COVID-19 has changed the face of security forever. The perimeter defense model, which had been slowly crumbling, has now been shattered. Employees are working from home, many of them permanently. Applications are shifting to the cloud at an accelerating pace. Enterprise security today is all about secure remote access and protecting cloud-based assets. That means enterprises need to deploy SD-WAN, secure access service edge (SASE) and zero trust network access (ZTNA).
Anyone who ever attended an RSA conference understands that cybersecurity vendors introduce hundreds of amazing, innovative products every year. But C-level execs aren’t looking for the flashiest new point products. Faced with a severe shortage of security professionals and up against rapidly evolving threats, CISOs are looking for strategic partners, advisory services, and vendors that offer broad platforms. They are also gravitating toward managed security services and cloud-based solutions.
With that in mind, here’s our list of 10 security companies (presented in alphabetical order) that have made bold moves in the past year and have taken power positions within the cybersecurity community.
TABLE OF CONTENTS
Why they’re here: Through a series of strategic acquisitions (CloudLock, Viptela, Duo, and Thousand Eyes among the most notable) and its unparalleled ability to integrate new products into its core security and networking platforms, Cisco has staked out a leadership position in emerging security areas such as SD-WAN, zero trust and SASE. Gartner ranks Cisco as a visionary in its endpoint protection rankings, noting Cisco’s SecureX cloud-based service integrates security analytics, threat hunting and threat intelligence in a single view to investigate and respond to threats.
Power moves: In May, Cisco bought Kenna Security, which provides risk-based vulnerability management technology.
By the numbers: Despite Covid-related market and supply chain disruptions, Cisco’s annual security revenue increased 7% year over year to reach $3.3 billion.
Outlook: Eric Parizo, a senior analyst at Omdia, describes Cisco’s security standing this way: “Cisco remains one of the strongest top-tier competitors in enterprise security today, particularly on the network side, but often overlooked are the tremendous strides Cisco has made in cloud security. Its Umbrella cloud-delivered security solution is one of the most popular and fastest-growing offerings in Cisco’s security division. When paired with its other cloud-based offerings including Threat Grid, Stealthwatch Cloud, and Duo, all of which Cisco is integrating with its other security solutions like its firewalls and network access control solutions, Cisco will remain a force to be reckoned with in enterprise security for some time.”
Why they’re here: From its humble roots blocking denial of service attacks, Cloudflare built out one of the largest global content delivery networks and then caught the waves of cloud, mobility, and remote access to become a leader in cloud security. Frost & Sullivan says Cloudflare is an innovator in what it calls holistic web protection (DDoS mitigation, web application firewall, and bot risk management.) And the company isn’t sitting on its laurels, recently announcing an expansion beyond protecting the infrastructure that companies expose to the Internet to now cover internal employees who need to access internet-hosted applications.
Power moves: Purchased S2 Systems, a Seattle-area startup that has built an innovative remote browser isolation solution unlike any other currently in the market. The technology will help protect endpoints from zero day attacks.
By the numbers: With a successful IPO and revenue up 53% for its latest quarter, Cloudflare boasts a market cap of $38.5 billion.
Outlook: Led by founder and CEO Matthew Prince, Cloudflare has a simple and powerful goal: To build a better internet. According to Frost & Sullivan, it is perfectly positioned to take advantage of the growing need for companies to secure websites and web applications. “Cloudflare’s security vision reflects the commitment to securing clients’ infrastructure without performance tradeoffs. Cloudflare is a clear leader with respect to innovation,” adds Frost & Sullivan.
Why they’re here: As the center of gravity for enterprise security has migrated toward cloud-native endpoint and workload protection, threat intelligence and incident response, CrowdStrike has emerged as a leader with its Falcon platform. Gartner says CrowdStrike “has a strong reputation as the single solution for organizations looking to consolidate their endpoint protection and endpoint disaster recovery solutions.” In addition, CrowdStrike’s professional services “are highly rated and popular with customers who don’t have their own SOC/threat hunting teams and those wishing to augment their internal security,” says Gartner.
Power moves: CrowdStrike acquired Preempt Security, a provider of zero-trust and conditional access technology for threat prevention and shelled out $400 million for Humio, a provider of high-performance cloud log management and observability technology.
By the numbers: For the fiscal year-ending January 2021, revenue grew 82% to $874 million. Since its April 2019 IPO, CrowdStrike stock has shot up to around $230 a share, putting the current market cap at $52B.
Outlook: “CrowdStrike began as a threat intelligence vendor and continues to stay out front,” says Forrester, with a strategy that includes expanding cloud, mobile, and vulnerability intelligence practices and continuing to invest in digital reconnaissance. Forrester adds, “Reference customers using CrowdStrike’s Falcon X Elite tier were extremely impressed with the level of service provided by the dedicated intelligence analysts.”
