The 10 Biggest Security Stories Of 2017

More Money, More Threats

2017 was a year of crippling challenges, with the emergence of the WannaCry ransomware attack in May affecting more than 200,000 computers in 150 countries and the July data breach of Equifax giving hackers access to personal information on some 143 million customers.

Money continued to flow into the industry to address the proliferating threat vectors, with three major security vendors receiving infusions of private equity, three others successfully debuting as publicly-trading companies, two industry mainstays launching venture funds for security startups, and two of the last independent cloud access security brokers getting scooped up by established vendors.

And a longtime endpoint security player was pulled from federal government networks and Best Buy shelves amid allegations of ties to the Russian government.

Keep on reading to relive the most significant security developments of the past year.

Get more of CRN's 2017 tech year in review.

10. Palo Alto Networks, Symantec Launch Venture Capital Arm For Startups

Two of the most prominent players in the security market – Symantec and Palo Alto Networks – launched programs in 2017 to incubate the next-generation of security startups.

Symantec Ventures debuted in March and will invest in early-stage security startups, with an particularly focus on those in artificial intelligence, analytics, and machine learning, CEO Greg Clark said at the time. The new investment arm will provide not only capital, but also access to the security vendor's extensive threat data, market insights, and integration into the company's Cyber Defense Platform.

Palo Alto Networks, meanwhile, introduced its $20 million fund in June in collaboration with Greylock Partners and Sequoia Capital and will focus on early stage, seed stage and small startups that plan to build applications on the company's new Application Framework. Potential categories for investment include threat intelligence, threat analytics, orchestration, mobile security, and IoT security.

9. ForeScout, Okta And SailPoint File For IPOs

Public offerings continued to be all the rage for security vendors in 2017, with Okta, ForeScout Technologies and SailPoint Technologies turning to the markets to raise more capital.

Okta hit the public market in April at a valuation of $1.5 billion and was looking to raise $187 million to put toward its overall growth, innovation and potentially further acquisitions. Specifically, the company said it wishes to drive new customer growth, deepen customer relationships, expand its international footprint, boost integrations and industry partnerships, and leverage data and analytics.

ForeScout in October filed for its long-awaited IPO, looking to raise $100 million and calling out partners as a key factor in its growth strategy. The company said it plans to use capital from the IPO for general corporate purposes, headcount growth, working capital, sales and marketing, research and development and loan repayment.

SailPoint began trading in November on the New York Stock Exchange, bringing in more than $240 million on a market capitalization of $1.18 billion. The company had been owned by private equity firm Thoma Bravo, which maintained a roughly 60 percent stake in the company following the IPO.

8. FireEye Helps Catch The Person Who Attempted To Hack Their Corporate Network

The person who attacked the personal online accounts of a FireEye employee in July was arrested and taken into custody in October by international law enforcement. FireEye worked with law enforcement and spent hundreds of hours investigating a hacker's July claim that he had breached FireEye's corporate network, CEO Kevin Mandia said in November.

"I am pleased that, in this case, we were able to impose repercussions for the attacker and achieve a small victory for the good guys," Mandia said.

FireEye announced in August that the attacker used credentials for the victim's social media and email accounts exposed in publicly-disclosed third-party breaches to access the employee's personal online accounts. The attacker publicly released three FireEye corporate documents obtained from the victim's personal online accounts, resulting in the disclosure of two customer names.

Yet despite multiple failed attempts, FireEye said the hacker didn't actually breach, compromise or access the company's corporate network.

7. The Standalone Cloud Access Security Broker Continues To Disappear

Two more high-performing cloud access security brokers (CASBs) agreed to be scooped up by major security vendors in 2017.

Forcepoint in February acquired Imperva's CASB division, known as Skyfence, to extend the company's strategy of protecting IP and assets into the cloud. The company plans to integrate Skyfence's technology with its own web security and data loss prevention technologies.

McAfee in November agreed to buy leading CASB Skyhigh Networks to help establish a dominant position in both the endpoint and cloud cybersecurity markets. The joint power of McAfee and Skyhigh will enable customers to modernize their cybersecurity environments while at the same time protecting data as it moves into the cloud, according to McAfee CEO Chris Young.

This was the second consecutive year that major vendors gobbled up CASBs, with Cisco, Oracle and Proofpoint acquiring CloudLock, Palerra and FireLayers, respectively, in the second half of 2016.

6. WannaCry Ransomware Attack Cripples More Than 200,000 Computers

The emergence of the WannaCry ransomware attacks in May affected more than 200,000 computers in some 150 countries, including high-profile targets on the United Kingdom's National Health Service, telecom companies and major corporations like FedEx.

The attacks have involved a demand for a Bitcoin payment equal to $300 to unlock computer systems. Damages from WannaCry could reach $4 billion, cyber-risk analytics platform provider Cyence said at the time.

