Five Security Vendors to Keep an Eye On 2010
There are always the obvious leaders in the information security market place that interested observers should keep an eye out for, this is especially true of larger IT vendors that at any moment could drastically change the market by, hmmm I don’t know, buying ISS for example. Of course large vendors like RSA, IBM, McAfee, Symantec, and Cisco aside, there are some very interesting companies to keep an eye out for. Here are five of those companies.
5. Breach Security
Let’s be honest, Breach Security is not the Web Application Firewall (WAF) market leader. Nor will Breach approach that level within the near future. What makes Breach Security a company to watch is the fact that the company largely seems ripe for acquisition. While the company is not the market leader, it is in fact a market contender from a technology perspective. As such if a larger company with a more rounded product suite and better sales channels were to acquire Breach, Breach Security’s technology could rapidly become the market leading solution.
The web application security market is still relatively small, as such the WAF market is really not a five vendor market (Imperva, F5, Citrix, Breach, and Cisco). However, the market has a lot of potential to grow, should larger vendors evangelize the technology as web application attacks continues to grow. This has not gone unnoticed by some of the larger vendors making acquisitions. Of course in terms of Breach, any moves will be dependent on an acquiring companies preference between acquiring a market or creating one. Regardless, expect a big move within the space within a year or two and don’t be surprised if the move involves Breach.
4. Bit9
It is hard to deny that the endpoint application whitelisting story is becoming more than a little bit boring. The technology is sound, the security and compliance benefit is resounding, and the reality is that the technology is not resonating well within the market. Evangelizing whitelist technology is easy, selling whitelist technology is a bit more difficult. As a result Bit9 is still not the endpoint security giant that in many respects it rightly should be. Of course this difficulty is also confounded by market competitors, such as CoreTrace and McAfee through the acquisition of Solidcore, who are also taking a portion of the overall endpoint application whitelisting market.
What separates Bit9 and makes it an extremely interesting company to watch however, is Bit9′s large repository of known application hashes. In order to reduce the amount of leg work necessary to deploy Bit9 technology, Bit9 created a large hash repository of non-malicious applications. This repository and the delivery mechanism for the repository to endpoints is extremely valuable considering the growing market for a list based approach to threat. The combination of the two makes Bit9′s technology highly sought after by larger security vendors, market competitors and a lot of security purist customers. Bit9 currently offers access to that database through portal access that allows users to compare files against the database, while this is useful for investigative purposes it is merely a glimpse and does not allow vendors to leverage the database to it’s fullest extent.
Expect Bit9 to continue to trickle through the security market through partnerships that leverage Bit9 technology. In addition, expect Bit9 or Bit9 like technology to be sought after as by McAfee competitors as McAfee attempts to stake out a market with their Solidcore solution.
3. Qualys
While this list was meant to point out the less obvious companies to watch, it is difficult to ignore a company like Qualys. Qualys has historically leveraged non-security related technology, namely SaaS, to deliver high quality capabilities without a ton of headache. In addition, Qualys makes intelligent business decisions, such as the early integration with Payment Card Industries Data Security Standards (PCI-DSS) to dominate their respective markets.
Philippe Courtot (Chairman and CEO) runs Qualys with a frank no BS approach to business that is quickly becoming the stuff of legend. Regardless, it is difficult to argue that the man is not a visionary and it is clear that Qualys is a tightly run ship with an excellent executive team whose ability to execute is quickly becoming the example for privately owned security vendors.
Qualys will be an interesting company to watch because the company is reaching a size where it makes sense for another firm to either acquire the company or for Qualys to do an Initial Public Offering (IPO) and go public. It many ways this movement is long overdue. In addition, Qualys has largely staked it’s ground in the increasingly commoditized vulnerability management market. Thus, in order to grow, Qualys will be forced to venture into new arenas. Evidence of this can be seen in some of their newer offerings which focus on website malware and GRC.
Expect Qualys to continue to expand their range with a more full product portfolio and partnerships.
