“Unless we adopt, universally, a newer paradigm that recognizes that our threat vectors have migrated into a new universe, hacking will continue to escalate to the point that our entire financial and industrial complex will be threatened to extinction.”
He added that vendors “continue to delude customers by urging continued sales of useless products” and are “sowing confusion and creating much harm.”
Dudu Mimran, CTO of Deutsche Telekom Innovation Laboratories (also of the Cyber Security Research Center at Israel’s Ben-Gurion University), said there’s also an oversupply of solutions, which confuses CSOs.
“The current situation with security vendors vs customers is tricky. There is an oversupply where there are dozens of startups and companies providing different solutions based on different concepts for the same problems, which makes the CSOs very confused as for how to build their security stack and concept.
“There is no blueprint approach for enterprise security yet, and that keeps the market stuck. The main security problems that exist do not have yet complete solutions and each vendor in a way solves only 60 to 80% of each problem. This makes it more difficult for CSOs to become confident about their vendor selection strategy.”
The big money industry
Despite this, information security is emerging as a hot area for VCs. Analysts say it was a $75 billion market in 2015 (and expected to grow to $170 billion in 2020), while companies like FireEye, Kaspersky and Symantec have long emerged as household names.
IDC reports that security analytics/SIEM, threat intelligence, mobile security and cloud security are the new areas of interest for investors and this booming market, fueled by a record number of data breaches, has resulted in more security companies going public.
Last June, Rapid7 saw its shares rise 67 percent on the first day of trading on the NASDAQ, while UK-based Sophos raised $125 million on a valuation of $1.6 billion when it went public a month later. At the end of 2015, email security firm Mimecast launched its initial public offering (IPO).
I would say there are good apples and bad apples; some vendors are into doing right thing, but no doubt some vendors are...only focused on sales and pedalling their products.Amar Singh, former CISO at News International and SABMiller
Dell SecureWorks has since joined the NASDAQ, while the Bain Capital-backed Blue Coat was to do the same before selling to Symantec for $4.6 billion.
LogRhythm, Mimecast, Bit9 & Carbon Black are all expected to follow suit in going public, and you can expect many more to come in a thriving market.
Good work behind the scenes
Security providers often get a bad name, for reasons we’ll go into, but the vast majority are doing an enormous amount of good.
Sign up for CIO Asia eNewsletters.