Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:15 PM
Connect Directly

In a Crowded Endpoint Security Market, Consolidation Is Underway

Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.

"Ultimately, the reason why the consolidation is occurring is people have to remain competitive in a very, very crowded market right now," Thomas says. Larger security companies are stuck on creating new offerings, and they look to the startup community to help them fill the gaps. He points to a "lack of innovation" in larger endpoint players, including McAfee and Symantec, and he believes their goal will likely be to grow through acquisition of smaller companies.

The stream of M&A is constant and telling: VMware agreed to buy Carbon Black, HP recently agreed to acquire Bromium, BlackBerry picked up Cylance, and Thoma Bravo snapped up Sophos. "There are probably too many vendors coming at this market in different ways, so a degree of simplification is in order," says Rik Turner, principal analyst at Ovum, of the ongoing activity.

Some of these deals could hold clues for where the future of the market is headed. VMware, for example, could boost the appeal of its infrastructure platform if it promises to integrate security; both Firstbrook and Thomas agree the deal could accelerate growth for the company. Elastic's acquisition of Endgame is another deal bringing security into a non-security business.

But it poses an important question, Firstbrook notes: What if others – Kubernetes, Red Hat, Google – did the same thing? Companies buying operating system technology will find security already built in, and they could choose to enable that directly rather than buy a separate product. He thinks we can expect these types of acquisitions to continue into the future.

This is also why Microsoft is a company to watch, he adds. "They're the biggest threat to all of these vendors because they're built right into the OS and they're proving a good product now," Firstbrook says.

Still, the security landscape is littered with acquisitions of security companies that didn't work, Pescatore says. There is a belief that baking in security can overcome obstacles, but "the big issue is one thing we've proven: it's really, really hard for the infrastructure to protect itself," he says. Microsoft integrated security into Windows, for example, but Windows still has vulnerabilities.

Looking Ahead
Not every endpoint security startup will be acquired by a security company. Some will move into an adjacent business, like the Internet of Things (IoT) and operation tech (OT) security; others will be bought by OS or hardware vendors. Firstbrook anticipates we'll see some rolled into other technology vendors.

Thomas says he thinks the industry will also see the private equity community get more involved. Thoma Bravo, for example, has developed expertise in buying security firms: Barracuda, Veracode, Imperva, McAfee, and LogRhythm are among its investments. It's not just the big players jumping into the acquisition game – private investment firms have joined as well.

"Essentially, the best private equity guys are taking companies private to relieve them from the pressure of Wall Street, allowing them to grow in private and then potentially go public again at a later date," Turner says.  

Related Content:

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.