In the past year, the Internet security market has seen several high-profile mergers and acquisitions. One company — Blue Coat — has been both the acquirer and the acquired. At the end of 2015, Blue Coat bought Elastica for $280 million, only to find itself scooped up by Symantec nine months later. Another major deal was Raytheon’s acquisition of Websense, which was combined with Raytheon’s Cyber Products group and Stonesoft to form Forcepoint in early 2016.
On the software side, Avast recently announced its takeover of AVG Technologies in a billion-dollar deal, IBM purchased Resilient Systems in April 2016, and two months later Cisco acquired CloudLock, a security vendor specialising in cloud-based services.
All this activity, in a span of a year, raises the question: what’s driving this market consolidation?
Workplace trends are changing the security agenda
One of the primary drivers of change in the market is digital transformation. It would be difficult to overstate the effect transformation is having on every organization’s IT strategy. More and more companies are moving critical business processes and applications to the cloud. Industry heavyweights like Microsoft, Oracle, and SAP are investing massively in their own cloud offerings, and there is a growing market for cloud-only apps, led by trailblazers like Salesforce.
Meanwhile, the volume of Internet-enabled devices continues to grow. Workplace mobility is enabling employees to access corporate resources on networks or cloud-based applications from anywhere in the world and on any device. As a result, employees and data have left the network perimeter that has traditionally safeguarded organisations — and vendors of those traditional safeguards are struggling to cope in this new world of IT.
The threat landscape is evolving, too
Cybercriminals, knowing that users have left the security perimeter and taken their devices and data with them, are looking to exploit gaps in security and catch poorly protected off-network employees. At the same time, cyberattacks are becoming more sophisticated and more targeted. They’re also hiding behind stealth technologies and SSL encryption, or even morphing to evade discovery. These techniques have rendered conventional signature-based detection ineffective, and the security market has developed new techniques for dealing with more advanced, and more persistent, threats. The need for new technologies explains why incumbent market players are trying to expand their security portfolio through acquisition.
Digital transformation says yes to cloud-based security
For years, IT departments have typically deployed a web proxy and a virus scanner to secure their Internet traffic. They often added data loss protection and sandboxing for dealing with advanced threats. Some added SSL inspection, tools for managing bandwidth, and more. What most organizations have ended up with is stacks of disparate appliances that don’t talk to each other and that add cost, complexity, and latency to their networks.
Cloud-based security eliminates complexity by integrating services to provide a complete picture of network activity and threats. It reduces costs, because there is no hardware to buy or maintain. And it provides a better user experience by scanning all traffic, inline, in the cloud. Therefore, it’s not surprising that cloud-based security is growing faster than hardware-based solutions. According to Gartner, while appliance solutions have been growing by six percent a year on average, cloud solutions have been growing by 35 percent on average over the same period.
M&As: an attempt to change with the market
Based on changing user behaviour, the changing threat landscape, and the change from the network-centric to the cloud-enabled enterprise, the shakeup in the cybersecurity market is hardly surprising. Digital transformation is the catalyst for market consolidation and, as a result of their slowing growth, traditional hardware and software providers have become takeover targets.
Enterprises and organizations should be squarely focused on their future strategies as they evaluate security vendors. As more and more business is done in the cloud, it makes sense to place security in the cloud, too. Manual patching, hardware management, and software updates are quickly becoming a thing of the past — as are the boxes themselves.