Venture capital investments in cybersecurity companies are aggressive these days but yesterday’s news was startling nonetheless. First, Cylance announced a round of $120 million led by Blackstone Tactical Opportunities. Cylance says that the funding will help it expand sales and marketing initiatives and extend its global footprint.
Not to be outdone, Cylance archenemy CrowdStrike announced a round of $200m, led by General Atlantic and IVP, and now claims a valuation of more than $3 billion. Like its rival, CrowdStrike says that the new funding will go toward sales and marketing as well as product development.
These two “unicorns” are not alone. Tanium and Cybereason have also enjoyed funding rounds of $100m while SentinelOne raised $70m in a series C round last year. Holy antivirus, Batman!
Now all this VC investment seems a little crazy at first glance. After all, the entire endpoint security market is somewhere in the 5 to 7 billion-dollar range and its currently dominated by a cabal of vendors including Kaspersky Lab, McAfee, Sophos, Symantec, Trend Micro, and Webroot. Given this market reality, it’s fair to ask how the Sand Hill Rd. phat cats can justify this level of investment in a crowded and mature market.
Yup, endpoint security investment is aggressive but there is some wisdom behind this VC strategy. Today’s endpoint security market no longer looks like the antivirus market circa 2008. Rather, it is transforming rapidly for several reasons:
- Market consolidation. According to ESG research, 53% of enterprise organizations (i.e., 1,000 employees or more) currently have 3 or more different endpoint security products deployed across its network. Each of these products requires its own software agent, its own management portal, and its own care and feeding by security and IT operations staff. CISOs know that this type of tactical approach is an operations nightmare, so they are actively winnowing down endpoint products and vendors. The future belongs to endpoint security suites, not point tools.
- Market expansion. Endpoint security products were usually based upon two basic competences in the past: antivirus protection and network firewalls. Fast forward to 2018 and endpoint security functionality can now include application controls, port controls, browser sandboxing/isolation, deception technology, endpoint detection/response (EDR), HIPS, DLP, etc. Furthermore, many vendors are now bundling in managed security services as part of their product suites, providing services options from staff augmentation, to hybrid on-premises/cloud models, to full outsourcing. The result? The endpoint security product pie is getting bigger annually, while endpoint security product vendors can now goose sales through a portfolio of complementary managed services.
- An endpoint is no longer just a PC. While this transition is moving slowly, enterprise organizations want central command-and-control and distributed enforcement for PCs, mobile devices, IoT, and OT sensors/actuators, etc. This too will broaden the endpoint security market.
- Endpoints can act as the center of the security universe. Endpoint security changes are also being driven by two peripheral trends: 1) Most network traffic is encrypted today and decrypting packets as they traverse networks can impact network engineering, operations, and throughput. Therefore, endpoints act as termination points for analyzing and filtering network traffic, and 2) Endpoints provide extremely rich security telemetry, and now that new endpoint security suites include EDR capabilities, endpoint security can act as the new nexus for security analytics. In other words, endpoint security telemetry may usurp log files as the go-to data source for new types of security analytics.
In summary, new and old endpoint security vendors believe there are many new product and services opportunities that will center on burgeoning use cases for endpoint security. Yes, some of these will be supplemented with network and cloud-based controls, but $100m funding rounds give startups the financial muscle to acquire and integrate these technologies as needed.
The endpoint security market is expanding before our eyes and massive VC investments are the financial equivalent of the expression, "You ain’t seen nothing yet." Some of these investments will certainly be swings and misses, but others could literally change the world.