Endpoint security has become a hot topic of late -- so hot that endpoint-security companies are being courted, partnered with, and purchased left and right. But why?
Take a look at just a sampling of what's happened over the past few months:
In early November, Symantec announced planned acquisitions of Javelin Networks and Appthority, respectively -- both specifically for the purpose of "strengthen[ing]" its endpoint-security stack.
Later that same month, BlackBerry announced that it would be buying out Cylance -- a cybersecurity firm that specializes in machine learning for endpoint protection -- in the hopes of making BlackBerry's own IoT-security platform BlackBerry Spark "indispensable". BlackBerry announced on February 22 that the deal had closed. (See BlackBerry Acquiring Security & AI Firm Cylance for $1.4B.)
In December, it was announced that HCL would be acquiring IBM's BigFix endpoint-security software (among other IBM software solutions) in a deal expected to close in the middle of this year.
Then, on January 31, Dell introduced an endpoint-security product line in partnership with endpoint-security company CrowdStrike and Dell subsidiary SecureWorks.
Five days later, security-analytics firm Interset also announced a partnership with CrowdStrike -- to enhance both companies' respective offerings.
And two days after that, Carbonite announced it was buying Webroot Software Inc. -- with the expressly stated purpose of developing enhanced endpoint-security solutions. That deal is expected to close in March.
"The combined business will address a top vulnerability of businesses -- the endpoint," declares an investor-targeted website dedicated to the planned acquisition. "The combination is expected to create a next-generation business platform powered by machine learning to serve growing customer needs."
Perhaps, as Frank Dickson, IDC's research vice president for cybersecurity products, recently suggested
it is all pseudo-coincidence, with the only meaningful trend being that of so-called acqui-hiring -- to mitigate what many call a cybersecurity-talent shortage. Indeed, private-equity firm Thoma Bravo
has had a flurry of cybersecurity-company acquisition announcements in the past several months -- even among those companies without a strict focus on endpoint protection. (See Cybersecurity AI: Addressing the 'Artificial' Talent Shortage
and Over 300K Cybersecurity Jobs Remain Open in the US, Study Finds
In an interview with Security Now, though, Dickson identified another factor driving generic cybersecurity-firm buyouts and partnerships: rising enterprise demand for vendor consolidation. (See Vendor Lock-In: The Bogeyman in the Cloud.)
"IDC cannot help but see an era of increased competition as companies look to consolidate from a potpourri of endpoint security products that they have cobbled together over time to a single solution provider," said Dickson. "Not only is it easier to manage a single vendor but the drive to reduce the number of agents is very, very real."
Gartner vice president Peter Firstbrook similarly related to Security Now his doubt that the above examples necessarily show a trend -- but postulated that if there's not already a trend of larger fish eating smaller endpoint-focused fish, there soon will be.
"We expect more acquisitions and consolidation in the endpoint market," said Firstbrook. "There are too many vendors to survive long term."
It's the data, stupid
Still, it is undeniable that endpoint market drives interest in itself because of how highly prized a target an endpoint is.
"Why the endpoint market? [Because] that is what the attackers are attacking," continued Firstbrook. "They are not compromising networks, except to get to an endpoint."
"The most common method of attack is via the human element, which means that you have to be where the greatest human threat is: the endpoint," Monica White, senior director of marketing and partner enablement at Interset, told Security Now. "And the endpoint has the right data: stored local documents, mapped network drives, applications with access to sensitive information, and more."
Moreover, as Firstbrook would point out, unlike other attack targets, endpoints offer more than one way to skin a cat monetization-wise, beyond mere data compromise -- such as by way of cryptojacking and botnets. Further, he and White agree that yet one more reason endpoints are such attractive targets is because they can be easier to attack -- particularly in the case of legacy endpoint devices. (See Endpoint Security: 3 Big Obstacles to Overcome.)
"Endpoints are difficult to secure because of the scale and complexity," said Firstbrook. "So they are low-hanging fruit for attackers."
"Endpoints offer a greater attack surface, too," offered White. "There are more endpoints available to attackers than servers."
Still, data seems to be the reigning reason why endpoints are so widely targeted and so in need of protection -- whether from data breach or data loss (or, at least, threatened data loss, as in the case of ransomware). White adds, however, that this helps to explains why endpoint-protection firms are similarly valuable to other companies -- likewise because of endpoint data.
"Endpoint-security vendors are a target for acquisitions and partnerships because of the nature of their wheelhouse," said White. "Rich endpoint data can give you a world of insight into your company's security posture."
"[Endpoint-protection] companies are such a hot commodity for direct acquisition or partnerships," added a separate spokesperson for Interset. "This is a huge part of why we partner with folks like CrowdStrike. Rich endpoint data is incredibly valuable."
—Joe Stanganelli is managing director at research and consulting firm Blackwood King LC. In addition to being an attorney and consultant, he has spent several years analyzing and writing about business and technology trends. Follow him on Twitter at @JoeStanganelli.