

Since last year, endpoint-protection firms have been among the biggest movers and shakers in the cybersecurity realm – with the endpoint-security market seeing more than a typical share of acquisitions and strategic partnerships. Joe Stanganelli takes a look at why this might be happening.

Endpoint security has become a hot topic of late -- so hot that endpoint-security companies are being courted, partnered with, and purchased left and right. But why?

Take a look at just a sampling of what's happened over the past few months:

In early November, Symantec announced planned acquisitions of Javelin Networks and Appthority, respectively -- both specifically for the purpose of "strengthen[ing]" its endpoint-security stack.

Later that same month, BlackBerry announced that it would be buying out Cylance -- a cybersecurity firm that specializes in machine learning for endpoint protection -- in the hopes of making BlackBerry's own IoT-security platform BlackBerry Spark "indispensable". BlackBerry announced on February 22 that the deal had closed. (See BlackBerry Acquiring Security & AI Firm Cylance for $1.4B.)

In December, it was announced that HCL would be acquiring IBM's BigFix endpoint-security software (among other IBM software solutions) in a deal expected to close in the middle of this year.

Then, on January 31, Dell introduced an endpoint-security product line in partnership with endpoint-security company CrowdStrike and Dell subsidiary SecureWorks.

Five days later, security-analytics firm Interset also announced a partnership with CrowdStrike -- to enhance both companies' respective offerings.

And two days after that, Carbonite announced it was buying Webroot Software Inc. -- with the expressly stated purpose of developing enhanced endpoint-security solutions. That deal is expected to close in March.

"The combined business will address a top vulnerability of businesses -- the endpoint," declares an investor-targeted website dedicated to the planned acquisition. "The combination is expected to create a next-generation business platform powered by machine learning to serve growing customer needs."

Coincidence?
Perhaps, as Frank Dickson, IDC's research vice president for cybersecurity products, recently suggested it is all pseudo-coincidence, with the only meaningful trend being that of so-called acqui-hiring -- to mitigate what many call a cybersecurity-talent shortage. Indeed, private-equity firm Thoma Bravohas had a flurry of cybersecurity-company acquisition announcements in the past several months -- even among those companies without a strict focus on endpoint protection. (See Cybersecurity AI: Addressing the 'Artificial' Talent Shortage and Over 300K Cybersecurity Jobs Remain Open in the US, Study Finds.)

In an interview with Security Now, though, Dickson identified another factor driving generic cybersecurity-firm buyouts and partnerships: rising enterprise demand for vendor consolidation. (See Unknown Document 731928.)

"IDC cannot help but see an era of increased competition as companies look to consolidate from a potpourri of endpoint security products that they have cobbled together over time to a single solution provider," said Dickson. "Not only is it easier to manage a single vendor but the drive to reduce the number of agents is very, very real."

Gartner vice president Peter Firstbrook similarly related to Security Now his doubt that the above examples necessarily show a trend -- but postulated that if there's not already a trend of larger fish eating smaller endpoint-focused fish, there soon will be.

"We expect more acquisitions and consolidation in the endpoint market," said Firstbrook. "There are too many vendors to survive long term."

It's the data, stupid
Still, it is undeniable that endpoint market drives interest in itself because of how highly prized a target an endpoint is.

"Why the endpoint market? [Because] that is what the attackers are attacking," continued Firstbrook. "They are not compromising networks, except to get to an endpoint."

"The most common method of attack is via the human element, which means that you have to be where the greatest human threat is: the endpoint," Monica White, senior director of marketing and partner enablement at Interset, told Security Now. "And the endpoint has the right data: stored local documents, mapped network drives, applications with access to sensitive information, and more."

Moreover, as Firstbrook would point out, unlike other attack targets, endpoints offer more than one way to skin a cat monetization-wise, beyond mere data compromise -- such as by way of cryptojacking and botnets. Further, he and White agree that yet one more reason endpoints are such attractive targets is because they can be easier to attack -- particularly in the case of legacy endpoint devices. (See Endpoint Security: 3 Big Obstacles to Overcome.)

"Endpoints are difficult to secure because of the scale and complexity," said Firstbrook. "So they are low-hanging fruit for attackers."

"Endpoints offer a greater attack surface, too," offered White. "There are more endpoints available to attackers than servers."

Still, data seems to be the reigning reason why endpoints are so widely targeted and so in need of protection -- whether from data breach or data loss (or, at least, threatened data loss, as in the case of ransomware). White adds, however, that this helps to explains why endpoint-protection firms are similarly valuable to other companies -- likewise because of endpoint data.

"Endpoint-security vendors are a target for acquisitions and partnerships because of the nature of their wheelhouse," said White. "Rich endpoint data can give you a world of insight into your company's security posture."

"[Endpoint-protection] companies are such a hot commodity for direct acquisition or partnerships," added a separate spokesperson for Interset. "This is a huge part of why we partner with folks like CrowdStrike. Rich endpoint data is incredibly valuable."

Related posts:

—Joe Stanganelli is managing director at research and consulting firm Blackwood King LC. In addition to being an attorney and consultant, he has spent several years analyzing and writing about business and technology trends. Follow him on Twitter at @JoeStanganelli.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/1/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Threat from the Internet--and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15478
PUBLISHED: 2020-07-01
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVE-2020-6261
PUBLISHED: 2020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVE-2020-15471
PUBLISHED: 2020-07-01
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVE-2020-15472
PUBLISHED: 2020-07-01
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVE-2020-15473
PUBLISHED: 2020-07-01
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.