Mark Robinson, president of Findlay, Ohio-based CentraComm, is one of dozens of channel veterans who attends the RSA Conference every year and has watched the security industry's largest annual gathering grow substantially in recent years. Robinson and others recall having to sprint to meet colleagues from one side of the mammoth Moscone Convention Center in San Francisco to the other. The trade show floor grew so large in 2014 that it was separated into two packed halls at the venue.
Understanding contextually how emerging security startups can fit into the portfolio has become an increasingly difficult job, Robinson told CRN in a recent interview. Large, established security vendors are becoming more collaborative in their approach with the rest of the security industry, but there are no immediately clear technology relationships with some of the latest startups, he said.
"This space is so crowded and organizations have so much on their plates, that having someone partner with them on figuring this stuff out makes people appreciate what we do for them," Robinson said. "At the end of the day, we provide a strong and reliable service and they solve their problems the most efficient and cost-effective way."
[Related: Top 10 Security Vendors To Watch In 2015]
The security market is moving in multiple directions with many startups adding detection and some form of automated response to their initial offerings. Emerging vendors with products designed to prevent system compromise are still proving their worth, said Rick Holland, principal analyst at Forrester Research. Startups that integrate security analytics with monitoring and alerting are adding containment and mitigation capabilities, Holland said. The integrated offerings span both networking and endpoint systems, he said.
"The prevention solutions must prove that they can run at scale without disrupting legitimate user activity. They are so new that they haven't built that level of credibility yet," Holland said. "In 2015, the solutions that only provide visibility only must add containment and response. It isn't enough to observe something bad; you have to do something about it."
Networking vendors are moving to the endpoint. Check Point already has endpoint security capabilities. Palo Alto Networks acquired Cyvera to extend its reach into endpoint systems, introducing Traps Advanced Endpoint Protection in October. FireEye is extending its threat prevention platform to the endpoint.
Meanwhile, the market includes dozens of startups. Confer, CounterTack, Cybereason and Cylance are competing to provide threat intelligence and advanced threat detection capabilities. Tanium is building out an IT management platform with capabilities that could appeal to system administrators and security incident responders. Vectra Networks sits on a network span port to identify signs of attack activity in progress. Cyphort aims at providing incident responders with alerts containing contextual intelligence for a speedier containment and removal of threats.
Solution providers in the channel need to determine if emerging security technologies would reduce operational friction within their clients' environments. An evaluation also must determine if the customer can use and maintain the technology with limited skills and IT staff, Holland said.
Next: Evaluating Emerging Security Technologies