Managed service providers in the wake of the attacks said they planned to emphasize to customers the importance of proactive security. This approach includes leveraging vulnerability management, patch management, and strong protection technologies in a layered approach to protect the different levels of the environment, partners said.

5. Cylance And Tanium Endure Leadership, Partnership Transitions

Cylance and Tanium both lost some key executives in 2017, with Tanium also ending a relationship with a key OEM partner.

Cylance in April was hit by a round of layoffs mostly impacting the company's sales and marketing departments, sources told CRN, including a few individuals in the company's channel organization. Days later, CRN confirmed the departure CTO Glenn Chisholm – one of Cylance's first employees - from the company, with Head of Worldwide Sales Nicholas Warner exiting two months later.

At Tanium, meanwhile, COO and CFO Eric Brown left the company suddenly in March as the security vendor was reportedly looking to lay the groundwork for an initial public offering. Less than two months later, VMware ended its OEM relationship with Tanium, with sources pointing to the Tanium OEM deal payment structure and challenges around supporting Tanium's complicated technology.

Spokespeople for both companies described the termination of the relationship as a mutual decision.

4. Infusion Of Private Equity Into Security Market Continues Unabated

Both Optiv Security and Barracuda Networks were wooed by private equity in 2017, with KKR & Co. closing its acquisition of Optiv in February to help the company turn its sights to the global security market. KKR agreed to purchase a majority stake in the Denver-based solution provider from the Blackstone Group in December 2016 for an estimated $2 billion.

At least nine VP-level executives left Optiv Security in the first half of 2017, with five announcing new positions at different companies. Sources close to the company told CRN the departures were due to multiple factors, including recent compensation changes for the executive staff and increased pressure to hit higher sales targets.

Meanwhile, private equity titan Thoma Bravo announced in November plans to purchase Barracuda Networks for $1.6 million, just four years after the storage and security vendor filed for an IPO. The deal is expected to close before Barracuda's fiscal year end of Feb. 28, 2018.

3. McAfee Reborn As $2 Billion Pure-Play Security Vendor

McAfee in April closed on its split from Intel, retiring the Intel Security brand and emerging again as a standalone security vendor. The split involved selling a 51 percent stake of McAfee to TPG Capital and was worth $4.2 billion, including $3.1 billion in cash to Intel and a $1.1 billion equity investment by TPG.

The split essentially undid Intel's $7.7 billion acquisition of McAfee in 2010. Chris Young filled the CEO role; he had previously served as senior vice president and general manager of Intel Security. Young told CRN at the time that McAfee plans to expand its portfolio through organic investment and acquisitions.

Sources told CRN in August that McAfee carried out a round of layoffs across the company that included cuts to the firm's channel team. A McAfee spokesperson confirmed the reductions at the time and said they affected less than 10 percent of the company's overall workforce.

2. Kaspersky Lab Removed From GSA Schedule, Best Buy Shelves

Kaspersky Lab's ability to sell to the federal government was severely limited in July when the security vendor was removed from the GSA schedule or the approved list of technology vendors for government departments. The removal came after months of pushback against the Moscow-based company over alleged ties to the Russian government, which Kaspersky Lab has vehemently denied.

The next hit came in September when the Trump administration issued a directive stipulating that civilian agencies remove the company’s software within 90 days. A permanent ban applying to both civilian and military networks was signed by Trump in December.

Solution providers told CRN in September that they are facing increasing questions from customers regarding the extent of Kaspersky's alleged ties to Russia, causing some of them to slow or even halt work with the vendor. Electronics retail giant Best Buy also announced in September that they would no longer sell Kaspersky's consumer security software in their retail stores.

Kaspersky said in November that an initial investigation found its servers received confidential National Security Agency files from an employee's computer but said that had happened as part of an investigation into malicious code on the machine and wasn't a result of collusion with Russia. CEO Eugene Kaspersky ordered that the classified data be deleted from the computer, the company said.

1. Equifax Suffers Massive Data Breach, CEO Departs Company

Equifax in September revealed a huge data breach that impacted 143 million customers of its credit and information services. The breach was first discovered on July 29 and was due to a vulnerability in a U.S. website application, which allowed hackers access to certain files.

The breach included information on names, birth dates, Social Security numbers, addresses, and some drivers license numbers. It also included more than 200,000 credit card numbers and nearly 200,000 other documents with personal identifying information.

Less than three weeks after the breach was revealed, the company announced that CEO Richard Smith would retire. The departure was effective immediately, though Smith remained as an unpaid advisor to the company.

Solution providers said Equifax's handling of the mega breach shows the need to have adequate public relations and breach notification procedures in place. Specifically, partners said incident response needs to include the non-technical, such as legal, regulatory and compliance, executive notifications, and breach notifications to customers.