2. Mandiant
There is currently a great void when it comes to the realm of a single source for security leadership. While Mandiant may not be able to fully fill that void with their current products and capabilities, it has allowed them to stake out a key role in the market place as leaders in incident response. Mandiant has gained visibility as being a leader in investigative services in extremely difficult to investigate incidents. Their ability to work arm-in-arm with other larger vendors has allowed them to play the middle ground and assert themselves as thought leaders in the incident response realm. These services in tandem with their current product portfolio has allowed Mandiant to play in a realm where other incident response vendors such as Guidance Software and Access Data have struggled, the realm of enterprise IT security.
As of currently the Mandiant product portfolio does not necessarily resonate well within many larger vendors 2010 market strategy, however, as Mandiant continues to assert itself as a leader, the company becomes more of attractive to vendors who have a large product portfolio but lack thought leadership notoriety. In addition, as incidents continue to be inevitable, the market will likely shift more towards Mandiant’s product approach of assisting enterprises in handling incidents. This of course will increase Mandiant’s profitability and make it a target for acquisition. In 2010 however, expect Mandiant to continue to stake out security leadership through incident response, and highly interesting partnerships such as the already existing partnership with Bit9.
1. NetWitness
To be frank about it, NetWitness currently has the holy grail of security solutions. Ok wait, before anyone goes tearing apart this website in anger at that statement please continue reading. NetWitness does not possess the end all for security technology, however, consider the innovations in security technology over the past five years, despite all innovations 99% of information technology defense is dependent on firewalls, IPS, gateway antivirus, and endpoint security technology. In some more advanced cases there is likely an intermixing of web content filtering, ADS, and DLP solutions as well. Now consider what Netwitness offers in the context of these environments, NetWitness offers the technology that serves as the mortar between all of these technologies.
Netwitness’ unique technology allows organizations to review their network traffic with full packet captures. NetWitness then combines that basic capability with geolocation integrations, threat feed integrations with organizations such as SANS, SRI, and Shadowserver in order to deliver a product that upon discovery four years ago, my counterpart on my government incident response team described only as, “nasty.” This of course is not to mention that NetWitness integrates with industry leading technology such as the IBM SiteProtector IPS management system to make searching all of this data easier for security professionals. All that said, the underlying reason NetWitness is such an interesting company is because they have taken all of the capabili ties that security professionals have been wishing they had and scaled it to large enterprises.
In addition, NetWitness is a magnet for talented security professionals, especially those with US Government security experience, having hired such notable characters as Amit Yoran and Shawn Carpenter. Given the overall diaspora that has occurred within the security marketplace the collection of highly visible talent such as this is nothing less than eye opening. There is little doubt that this has lent itself to the consistent growth numbers posted by NetWitness.
Given these characteristics one can expect NetWitness to continue growing rapidly and/or be acquired for a large sum over the next three to five years (if not sooner).
(Honorable Mention)
Rapid7
Rapid7 is competing in a Qualys world, which most certainly is not easy. The company, which is currently focused almost entirely on vulnerability management, is staking out new ground in an increasingly commoditized market. This is a hard fought battle to stake out competitive differentiation against existent market leaders Qualys and nCircle as well as other market competitors such as eEye, McAfee, and Tenable who all have relatively large market shares.
Rapid7 was able to generate some market momentum with the recent acquisition of the Metasploit project. The commercial offering of Metasploit has allowed Rapid7 to explor some new venues for profit, however, what really makes Rapid7 interesting is their approach to the market. As of currently Rapid7 plays host to vulnerability assessment products, penetration testing products, and professional services, these basic lines of solutions are the foundation for other successful models that attracted highly talented security professionals in the past. With names like H.D. Moore, Rapid7 is poised to gain further market momentum and offer a somewhat attractive hub for more talent. Of course this road is not without several speed bumps.
Expect Rapid7 to continue a highly visible marketing agenda that within a year has already included the release of a freeware vulnerability scanner and the acquisition of Metasploit. In addition expect Rapid7 to carve out a better foothold in the vulnerability management market as other competitors continue to slide.