Here we are in the doldrums of summer, and yet endpoint security is as hot as the sweltering heat! This week alone, we got the news of CrowdStrike’s $100M in Series C financing on what is speculated to be a $1B valuation, as well as CounterTack’s acquisition of ManTech Cyber Solutions International (MCSI). The race is on to capture endpoint security footprint and market share to help organizations shore up the knowledge worker soft spot that is all too often the attack vector of choice. There are a number of interesting aspects of each piece of news, as well as some takeaways relevant to this dynamic market segment.
- Aligning with the Cyber Kill Chain: These announcements are about bulking up product functionality to map to the cyber kill chain—from the time and point of infection to propagation and exfiltration with advanced detection, response, and remediation capabilities. While such a mapping is horizontal in nature, there is also an important vertical dimension—given the need to have visibility up and down the stack from kernel to file system to memory. Verizon’s 2015 Data Breach Investigation Report cites a notable increase in RAM-scraping malware in 2014, including new variants discovered on point-of-sales (POS) systems, which is why in-memory threat analysis is a compelling addition to the CounterTack endpoint detection and response offering vis-a-vis the ManTech buy.
- Enabling and Providing Security Services: With a dearth of technical cybersecurity talent, endpoint detection and response vendors are stepping in to fill the gap in various ways. On the product side, some new releases are focused on a user interface design center for the less experienced cybersecurity analyst—the jury is out on the efficacy of this approach—while also providing companies big enough to have a Computer Incident Response Team (CIRT) with a rich set of data and malware analysis tools. At the same time, vendors are partnering with Managed Security Services Partners (MSSPs) as a route to market. But what does the business model look like when it comes to security services? And will a vendor’s own service offerings create channel conflict with their MSSPs? That is, vendors will need to decide if their business plan calls for the Services P&L to be more P than L. Case in point, Mandiant created the blueprint for a services-lead product sales model, but in doing so made some security VARs and MSSPs wary of partnering with them due to concerns about account control. The addition of ManTech provides CounterTack with added value to incident response teams, as well teams of threat researchers, while CrowdStrike is offering to perform both post-breach and proactive assessment services. Today’s endpoint security vendors will need to make an eyes-wide-open decision on how their services strategy supports or impedes the partnering element of their business model.
- Google and Rackspace Weighing In: The CrowdStrike investment marks Google Capital’s entry into cybersecurity. Google has now placed what is their first bet on a segment where they will likely want to have more chips on the table (as they should), albeit coming a bit late to the party. Another notable investor in the CrowdStrike news is Rackspace. While a strategic investor is always a risky proposition for a vendor as it can be pollutive, as well as a stumbling block for other partnering initiatives, it can also pay huge dividends by providing leverage—in this case, in cloud security—especially on the heels of Rackspace getting cozy with Microsoft Azure.
We are only a few weeks away from Black Hat where the summer heat of Vegas will be an appropriate setting for the rising temperature of the endpoint security market. Let’s hope for news of more tightly integrated endpoint security offerings, user interface updates providing context and advice versus just heaps of data, and sharing of threat intelligence between customers and vendors alike. How about you? What do you think these announcements means and may foretell for Black Hat? See you there!