CounterTack CEO Predicts Consolidation, Move To Platform Play In Exploding Endpoint Security Market

How To Capitalize On Endpoint Security

The endpoint security market has exploded over the past few years. One company hoping to ride that wave is CounterTack, a Waltham, Mass.-based endpoint detection and response startup. The company landed $10 million in funding last fall. CEO Neal Creighton said CounterTack is taking a different approach to the crowded endpoint security market, looking to raise smaller, more methodical funding rounds, focus on partnerships to expand globally, and move toward the creation of a full endpoint security platform.

In an interview with CRN, Creighton talked about where he sees the market for endpoint security headed, predicting big changes to come in the vendor landscape over the next year or two.

Do you find it's becoming harder to raise money as the endpoint market becomes more crowded?

We've never had issues raising money. ... I think if you're going to go out and raise $100 million on low revenue and have a plan to put a lot of feet on the street, it may be a lot harder now. Last year we saw some pretty large raises and we might see a few more of those get pulled off, but those are betting far into the future. We've been more milestone-focused so we'll raise more moderate amounts – we'll raise $9 million, $10 million or $20 million and it really is based on our progress and partnerships and leverage. I think at the level we're deciding to target and do our raises via milestones, there's plenty of capital for that progress. I do think you are going to see a lot less $100 million raises for early stage companies. ... I think the market is changing in that capacity, but that has never been our strategy. ... For what we've been doing and targeting and hitting our milestones and trying to raise capital as it makes sense and not in large chunks, there's still plenty of capital for our company.

Do you think it will be harder for a startup to raise money in the months and years to come?

I think it will be hard to see another early stage startup. I think these things come in waves. I think the endpoint wave started five years ago. We started focusing on endpoint – people said, 'Why would you want to get into endpoint because it's all about network?' But, the network wave was already played out… The wave is moving. If I were starting a security vendor today, I would be looking at the next trend. I think the players and the winners in this space are already out there, and I think the established players are going to build or acquire something in this area. But, the group is already established. The question now becomes: Who are the winners in the group? I don't think there will be many new entrants as far as raising large, $100 million rounds. Maybe in other spaces [we will see that], but in this space we have enough participants to revolutionize the space. ... We're planning to be one of those [winners] and our strategy is a bit different than everyone else's. We're much more milestone-based and more grounded and we want to leverage our company and work with other partners and channel partners and not necessarily have the high cost of the other companies that are in the space.

Do you expect to see a lot of consolidation in the next few months in the endpoint security market?

In the next 24 to 36 months, for sure there will be consolidation in the space. I think a lot of it will play out over the next three years. It's hard to consolidate right now because valuations are so high on a lot of the companies and expectations are so high and their revenue's not quite what those expectations should be. Then, you're also thinking that if you're sitting back you might get a higher valuation or be able to see how the market plays out a little better. I think it has to play out over the next 36 months. I think during that time frame it will be safe to say that the consolidation will happen, the smoke will clear and we will have a clear picture. I don't see it happening in the next few months.

Do you feel increased pressure in the endpoint detection and response market from the bigger, legacy companies? Or is it primarily startups?

On the endpoint detection and response side, it is mainly still [competition from] the Crowdstrikes and Carbon Blacks of the world. But, I think the big guys have been attracted to this market, but this is really moving into a platform play. I think at the end of the day enterprises aren't going to want to have all kinds of agents on their endpoints. … We're adding preventative capabilities to our solution as well. ... In the last month and a half or so, you've seen companies like Trend Micro add in machine learning into their platform for prevention. … Symantec just did the same. Sophos just added something as well. They're starting to react first on the prevention side and I think they will go after companies who are claiming to do anti-virus replacement because that's their core market. I think then they will have to add on the [endpoint detection and response] piece, as well. We're not seeing that yet and we're trying to go the other way. But, at the end of the day, I think we're moving to an endpoint platform play where providers have to have prevention, detection and response built into one platform.

How is CounterTack moving to be more of a platform versus a straight endpoint detection and response player?

A little over a year ago, we did an acquisition of the HPGary business, which was a very well-known unit inside Mantech. Within that technology they had something called Digital DNA, which is really about binary behaviors that are present in malware. It's a really cool technology -- behavioral technology -- that we're embedding into our platform to be able to make predictions about malware, not just with signatures but be able to look at behavioral components of it. You're going to see that fairly soon all combined, which gives us a complete story around prevention, detection and response… We will probably still be acquisitive, but we have all the tools to put the platform together. ... We are moving in that direction. I think some of the people in next-gen prevention, they have a longer road to get to detection and response because those platforms are harder to build. I think we built the hardest thing first and moving the other way.

What other trends are you seeing in the endpoint security market?

