Endpoint Security Market Transformation In 2014

It is widely agreed that the security software market is over $20 billion worldwide and that endpoint security software (aka antivirus) makes up the lion’s share of this revenue. After all, AV is an endpoint staple product bundled on new PCs, required as part of regulatory compliance, and even available for free from reputable providers such as Avast, AVG, and Microsoft.

Yup, AV software is certainly pervasive but traditional endpoint security vendors will face a number of unprecedented challenges to their comfy hegemony in 2014 for several reasons:

  1. Security professionals are increasingly questioning AV effectiveness. According to ESG research, 62% of security professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that traditional endpoint security software is not effective for detecting zero-day and/or polymorphic malware commonly used as part of targeted attacks today. To quote Lee Atwater, ‘perception is reality’ when it comes to AV.
  2. Many organizations are already moving beyond AV. ESG research also indicates that over half (51%) of large organizations are planning to add new layers of endpoint security software in order to detect/prevent advanced malware threats. This means that enterprise companies aren’t waiting for AV vendors to catch up but rather spending on new endpoint defenses – likely with new vendors.
  3. The industry is turning up the heat. The AV market has been a cozy oligopoly dominated by a handful of vendors. This market is coming unglued as a combination of new threats and user perceptions is opening the door to an assortment of upstarts. The list includes smaller firms like Bit9, Cylance, Malwarebytes, and Triumfant as well as 800-pound gorillas like Cisco (with Sourcefire FireAMP, IBM (with Trusteer), and RSA Security (with ECAT). Oh, and let’s not forget red hot FireEye’s acquisition of Mandiant or Palo Alto’s purchase of Morta. These two firms are intent on leaving AV vendors in the dust as they pursue the title of “next-generation security company” (whatever that means).
Topics: IBM Microsoft Palo Alto Networks Cisco Information and Risk Management Sourcefire FireEye McAfee Security and Privacy Security Malwarebytes Triumfant Mandiant Avast trend micro RSA antivirus Cylance Bit9 Anti-malware APT Trusteer

IBM Extends Its Cybersecurity Footprint With Trusteer Acquisition

Yes, the IBM/Trusteer deal happened on 8/15 but summer activities interrupted my blogging schedule so I’m just catching up.

Rumor has it that IBM paid somewhere between $800m and $1 billion for the Israeli cybersecurity firm. That’s a lot of dollars, shekels, or any other currency but Trusteer can help IBM extend its information security shadow with:

  1. A greater presence in the financial services market. IBM is a major player in financial services with IT equipment, software, and services but is still playing catch up with CISOs in this space. With the acquisition of Trusteer, IBM grabs an established leader in web fraud detection (along with Silver Tail/RSA)and a killer installed base in the world’s largest banks. IBM will certainly use this new stature to position QRadar against ArcSight and establish a leadership position in big data security analytics. This is important since financial services firms tend to be aggressive spenders when it comes to information security.
  2. An advanced endpoint security solution. In spite of its aggressive push into security over the past few years, IBM’s participation in endpoint security has been limited to management (i.e. BigFix) and partnerships. The Trusteer acquisition gives IBM a new type of anti-malware solution that can act as an additional layer of endpoint security and can be deployed on PCs, Macs, and mobile devices. Trusteer endpoint security technology is sound but it was not big enough to push into the enterprise market to compete with Bromium, Invincea, Malwarebytes, or Sourcefire. IBM certainly has the resources to make this happen soon. Look for IBM to integrate Trusteer anti-malware capabilities with its network-based solutions (i.e., ISS) to form a comprehensive network/endpoint anti-malware architecture.
  3. Greater intelligence and cloud services. Trusteer solutions are anchored by research, intelligence, and cloud-based protection. IBM can spread these capabilities across existing resources like its xForce security research, QRadar SIEM, and various managed security services options.
  4. Mobile security solutions. Rather than develop its own MDM, IBM is pitching mobile security as part of a bigger play that includes secure application development processes, application security testing, endpoint device management, identity and access management, and network security. IBM will likely fold the Trusteer mobile risk engine, SDK, and secure browser, and out-of-band mobile authentication into its mobile enterprise security mix.
  5. A recruiting hub. IBM plans to establish a presence in Israel for cybersecurity research and development. Given the global shortage of security talent this is a very shrewd move giving IBM access to elite talent coming out of the IDF and Unit 8200.
Topics: IBM Cybersecurity Information and Risk Management Security and Privacy Security big data security analytics enterprise security ArcSight RSA Security Anti-malware Trusteer