Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Is The Cybersecurity Bubble About To Burst?
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
2/12/2016 | 9:23:47 AM
InfoSec profession needs to mature
Agreed. It can be hard to compete with the $$ thrown around by the next shiny object. For the most part, these new VC-funded firms have developing "competitive" technology that looks pretty and provides enough services (bells and whistles) to get the market's attention. And, the market is there ($75B per Gartner). What's amazing is how many of these firms provide reactive services (analzye and fix a problem) instead of proactively preventing it in the first place. Why would an enterprise allow itself to be compromised knowing they have a vulnerability? 

The smart buyers who see the bigger picture know this. Unfortunately, infosec is a frantically-growing profession and lacks the maturity to see beyond the flashn. Eventually, the profession will mature and realize that their bandaid approach will only work for so long and eventually it will fail (and the market will respond). The market will look vastly different in the next few years. The smart buyers who see the bigger picture know this. 

User Rank: Apprentice
2/12/2016 | 9:08:29 AM
Bulls on Parade
Cybersecurity isn't going anywhere.   What you have seen in the past two years with new public offerings are race to the gate companies with unproven technology that can quickly be overcome buy more established players in the space.   They are all buyout targets at this point.

The threat landscape will never stop changing, and the protection of data will continuously evolve as that landscape changes.   It is literally a never ending self fueling industry with huge upside.

Problem is with unknowledgeable investors who do not know jack about the underlying technology and evolving threat landscape.   They pour money into companies based upon guess work, rising tides, and high valuations.   When markets rattle, this high valuers pull out of their low information investment decisions, which is why you will see the high swings up and down.

PANW is stellar.   Great product, great company, went out and is beating the pants off the old guard in that particular segment of cyber.    Cyberark, great product, great company...best at what it does in that particular niche.   Fireye, an amalgamation of splinters of threat identification...good at some and not so good at others.   It's trying to acquire it's way out of obsoletion.

The rest of the bunch rapid, fortinet, et al...rising tide players only.   Never had it together in the first place.

Forescout is 15 years old, proven, robust...does what it says it can do and very well.   They too will be a force and long term player.

Don't jump in if you don't know what you are doing.   This isn't picking a cell phone company stock, or energy company stock, or other well known space offering tied to some transparent traded commodity.   If you don't know how and how frequently the cyber security space is elvoving, then stay out of the winner picking business in this space.   There will be many winners, but many more who fail.
User Rank: Strategist
2/10/2016 | 6:36:37 PM
what was the meaning of PETS.COM?
last time we explosively overheated an internet technology market was 1999 or so. this ended messily, and the signal of the end was the failed PETS.COM IPO. apparently there was no there there, and everybody knew it, but i guess folks were hoping they could squeeze out one more vapid also-ran before the party was over.

i didn't involve VC's in my current venture, because i wanted to do a bunch of crazy stuff like reach breakeven and then grow organically on a single small seed round, rather than trading dilution to get fast -- but usually brittle and unsustainable -- growth. so far i'm pretty happy with that decision, and it puts me in mind to speak as an outsider in the current mess:

competing with someone who doesn't have to earn money before they can spend it, is irritating.

so, if the VC community gets cold feet about my industry for a little while, i'm OK with that.

which means i challenge this article's assumption that the industry's health can be determined by deal size and exit size trends. customers and employees matter a lot, it's not just the shareholders who need to be counted here.
User Rank: Guru
2/10/2016 | 4:34:54 PM
Cyber Security is Beyond the Tipping Point
The Cyber Security has reached the tipping point. The cat is out of the bag. Even Corporate Board members are getting the idea... since these individual may be liable for damages.

Cyber Security is an intractable problem without a known, provably correct solution. This presents an irreconcilable dilemma for board members who have a responsibility to safeguard the enterprise. Congress recognized this in the Cyber Security Disclosure Act of 2015 designed to encourage disclosure of Cyber Security expertise on corporate boards.

In a quandary and caught in a paradox between an incomplete Cyber Security theory and practice and the more complete and well specified fiduciary duties and risk oversight responsibilities, no amount of compliance monitoring or Cyber insurance can fully protect the enterprise. Just how to thread the needle of this legal quandary! How can board member failure be avoided when the organization insists on trusting data and information it cannot afford to lose to an Internet which cannot be protected? Corporate board members who find themselves overseeing overcommitted Internet dependencies are looking for a new way of thinking.

So no wonder the bloom is off the rose in the stock market for Cyber Security offerings.
Sara Peters
Sara Peters,
User Rank: Author
2/10/2016 | 11:22:12 AM
I confess that I generally don't pay much attention to the vacillations of The Market -- something I'm sure my 401K would scold me for, if it were a sentient being -- but I find this both intriguing and a little disconcerting.

I wonder, is it just that people aren't buying into the one-stop security shop anymore? What is it they're looking for -- something more tailored, more cutting-edge, more affordable, more flexible -- that they don't think the big names can give them? Or are the investors' behaviors entirely disconnected from the behaviors of the buyers right now?

Help me out here, people.



COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are...
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versio...
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from...
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...