Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Is The Cybersecurity Bubble About To Burst?
Newest First  |  Oldest First  |  Threaded View
crawdaddio
100%
0%
crawdaddio,
 User Rank: Apprentice
2/12/2016 | 9:23:47 AM
InfoSec profession needs to mature
Agreed. It can be hard to compete with the $$ thrown around by the next shiny object. For the most part, these new VC-funded firms have developing "competitive" technology that looks pretty and provides enough services (bells and whistles) to get the market's attention. And, the market is there ($75B per Gartner). What's amazing is how many of these firms provide reactive services (analzye and fix a problem) instead of proactively preventing it in the first place. Why would an enterprise allow itself to be compromised knowing they have a vulnerability? 

The smart buyers who see the bigger picture know this. Unfortunately, infosec is a frantically-growing profession and lacks the maturity to see beyond the flashn. Eventually, the profession will mature and realize that their bandaid approach will only work for so long and eventually it will fail (and the market will respond). The market will look vastly different in the next few years. The smart buyers who see the bigger picture know this. 

 
whitehatblackhat
50%
50%
whitehatblackhat,
 User Rank: Apprentice
2/12/2016 | 9:08:29 AM
Bulls on Parade
Cybersecurity isn't going anywhere.   What you have seen in the past two years with new public offerings are race to the gate companies with unproven technology that can quickly be overcome buy more established players in the space.   They are all buyout targets at this point.

The threat landscape will never stop changing, and the protection of data will continuously evolve as that landscape changes.   It is literally a never ending self fueling industry with huge upside.

Problem is with unknowledgeable investors who do not know jack about the underlying technology and evolving threat landscape.   They pour money into companies based upon guess work, rising tides, and high valuations.   When markets rattle, this high valuers pull out of their low information investment decisions, which is why you will see the high swings up and down.

PANW is stellar.   Great product, great company, went out and is beating the pants off the old guard in that particular segment of cyber.    Cyberark, great product, great company...best at what it does in that particular niche.   Fireye, an amalgamation of splinters of threat identification...good at some and not so good at others.   It's trying to acquire it's way out of obsoletion.

The rest of the bunch rapid, fortinet, et al...rising tide players only.   Never had it together in the first place.

Forescout is 15 years old, proven, robust...does what it says it can do and very well.   They too will be a force and long term player.

Don't jump in if you don't know what you are doing.   This isn't picking a cell phone company stock, or energy company stock, or other well known space offering tied to some transparent traded commodity.   If you don't know how and how frequently the cyber security space is elvoving, then stay out of the winner picking business in this space.   There will be many winners, but many more who fail.
PaulV378
100%
0%
PaulV378,
 User Rank: Strategist
2/10/2016 | 6:36:37 PM
what was the meaning of PETS.COM?
last time we explosively overheated an internet technology market was 1999 or so. this ended messily, and the signal of the end was the failed PETS.COM IPO. apparently there was no there there, and everybody knew it, but i guess folks were hoping they could squeeze out one more vapid also-ran before the party was over.

i didn't involve VC's in my current venture, because i wanted to do a bunch of crazy stuff like reach breakeven and then grow organically on a single small seed round, rather than trading dilution to get fast -- but usually brittle and unsustainable -- growth. so far i'm pretty happy with that decision, and it puts me in mind to speak as an outsider in the current mess:

competing with someone who doesn't have to earn money before they can spend it, is irritating.

so, if the VC community gets cold feet about my industry for a little while, i'm OK with that.

which means i challenge this article's assumption that the industry's health can be determined by deal size and exit size trends. customers and employees matter a lot, it's not just the shareholders who need to be counted here.
oneilldon
50%
50%
oneilldon,
 User Rank: Guru
2/10/2016 | 4:34:54 PM
Cyber Security is Beyond the Tipping Point
The Cyber Security has reached the tipping point. The cat is out of the bag. Even Corporate Board members are getting the idea... since these individual may be liable for damages.

Cyber Security is an intractable problem without a known, provably correct solution. This presents an irreconcilable dilemma for board members who have a responsibility to safeguard the enterprise. Congress recognized this in the Cyber Security Disclosure Act of 2015 designed to encourage disclosure of Cyber Security expertise on corporate boards.

In a quandary and caught in a paradox between an incomplete Cyber Security theory and practice and the more complete and well specified fiduciary duties and risk oversight responsibilities, no amount of compliance monitoring or Cyber insurance can fully protect the enterprise. Just how to thread the needle of this legal quandary! How can board member failure be avoided when the organization insists on trusting data and information it cannot afford to lose to an Internet which cannot be protected? Corporate board members who find themselves overseeing overcommitted Internet dependencies are looking for a new way of thinking.

So no wonder the bloom is off the rose in the stock market for Cyber Security offerings.
Sara Peters
100%
0%
Sara Peters,
 User Rank: Author
2/10/2016 | 11:22:12 AM
Yowza
I confess that I generally don't pay much attention to the vacillations of The Market -- something I'm sure my 401K would scold me for, if it were a sentient being -- but I find this both intriguing and a little disconcerting.

I wonder, is it just that people aren't buying into the one-stop security shop anymore? What is it they're looking for -- something more tailored, more cutting-edge, more affordable, more flexible -- that they don't think the big names can give them? Or are the investors' behaviors entirely disconnected from the behaviors of the buyers right now?

Help me out here, people.

 

 


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22677
PUBLISHED: 2021-05-07
An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code execution on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4....
CVE-2021-29495
PUBLISHED: 2021-05-07
Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documente...
CVE-2020-4901
PUBLISHED: 2021-05-07
IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.
CVE-2021-21419
PUBLISHED: 2021-05-07
Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reas...
CVE-2021-27437
PUBLISHED: 2021-05-07
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0...