Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:15 PM
Connect Directly

In a Crowded Endpoint Security Market, Consolidation Is Underway

Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.

"Ultimately, the reason why the consolidation is occurring is people have to remain competitive in a very, very crowded market right now," Thomas says. Larger security companies are stuck on creating new offerings, and they look to the startup community to help them fill the gaps. He points to a "lack of innovation" in larger endpoint players, including McAfee and Symantec, and he believes their goal will likely be to grow through acquisition of smaller companies.

The stream of M&A is constant and telling: VMware agreed to buy Carbon Black, HP recently agreed to acquire Bromium, BlackBerry picked up Cylance, and Thoma Bravo snapped up Sophos. "There are probably too many vendors coming at this market in different ways, so a degree of simplification is in order," says Rik Turner, principal analyst at Ovum, of the ongoing activity.

Some of these deals could hold clues for where the future of the market is headed. VMware, for example, could boost the appeal of its infrastructure platform if it promises to integrate security; both Firstbrook and Thomas agree the deal could accelerate growth for the company. Elastic's acquisition of Endgame is another deal bringing security into a non-security business.

But it poses an important question, Firstbrook notes: What if others – Kubernetes, Red Hat, Google – did the same thing? Companies buying operating system technology will find security already built in, and they could choose to enable that directly rather than buy a separate product. He thinks we can expect these types of acquisitions to continue into the future.

This is also why Microsoft is a company to watch, he adds. "They're the biggest threat to all of these vendors because they're built right into the OS and they're proving a good product now," Firstbrook says.

Still, the security landscape is littered with acquisitions of security companies that didn't work, Pescatore says. There is a belief that baking in security can overcome obstacles, but "the big issue is one thing we've proven: it's really, really hard for the infrastructure to protect itself," he says. Microsoft integrated security into Windows, for example, but Windows still has vulnerabilities.

Looking Ahead
Not every endpoint security startup will be acquired by a security company. Some will move into an adjacent business, like the Internet of Things (IoT) and operation tech (OT) security; others will be bought by OS or hardware vendors. Firstbrook anticipates we'll see some rolled into other technology vendors.

Thomas says he thinks the industry will also see the private equity community get more involved. Thoma Bravo, for example, has developed expertise in buying security firms: Barracuda, Veracode, Imperva, McAfee, and LogRhythm are among its investments. It's not just the big players jumping into the acquisition game – private investment firms have joined as well.

"Essentially, the best private equity guys are taking companies private to relieve them from the pressure of Wall Street, allowing them to grow in private and then potentially go public again at a later date," Turner says.  

Related Content:

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-10
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.
PUBLISHED: 2019-12-10
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.
PUBLISHED: 2019-12-10
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
PUBLISHED: 2019-12-10
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245...
PUBLISHED: 2019-12-10
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.