Network and software security firm Fortinet (NASDAQ: FTNT) has acquired privately held endpoint detection and response firm enSilo in an effort to push its security solutions to the edge of corporate IT environments, Fortinet announced on October 28.
The deal, whose terms were not disclosed, will allow Fortinet to offer agent-based software and services aimed at automating real-time threat detection, speeding response, and secure Internet of Things (IoT) devices, according to the company's statement. The acquisition also continues the consolidation in the cybersecurity industry driven by companies' need to simplify.
Businesses are seeing more complex threat landscapes and need simpler ways of securing their networks and endpoints, Ken Zie, CEO and founder of Fortinet, said in a statement. "As businesses become more networked and operations extend from the cloud to the edge and Internet of Things, the digital attack surface has expanded exponentially and has become more complex to secure," he said. "Manual threat hunting or point security solutions are ineffective when managing or securing these new environments."
The purchase of enSilo comes as the endpoint security industry has already begun to consolidate. In 2019, Gartner listed 20 companies in its 2019 Magic Quadrant for Endpoint Protection Products, and some of those companies already have been acquired. HP hooked Bromium in September, VMware collected Carbon Black in August, BlackBerry bought Cylance in November 2018, and Thoma Bravo tossed Sophos a $3.9 billion bone this month.
Behind the acquisitions are companies' desires to reduce the number of cybersecurity vendors on which they have to rely. In 2019, the share of companies that had reduced the number of vendors to 10 or fewer increased to 63%, from 54% in 2018, according to Cisco's "CISO Benchmark Study". One key factor is the desire to reduce the number of alerts produced by different products, the report stated.
"It's no surprise that alert management continues to pose challenges," Steve Martino, senior vice president, and chief information security officer of Cisco, said in a February 2019 blog post on the report. "That’s often because organizations are using multiple disparate security products that don't share alert data or help prioritize alerts via limited dashboards."
The survey of CISOs is not the only report to find that organizations are having more trouble responding to proliferating threats and complex IT security environments. Business analyst firm Enterprise Strategy Group estimates that three-quarters of firms find threat detection and response more difficult today than two years ago, primarily because of too many security tools that do not work together.
Fortinet pointed to such issues as a primary reason for its acquisition of enSilo. The problem, the firm maintained, is that as companies faced more threats, they bought more tools to the detriment of their security posture.
"The response by too many organizations ... has been to deploy multiple, siloed security products, the bulk of which is focused on prevention," the company said in a blog post announcing the enSilo acquisition. "But the truth is, 100% prevention is not possible. The result is a fragmented, complicated security architecture that can actually make detection and response more difficult."
The acquisition will allow Fortinet to target IoT environments, a growing market, the company said in the post. With operational technology increasingly being incorporated into enterprise networks, these devices need to be secured against online threats.
"The hallmark of the modern network is the rapid expansion of the network edge," the company said. "New IoT and endpoint devices, bolstered by high performance, robust functionality, and new business applications, have expanded the potential attack surface. This in turn has raised the bar for having a fully integrated security solution that no longer operates in isolation and can extend visibility out to these emerging edges."
- In a Crowded Endpoint Security Market, Consolidation Is Underway
- Where Businesses Waste Endpoint Security Budgets
- Endpoint Security Overload
- The Rebirth of Endpoint Security