• Another flurry of security vendor acquisitions is likely in 2016, thanks largely to slowing venture capital investing.
• Best-of-breed product integration and automation capabilities will be top industry storylines this year.
Many of you surely agree that end-of-year predictions articles are a tired trope, rolled out by publishers as click-bait while their staffs enjoy a holiday vacation. Here at Current Analysis, the Enterprise Security team (yes, it’s a team of one!) decided not to stare into the crystal ball last year, but with the first month of 2016 coming to a close, we wanted to highlight three trends that are guiding our research efforts this year.
A convergence of economic trends including low interest rates, a rising stock market and significantly increased enterprise spending on information security has created a flood of venture capital investments in security companies. While the overall VC landscape has ballooned — as evidence by a record 150 private companies worth at least $1 billion, with every single one VC-backed – infosec has benefitted as well. CrowdStrike, Tenable Network Security and many others have landed huge funding rounds, and at least three VCs have cybersecurity-specific funds topping $100 million.
That said, VC fundraising slowed significantly at the end of 2015, and a bear market means cash will be harder to come by. For the security industry, this means gut-check time for small startups with questionable metrics, as well as larger ones heavily indebted to the VCs. As some investors cash out and big players look for bargains, it wouldn’t be surprising to see another flurry of security acquisitions this year.
2. Best-of-Breed Integration
No question the largest security vendors still message around the power of their integrated product sets, but increasingly enterprises, frustrated by ineffective traditional security products from stalwart vendors, have sought innovative security products from a myriad of startups. It’s common for an enterprise to have a dozen or more unique best-of-breed security products that perform a specific task or set of functions exceedingly well, but it’s rare for multiple products from different vendors to interoperate well.
That’s starting to change. Intel Security, Cisco, IBM, and others are working on security product interoperability platforms that will provide common data exchange underpinnings to third-party security products, enabling them to exchange data, issue commands to one another, and ultimately function as a cohesive unit, providing enterprises with the ability to assemble their own security product ecosystems that function in support of the organization’s unique security needs. Expect a lot of progress on this front in 2016.
Finally, after many years of reluctance to adopt products or implement product features that automatically take action to mitigate threats without direct human consent, security and business leaders understand the scale and pace of new attacks, similarly, demands defenses with similar speed and scale, which can only be achieved through automation. Vendors that demonstrate automated threat detection and remediation that empowers security teams will stand out among competitors.