If you look at the customer today, they are being barraged by all these different solutions that solve one piece of the puzzle. I think people are getting concerned about how many agents need to run on an endpoint. I think the trend – the overarching trend of endpoint -- is the platform. … I think the trend is everyone is thinking about that and how do we move to a platform approach so when I install my technology at a bank, for example, they can remove four or five other things. That's where we're headed. The holy grail is being able to remove your anti-virus too, but I think that's the last piece that will go. No matter how hard the next-generation prevention players have tried, they have been successful running underneath anti-virus but they haven't been at large scale able to replace [anti-virus]. I think that will happen too, but I think before that other things will move out -- [including] DLP, SIEM -- and [they will] have next-generation prevention under AV and then they will remove AV. That's really the trend: get everything down into one platform, one agent that does everything.

If that platform approach is the future – does that mean only the biggest security companies will ultimately win out?

The bigger guys will try to consolidate or acquire or build. … They will have to get more acquisitive. I think Symantec probably will be first and then McAfee, now that it's spun out, will start to this year… I think there's time for a couple big winners in this space. I think you will see a couple large security companies created through timing, where they will get enough of a platform together where they can even be more successful than the existing incumbents. Then, I think you'll see the existing incumbents slog through it and stay competitive through building or buying but maybe with less power than they had before this all happened. It's hard to see with a crystal ball, but I do think there's another time window in the next 36 months where the largest guys will either build or buy and the smaller guys will have the opportunity to build out their platform to the point where they have enough critical mass to be able to stop them. It's all about timing.

The market is pretty competitive in the endpoint detection and response space – how is your go-to-market approach different?

I think there's an overarching story about us in that we're not trying to get into the heavy direct sales game that a lot of our competitors are raising tons of money to do. If you look at the overall market, it will be interesting to see where it is 24 to 36 months from now because people have raised lots of capital and I think their revenue is lagging those valuations. They will have to grow and their basic strategy is to put as many feet on the street as they can. We don’t want to get into that game. We think we can be more capital-efficient and more leveraged if we go after partners. That's true all over the world. We can also leverage our technology through existing security companies. … In Asia-PAC, which is an extremely important market, it just seems like we got the lead because we got there first. We're taking advantage of that by not trying to put feet on the street ourselves, but by taking advantage of existing companies that already have feet on the street that need the technology and want to distribute it. We have a first-mover advantage. I do think that is a unique part of our story in a very big region of the world and we're trying to invest behind that.

Talk about your recent round of funding – what will that be put toward?

This is more a tactical funding. We have our relationship in Singapore with EDBI, which is the sovereign fund of Singapore. They're an investor in the company and they came in probably … maybe 18 months to two years ago. We set up a presence in Singapore, which is a great area of operations for Asia PAC but also a highly important area for data centers and things like that. We teamed up there and we teamed up with Singtel. … We have gone to market together. … We are getting great pick-up there and lots of activity. Lots of activity in South Korea, too. … Our government business is also picking up quite a bit. … We should have more announcements in federal as we go into next year. We have some major initiatives going on there that we're supporting. That really was the use around these funds. You will probably see us raise more money in the future, but this was just to take advantage of unique opportunities we have at the moment.

Other than federal, will any of the funding be put toward the U.S. market or the channel?

We put a heavy focus on the U.S. market already. We're very channel-focused. For example, Trustwave, we're focusing really hard on them as a distribution partner and continuing to focus on our channel leverage. We're certainly selling direct in North America, but we are focusing really heavy on channel partners like Trustwave. We have announced some product licensing deals. We have some fairly unique technology and it's a mutually beneficial relationship where we're going after customers that other people have reached through their technology. We announced something with Digital Guardian and we have about four more of those that we haven't announced with some large companies. I think you will see a couple of really big announcements at RSA with some very large companies that are distributing our product. … We are trying to leverage ourselves pretty heavily through North America and the world through these types of relationships.

What's the next big goal for CounterTack?

We have goals in Asia-PAC and we've exceeded those goals and we are setting pretty aggressive goals on customer acquisition. We have that around the world. The other one is to enable our partners. It is very important to us to get our partners successful and ready to go. If you look at someone like Trustwave, they have a very strong presence around the world and we have to enable all those places to offer our services. We have a lot of milestones around enabling our partners to make sure the technology is there for their customer base. That's easier said than done. That's a process and everything else follows from there. At RSA we will be announcing partnerships. We signed up some really good partnerships that I think brings our technology to other platforms. We have very important goals about how much penetration we're going to get on their customer base. It doesn't take a lot because some of these guys have a massive customer base and if you look at our technology when it's embedded in their platform, whenever it's enabled we're getting paid. ... The story itself is pretty incredible and we're working hard to make sure everything is available to their customers.