Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Is The Cybersecurity Bubble About To Burst?
Newest First  |  Oldest First  |  Threaded View
crawdaddio
crawdaddio,
 User Rank: Apprentice
2/12/2016 | 9:23:47 AM
InfoSec profession needs to mature
Agreed. It can be hard to compete with the $$ thrown around by the next shiny object. For the most part, these new VC-funded firms have developing "competitive" technology that looks pretty and provides enough services (bells and whistles) to get the market's attention. And, the market is there ($75B per Gartner). What's amazing is how many of these firms provide reactive services (analzye and fix a problem) instead of proactively preventing it in the first place. Why would an enterprise allow itself to be compromised knowing they have a vulnerability? 

The smart buyers who see the bigger picture know this. Unfortunately, infosec is a frantically-growing profession and lacks the maturity to see beyond the flashn. Eventually, the profession will mature and realize that their bandaid approach will only work for so long and eventually it will fail (and the market will respond). The market will look vastly different in the next few years. The smart buyers who see the bigger picture know this. 

 
whitehatblackhat
whitehatblackhat,
 User Rank: Apprentice
2/12/2016 | 9:08:29 AM
Bulls on Parade
Cybersecurity isn't going anywhere.   What you have seen in the past two years with new public offerings are race to the gate companies with unproven technology that can quickly be overcome buy more established players in the space.   They are all buyout targets at this point.

The threat landscape will never stop changing, and the protection of data will continuously evolve as that landscape changes.   It is literally a never ending self fueling industry with huge upside.

Problem is with unknowledgeable investors who do not know jack about the underlying technology and evolving threat landscape.   They pour money into companies based upon guess work, rising tides, and high valuations.   When markets rattle, this high valuers pull out of their low information investment decisions, which is why you will see the high swings up and down.

PANW is stellar.   Great product, great company, went out and is beating the pants off the old guard in that particular segment of cyber.    Cyberark, great product, great company...best at what it does in that particular niche.   Fireye, an amalgamation of splinters of threat identification...good at some and not so good at others.   It's trying to acquire it's way out of obsoletion.

The rest of the bunch rapid, fortinet, et al...rising tide players only.   Never had it together in the first place.

Forescout is 15 years old, proven, robust...does what it says it can do and very well.   They too will be a force and long term player.

Don't jump in if you don't know what you are doing.   This isn't picking a cell phone company stock, or energy company stock, or other well known space offering tied to some transparent traded commodity.   If you don't know how and how frequently the cyber security space is elvoving, then stay out of the winner picking business in this space.   There will be many winners, but many more who fail.
PaulV378
PaulV378,
 User Rank: Strategist
2/10/2016 | 6:36:37 PM
what was the meaning of PETS.COM?
last time we explosively overheated an internet technology market was 1999 or so. this ended messily, and the signal of the end was the failed PETS.COM IPO. apparently there was no there there, and everybody knew it, but i guess folks were hoping they could squeeze out one more vapid also-ran before the party was over.

i didn't involve VC's in my current venture, because i wanted to do a bunch of crazy stuff like reach breakeven and then grow organically on a single small seed round, rather than trading dilution to get fast -- but usually brittle and unsustainable -- growth. so far i'm pretty happy with that decision, and it puts me in mind to speak as an outsider in the current mess:

competing with someone who doesn't have to earn money before they can spend it, is irritating.

so, if the VC community gets cold feet about my industry for a little while, i'm OK with that.

which means i challenge this article's assumption that the industry's health can be determined by deal size and exit size trends. customers and employees matter a lot, it's not just the shareholders who need to be counted here.
oneilldon
oneilldon,
 User Rank: Guru
2/10/2016 | 4:34:54 PM
Cyber Security is Beyond the Tipping Point
The Cyber Security has reached the tipping point. The cat is out of the bag. Even Corporate Board members are getting the idea... since these individual may be liable for damages.

Cyber Security is an intractable problem without a known, provably correct solution. This presents an irreconcilable dilemma for board members who have a responsibility to safeguard the enterprise. Congress recognized this in the Cyber Security Disclosure Act of 2015 designed to encourage disclosure of Cyber Security expertise on corporate boards.

In a quandary and caught in a paradox between an incomplete Cyber Security theory and practice and the more complete and well specified fiduciary duties and risk oversight responsibilities, no amount of compliance monitoring or Cyber insurance can fully protect the enterprise. Just how to thread the needle of this legal quandary! How can board member failure be avoided when the organization insists on trusting data and information it cannot afford to lose to an Internet which cannot be protected? Corporate board members who find themselves overseeing overcommitted Internet dependencies are looking for a new way of thinking.

So no wonder the bloom is off the rose in the stock market for Cyber Security offerings.
Sara Peters
Sara Peters,
 User Rank: Author
2/10/2016 | 11:22:12 AM
Yowza
I confess that I generally don't pay much attention to the vacillations of The Market -- something I'm sure my 401K would scold me for, if it were a sentient being -- but I find this both intriguing and a little disconcerting.

I wonder, is it just that people aren't buying into the one-stop security shop anymore? What is it they're looking for -- something more tailored, more cutting-edge, more affordable, more flexible -- that they don't think the big names can give them? Or are the investors' behaviors entirely disconnected from the behaviors of the buyers right now?

Help me out here, people.

 

 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42002
PUBLISHED: 2022-10-01
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVE-2022-39268
PUBLISHED: 2022-09-30
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end use...
CVE-2022-34428
PUBLISHED: 2022-09-30
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
CVE-2022-34429
PUBLISHED: 2022-09-30
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
CVE-2022-40923
PUBLISHED: 2022-09-30
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.