Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

10:25 AM
Joe Stanganelli
Joe Stanganelli
Joe Stanganelli

Endpoint-Security Companies in High Demand for Buyouts, Partnerships

Since last year, endpoint-protection firms have been among the biggest movers and shakers in the cybersecurity realm – with the endpoint-security market seeing more than a typical share of acquisitions and strategic partnerships. Joe Stanganelli takes a look at why this might be happening.

Endpoint security has become a hot topic of late -- so hot that endpoint-security companies are being courted, partnered with, and purchased left and right. But why?

Take a look at just a sampling of what's happened over the past few months:

In early November, Symantec announced planned acquisitions of Javelin Networks and Appthority, respectively -- both specifically for the purpose of "strengthen[ing]" its endpoint-security stack.

Later that same month, BlackBerry announced that it would be buying out Cylance -- a cybersecurity firm that specializes in machine learning for endpoint protection -- in the hopes of making BlackBerry's own IoT-security platform BlackBerry Spark "indispensable". BlackBerry announced on February 22 that the deal had closed. (See BlackBerry Acquiring Security & AI Firm Cylance for $1.4B.)

In December, it was announced that HCL would be acquiring IBM's BigFix endpoint-security software (among other IBM software solutions) in a deal expected to close in the middle of this year.

Then, on January 31, Dell introduced an endpoint-security product line in partnership with endpoint-security company CrowdStrike and Dell subsidiary SecureWorks.

Five days later, security-analytics firm Interset also announced a partnership with CrowdStrike -- to enhance both companies' respective offerings.

And two days after that, Carbonite announced it was buying Webroot Software Inc. -- with the expressly stated purpose of developing enhanced endpoint-security solutions. That deal is expected to close in March.

"The combined business will address a top vulnerability of businesses -- the endpoint," declares an investor-targeted website dedicated to the planned acquisition. "The combination is expected to create a next-generation business platform powered by machine learning to serve growing customer needs."

Perhaps, as Frank Dickson, IDC's research vice president for cybersecurity products, recently suggested it is all pseudo-coincidence, with the only meaningful trend being that of so-called acqui-hiring -- to mitigate what many call a cybersecurity-talent shortage. Indeed, private-equity firm Thoma Bravohas had a flurry of cybersecurity-company acquisition announcements in the past several months -- even among those companies without a strict focus on endpoint protection. (See Cybersecurity AI: Addressing the 'Artificial' Talent Shortage and Over 300K Cybersecurity Jobs Remain Open in the US, Study Finds.)

In an interview with Security Now, though, Dickson identified another factor driving generic cybersecurity-firm buyouts and partnerships: rising enterprise demand for vendor consolidation. (See Unknown Document 731928.)

"IDC cannot help but see an era of increased competition as companies look to consolidate from a potpourri of endpoint security products that they have cobbled together over time to a single solution provider," said Dickson. "Not only is it easier to manage a single vendor but the drive to reduce the number of agents is very, very real."

Gartner vice president Peter Firstbrook similarly related to Security Now his doubt that the above examples necessarily show a trend -- but postulated that if there's not already a trend of larger fish eating smaller endpoint-focused fish, there soon will be.

"We expect more acquisitions and consolidation in the endpoint market," said Firstbrook. "There are too many vendors to survive long term."

It's the data, stupid
Still, it is undeniable that endpoint market drives interest in itself because of how highly prized a target an endpoint is.

"Why the endpoint market? [Because] that is what the attackers are attacking," continued Firstbrook. "They are not compromising networks, except to get to an endpoint."

"The most common method of attack is via the human element, which means that you have to be where the greatest human threat is: the endpoint," Monica White, senior director of marketing and partner enablement at Interset, told Security Now. "And the endpoint has the right data: stored local documents, mapped network drives, applications with access to sensitive information, and more."

Moreover, as Firstbrook would point out, unlike other attack targets, endpoints offer more than one way to skin a cat monetization-wise, beyond mere data compromise -- such as by way of cryptojacking and botnets. Further, he and White agree that yet one more reason endpoints are such attractive targets is because they can be easier to attack -- particularly in the case of legacy endpoint devices. (See Endpoint Security: 3 Big Obstacles to Overcome.)

"Endpoints are difficult to secure because of the scale and complexity," said Firstbrook. "So they are low-hanging fruit for attackers."

"Endpoints offer a greater attack surface, too," offered White. "There are more endpoints available to attackers than servers."

Still, data seems to be the reigning reason why endpoints are so widely targeted and so in need of protection -- whether from data breach or data loss (or, at least, threatened data loss, as in the case of ransomware). White adds, however, that this helps to explains why endpoint-protection firms are similarly valuable to other companies -- likewise because of endpoint data.

"Endpoint-security vendors are a target for acquisitions and partnerships because of the nature of their wheelhouse," said White. "Rich endpoint data can give you a world of insight into your company's security posture."

"[Endpoint-protection] companies are such a hot commodity for direct acquisition or partnerships," added a separate spokesperson for Interset. "This is a huge part of why we partner with folks like CrowdStrike. Rich endpoint data is incredibly valuable."

Related posts:

—Joe Stanganelli is managing director at research and consulting firm Blackwood King LC. In addition to being an attorney and consultant, he has spent several years analyzing and writing about business and technology trends. Follow him on Twitter at @JoeStanganelli.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-30
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 ve...
PUBLISHED: 2020-09-30
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version ...
PUBLISHED: 2020-09-30
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
PUBLISHED: 2020-09-30
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior version...
PUBLISHED: 2020-09-30
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.