It had been quite quiet on the merger and acquisition front in the cybersecurity market. Everybody seems to agree that it's ripe for consolidation, and there's news that Symantec has reached a definitive agreement to acquire Blue Coat. Framed as its next step in cementing itself as the dominant pure-play cybersecurity vendor, the combination of Symantec and Blue Coat represents a bold move to expand the product portfolio, add key leadership, and enhance financials. Here is a 3x2 of what this means and what to watch for moving forward:
- Massive telemetry with coverage of the things. Symantec has tremendous endpoint coverage as well as telemetry across server workloads and email. Blue Coat comes to the party with network, web, and cloud app visibility. That’s a lot of coverage and telemetry across the things of today’s IT multi-dimensional hybrid clouds and mobile workforce.
- The cloud imperative. The fundamental shift to cloud computing necessitates purpose-built cloud security offerings that both embrace cloud “nativeness” and operation in a hybrid context to align with an organization’s journey to the cloud. The deployment footprint of Blue Coat’s proxy and web gateway along with its cloud access security broker (CASB) offering gives Symantec a key control point on the wire and the product to participate in the hot cloud app security market where there is a lot of whitespace for net-new customer acquisitions.
- It’s still all about the data. Okay, so how is this different than when Symantec and Veritas merged and pitched this value proposition to CIOs? Well, first, it’s all about security; and second, more and more corporate data is migrating northbound to the cloud, making discovering sensitive data and applying policy for both risk and compliance non-trivial. Many CASB vendors already augment their own data loss prevention (DLP) capabilities by offloading intensive analysis to Symantec’s DLP engine. And Blue Coat has the SSL decryption piece. All together, this means Symantec will be highly indexed on location-agnostic DLP that is compelling for the new normal of hybrid IT.
Acquisitions are as successful as the integration is well-executed across the spectrum of people, products, and placement. Here are the blips in the middle of my radar screen to monitor as the acquisition closes and the combined entities merge.
- Does pure-play mean closed? Leveraging its sizable proxy deployment, Blue Coat has smartly established a series of strategic alliances that have yielded valuable integrations with endpoint detection and response (EDR) and cloud access security broker products. Being part of by the largest endpoint security vendor may change at least the field engagement dynamics with other endpoint security players. And many CASB vendors parse ProxySG logs for application discover. Will coopetition rule the day?
- Quality vs. quantity. The narrative in the threat intelligence market is evolving from the value of the largest corpus of known bad hashes, URLs, IPs and IOCs to attacker and campaign behavior profiling. The former is an argument for quantity, the later for quality. Currency and scope across all the things is essential, but whether the billions of data points are as effective as, say, the dozen most common attack patterns will be an ongoing debate. The combined threat lab may argue these are not mutually exclusive with broad telemetry providing greater insights into patterns.
- Wrap the software in sheet metal. This was how we used to sell software at a systems vendor back in the day, which was frustrating for a software guy. The DNA of the company was simply that of a hardware business focused on the gross margins of a box. The same dichotomy has existed between host-based and network-based security. Sure, security is all about defense in depth and you need both, but there may be cultural, sales model, and product planning contention on who gets the most mind share and resources.
While I’ll leave the vetting of the price of the deal to financial analysts, it’s worth noting the increasingly prominent role of private equity firms in the cybersecurity industry. But I’m a product guy, and from that perspective I like the complementary nature of the portfolios because they’re well aligned with the new normal of hybrid IT and against the diversity of treat types and attack vectors.