5 Pitfalls For Emerging Endpoint Security Vendors

Industry Observers: Crowded Market Can’t Sustain Itself

More than $1.37 billion in venture capital financing has flowed into cybersecurity startups since 2010, according to VC tracking firm CB Insights. There were major financing deals in 2014 including investments struck with cloud security specialists Skyhigh Networks, Centrify and Ionic Security. IT systems and security management vendor Tanium raised $90 million in its first round of VC funding. CipherCloud received a $50 million Series B round in November. Early stage investments also were made in ThreatStream, Fortscale, Cybereason and others.

Forrester Research analyst Rick Holland is tracking 30 to 40 early stage security vendors. He told CRN that startups need to reduce operational friction and enable teams with limited skills and staff to operationalize the tool effectively. Here are five signs an emerging security vendor may be struggling to compete in a crowded information security market.

Market Too Crowded For Vendor To Sustain Itself

Boulder, Colo.-based security vendor Symplified, which has raised nearly $50 million in VC financing, including raking in $20 million from investors in 2012, quietly shuttered its doors in July. RSA, The Security Division of EMC, acquired the firm’s assets in a fire sale. ’Investors don’t necessarily make the wisest investments when it comes to security,’ said Art Coviello, executive chairman of RSA, in remarks about the security market to reporters this week. There are a lot of factors that go into a security vendor’s success, Coviello said. Experts agree that Symplified was in a crowded market of cloud security brokers that have essentially the same capabilities. Symplified had an issue differentiating itself.

No Pesky Agents Please

Solution providers tell CRN that many of their clients almost immediately stop the conversation about a new security technology if it involves endpoint agents. They fear sluggish performance will hinder worker productivity. Maintaining a presence on endpoint systems is at the core of a variety of emerging security technologies. Forrester’s Holland said agents must be transparent to end users. Organizations typically have several agents on endpoint systems and adding another ’lightweight’ agent could combine with the others to negatively impact systems.

Good Solutions Already Exist

If the vendor can’t identify that there is a real problem and a lack of good solutions that exist it probably will have trouble going to market, said Fengmin Gong, chief architect at Cyphor. Gong, who was founder and chief scientist at Palo Alto Networks, said a startup’s approach must be promising and have the ability to be tailored to an organization’s environment. There also has to be a sense that the vendor has a cohesive team in place agile enough to respond to changing market conditions and evolving security trends, Gong said.

Alerts, Alerts, Alerts

Speaking to incident responders at a conference in Boston last summer, Eugene Spafford, a noted computer security expert and professor of computer science at Purdue University, said far too many emerging security technologies can detect and alert on an infection but don’t have the capability to do anything about it. The alerts could obstruct response by generating warnings that make security analysts investigate low-risk infections and suspicious files that pose little or no threat. There are emerging security vendors introducing agents in an attempt to put more context behind alerts. The technology typically integrates with security information event management systems.

How Does It Scale?

A number of security startups say their solution is designed to scale to tens of thousands of systems, but if it becomes sluggish or is difficult to deploy and manage on thousands of machines, it’s not worth it, according to Forrester’s Holland. Organizations should consider a B- product that easily integrates into the enterprise than an A+ product that requires much more effort to orchestrate and a systems integrator team to deploy it, Holland told CRN.