Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Is The Cybersecurity Bubble About To Burst?
Newest First  |  Oldest First  |  Threaded View
crawdaddio
100%
0%
crawdaddio,
 User Rank: Apprentice
2/12/2016 | 9:23:47 AM
InfoSec profession needs to mature
Agreed. It can be hard to compete with the $$ thrown around by the next shiny object. For the most part, these new VC-funded firms have developing "competitive" technology that looks pretty and provides enough services (bells and whistles) to get the market's attention. And, the market is there ($75B per Gartner). What's amazing is how many of these firms provide reactive services (analzye and fix a problem) instead of proactively preventing it in the first place. Why would an enterprise allow itself to be compromised knowing they have a vulnerability? 

The smart buyers who see the bigger picture know this. Unfortunately, infosec is a frantically-growing profession and lacks the maturity to see beyond the flashn. Eventually, the profession will mature and realize that their bandaid approach will only work for so long and eventually it will fail (and the market will respond). The market will look vastly different in the next few years. The smart buyers who see the bigger picture know this. 

 
whitehatblackhat
50%
50%
whitehatblackhat,
 User Rank: Apprentice
2/12/2016 | 9:08:29 AM
Bulls on Parade
Cybersecurity isn't going anywhere.   What you have seen in the past two years with new public offerings are race to the gate companies with unproven technology that can quickly be overcome buy more established players in the space.   They are all buyout targets at this point.

The threat landscape will never stop changing, and the protection of data will continuously evolve as that landscape changes.   It is literally a never ending self fueling industry with huge upside.

Problem is with unknowledgeable investors who do not know jack about the underlying technology and evolving threat landscape.   They pour money into companies based upon guess work, rising tides, and high valuations.   When markets rattle, this high valuers pull out of their low information investment decisions, which is why you will see the high swings up and down.

PANW is stellar.   Great product, great company, went out and is beating the pants off the old guard in that particular segment of cyber.    Cyberark, great product, great company...best at what it does in that particular niche.   Fireye, an amalgamation of splinters of threat identification...good at some and not so good at others.   It's trying to acquire it's way out of obsoletion.

The rest of the bunch rapid, fortinet, et al...rising tide players only.   Never had it together in the first place.

Forescout is 15 years old, proven, robust...does what it says it can do and very well.   They too will be a force and long term player.

Don't jump in if you don't know what you are doing.   This isn't picking a cell phone company stock, or energy company stock, or other well known space offering tied to some transparent traded commodity.   If you don't know how and how frequently the cyber security space is elvoving, then stay out of the winner picking business in this space.   There will be many winners, but many more who fail.
PaulV378
100%
0%
PaulV378,
 User Rank: Strategist
2/10/2016 | 6:36:37 PM
what was the meaning of PETS.COM?
last time we explosively overheated an internet technology market was 1999 or so. this ended messily, and the signal of the end was the failed PETS.COM IPO. apparently there was no there there, and everybody knew it, but i guess folks were hoping they could squeeze out one more vapid also-ran before the party was over.

i didn't involve VC's in my current venture, because i wanted to do a bunch of crazy stuff like reach breakeven and then grow organically on a single small seed round, rather than trading dilution to get fast -- but usually brittle and unsustainable -- growth. so far i'm pretty happy with that decision, and it puts me in mind to speak as an outsider in the current mess:

competing with someone who doesn't have to earn money before they can spend it, is irritating.

so, if the VC community gets cold feet about my industry for a little while, i'm OK with that.

which means i challenge this article's assumption that the industry's health can be determined by deal size and exit size trends. customers and employees matter a lot, it's not just the shareholders who need to be counted here.
oneilldon
50%
50%
oneilldon,
 User Rank: Guru
2/10/2016 | 4:34:54 PM
Cyber Security is Beyond the Tipping Point
The Cyber Security has reached the tipping point. The cat is out of the bag. Even Corporate Board members are getting the idea... since these individual may be liable for damages.

Cyber Security is an intractable problem without a known, provably correct solution. This presents an irreconcilable dilemma for board members who have a responsibility to safeguard the enterprise. Congress recognized this in the Cyber Security Disclosure Act of 2015 designed to encourage disclosure of Cyber Security expertise on corporate boards.

In a quandary and caught in a paradox between an incomplete Cyber Security theory and practice and the more complete and well specified fiduciary duties and risk oversight responsibilities, no amount of compliance monitoring or Cyber insurance can fully protect the enterprise. Just how to thread the needle of this legal quandary! How can board member failure be avoided when the organization insists on trusting data and information it cannot afford to lose to an Internet which cannot be protected? Corporate board members who find themselves overseeing overcommitted Internet dependencies are looking for a new way of thinking.

So no wonder the bloom is off the rose in the stock market for Cyber Security offerings.
Sara Peters
100%
0%
Sara Peters,
 User Rank: Author
2/10/2016 | 11:22:12 AM
Yowza
I confess that I generally don't pay much attention to the vacillations of The Market -- something I'm sure my 401K would scold me for, if it were a sentient being -- but I find this both intriguing and a little disconcerting.

I wonder, is it just that people aren't buying into the one-stop security shop anymore? What is it they're looking for -- something more tailored, more cutting-edge, more affordable, more flexible -- that they don't think the big names can give them? Or are the investors' behaviors entirely disconnected from the behaviors of the buyers right now?

Help me out here, people.

 

 


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36289
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...
CVE-2021-32606
PUBLISHED: 2021-05-11
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
CVE-2021-3504
PUBLISHED: 2021-05-11
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to...
CVE-2021-20309
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to ...
CVE-2021-20310
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...