A spate of acquisitions in the Cloud Security Solutions space has recently taken place. These include BlackBerry’s acquisition of Cylance, a Californian-based, privately-held artificial intelligence and cybersecurity company, Broadcom purchasing the enterprise security business of Symantec Corporation for $10.7 billion, and VMware buying Carbon Black, a company that focuses on securing modern cloud-native workloads. These recent buy-outs reflect how the larger enterprises moving their infrastructures into the cloud. In this article, we take an in-depth look at how these acquisitions are expected to impact the overall Endpoint Detection and Response (EDR) solutions market.

Shift to cloud

The current M&A trend focuses on network-based original equipment manufacturers (OEMs), such as Palo Alto Networks and CISCO, expanding their portfolios through acquisitions rather than trying to reinvent the wheel for security and application cloud-based solutions. Larger companies are not only adjusting to market demands of moving to the cloud, but also to the fact that there is a slow-down in virtual cloud growth.

This means that those infrastructures which service cloud platforms are switching their budgets away from next-generation firewall business, and hardware & application-based network capabilities (i.e. large router refreshes, switches, and core-to-edge firewalls), to different technologies like software-defined network decisions, virtualized environments with container, and container host-based microservices. For example, Blackberry was interested in securing Cylance’s machine learning and AI-type endpoint detection response capabilities as well as its customer base. Broadcom aspires to create an integrated end-to-end platform, whereas VMware is intent on integrating two complementary solutions as a defensive tactic against Palo Alto Networks’ aggressive advancement. Overall, the goal for these acquiring businesses is to obtain solutions that, firstly, integrate well with their existing security operations and network operations approaches and, secondly, provide opportunities to potentially replace several point solutions within the integration to the overall platforms.

Because budgets are being pulled from traditional refreshes and hardware expansions, and being placed to more cloud-based technologies, OEMs are reacting to this slowdown in traditional security spends (especially on firewalls) as enterprises start to migrate into either a public cloud or multi-cloud environment. These technologies tend to be more software-defined and specific to micro-segmentation, which can either sit at a container host level, or in the case of the Ayez environments, on the actual workloads themselves.

Vendors such as CISCO and Palo Alto are desperately trying to augment against this loss of traditional revenue streams. Palo Alto, for example, is concentrating on cloud-focused acquisitions and the release of Prisma, its comprehensive cloud security suite designed to consistently govern access, protect data and secure application. CISCO, on the other hand, released new Application Centric Infrastructure (ACI) animation and Tetration Analytics. Experts feel that much more work needs to be done for CISCO to become more of a lightweight and agile competitor to the more cloud-focused offerings however.

One company that bucked the acquisition trend is CrowdStrike with their IPO in June. CrowdStrike’s technology was one of the first providers of deep analytics, including a more predictive type behavior on attack vectors. The platform itself is fairly standalone, which lends itself to be a little bit less of a pointed tool and more of a provider of total coverage for endpoints, including servers, laptops and endpoint devices in IoT. This is a differentiator for CrowdStrirke and greatly helped the company to build up an avid customer base. Observers believe CrowdStrike’s IPO gives the company a head start over some of the other recent acquisitions as it essentially offers more market stability in the eyes of its customers.

One-stop shop

Industry experts predict that as the acquisitions level out and become more integrated, a pay-off for some of these larger organizations should start with a higher win rate, especially on the VMware side. Consumers are beginning to now look for end-to-end solutions, or a one-stop-shop so to speak. It is unlikely, however, that one vendor will be able to completely provide all of security needs across all environments, incorporating both the traditional environments as well as the microservice, agile environments. Nevertheless, organizations like VMware can now provide these capabilities in virtualized environments across very large enterprise offerings and enterprise environments. What we are seeing today is the market moving into a space that is much more fluid and interoperable with security information management and larger frameworks.

This call was hosted on September 4, 2019, under the title: “(CRWD, PANW): Ongoing Market Consolidation with AVGO/SYMC & VMW/CBLK – Who’s Next? Who Benefits? VAR’s Outlook.”

You can request a replay & transcript of the Hosted Event discussed above, or any of our Hosted Events, by emailing [email protected].

Coleman Research Group, Inc. (“Coleman” or the “Firm”) sponsors events featuring a wide range of speakers (“Guest Speakers”). The opinions, estimates, projections, and views contained in this summary are those of, and exclusively sourced from, the Guest Speakers and are not reviewed or endorsed by the Guest Speakers.  In respect of this summary, Coleman makes no representation or warranty, express or implied, is not providing investment, legal, tax, financial, or accounting advice, and accepts no liability whatsoever. Coleman retains sole discretion as it relates to accessing this information by clients and prospective clients.