Why they’re here: Fortinet has evolved from a simple firewall vendor to a full-service security powerhouse that is staking out a leadership position in critical areas like SIEM (FortiSIEM), next-generation firewalls (FortiGate), SD-WAN, SASE and zero trust. Fortinet’s ever-expanding Fortinet Security Platform encompasses intrusion detection and response, web security, sandboxing, advanced endpoint, identity/multi-factor authentication, multi-cloud workload protection, cloud application security broker (CASB), browser isolation, and web application firewalling capabilities.
Power moves: In December, Fortinet bought cloud-based IT operations management vendor Panopta. In March, Fortinet snapped up cloud and network security vendor ShieldX and in July Fortinet acquired continuous AppSec testing vendor Sken.ai.
By the numbers: $34 million: The amount that Fortinet paid for Panopta.
Outlook: Under the steady leadership of the brothers Xie (Ken and Michael), Fortinet has separated itself from the pack by designing its own ASICs and attempting, to the extent possible, to build an integrated, optimized security fabric from the ground up. For example, while its competitors bought startup SD-WAN vendors and struggled with integration, Fortinet built its own SD-WAN. The DIY approach can only take you so far, which is why Fortinet has gobbled up vendors who fill in the some of the holes in the company’s portfolio. But the Xies have Fortinet well positioned to take advantage of the shift from the perimeter security model to the new world of remote access, cloud and zero trust.
Why they’re here: With a world-class security operations center, an impressive array of security products, and a fully managed security service, IBM is a leader in enterprise-grade security. IBM’s security portfolio includes the industry leading QRadar SIEM, Guardium data protection and data leak platform, Trusteer fraud protection, X-Force Threat Intelligence, QRadar Network Insights for network detection and response and QRadar Vulnerability Manager.
Power moves: In January, IBM acquired StackRox, a provider of container and Kubernetes-native security software.
By the numbers: According to IBM’s annual data breach report, data breach costs rose from $3.86 million to $4.24 million, the highest average total cost in the 17-year history of the report.
Outlook: The naming convention for IBM security products and services can sometimes be confusing: There’s the QRadar lineup. There’s the X-Force research and threat intelligence capability. There’s the Cloud Pak for Security platform. In March, IBM announced an expanded suite of services called IBM Security Services for Cloud. In any event, IBM security products and services are highly rated, and are aligned well with the company’s broader goal of driving hybrid cloud adoption.
Why they’re here: Mandiant has made a name for itself as the company you call when there’s been a serious breach and you need a team of highly trained experts to come in and lead your intrusion detection and response activities. Over the years, Mandiant expanded its offerings beyond consulting to include SaaS-based security validation, threat intelligence and managed detection and response. In 2013, security hardware vendor FireEye bought Mandiant (founded by Kevin Mandia). The combined company was still named FireEye, with Mandia as CEO. The marriage never really worked, and in June, Mandia announced the terms of the divorce: FireEye was being sold.
Power moves: In this addition by subtraction power move, Mandia steps out from FireEye’s shadow and is able to focus exclusively on its core business in a completely vendor neutral way.
By the numbers: $1.2 billion: The amount that a consortium led by Symphony Technology Group (STG) paid for FireEye’s product portfolio of threat detection tools.
Outlook: According to Forrester analysts Jeff Pollard, Brian Kime, and Joseph Blankenship, “The relationship between the two sides of the business was never equal, and eventually, Mandiant recognized that legacy FireEye solutions were holding it back.” Forrester adds that “Mandiant seems to be in position to continue its forward momentum by streamlining itself. The split will allow Mandiant to capitalize on its intelligence-driven services and grow the managed defense business.”
Why they’re here: Leveraging its massive installed base of Windows, Office, and Active Directory customers, Microsoft has built a security platform that integrates with its software portfolio and extends to its Azure cloud. Microsoft offers endpoint protection, identity and access management, security information and event management (SIEM), threat detection, web application gateways and a variety of Azure-based cloud security services.
By the numbers: $10B: In January, Microsoft said it had generated more than $10 billion in security revenue in the previous 12 months, up more than 40% year over year.
Power moves: Microsoft continues to fill in the gaps in its security portfolio with the recent purchases of RiskIQ and CloudKnox.
Outlook: By embedding Microsoft Defender into Windows, Microsoft is able to get a leg up on third-party security vendors. In the past, competitors could argue that their tools were superior to the security features provided by Microsoft. But that’s no longer the case. For example, Gartner rates Microsoft as a leader in endpoint protection and a visionary for its SIEM product, Azure Sentinel. “Both Defender for Endpoint and the protection engines built into Windows 10 have evolved exponentially throughout the year, along with the addition of new capabilities in each release of Windows to create a holistic set of security layers,” says Gartner. The Microsoft security platform is cloud-based and the company is set up to accommodate organizations moving more of their applications securely to the cloud.
Why they’re here: The largest pure-play security vendor (annual revenue of $4.3 billion, up 25% year-over-year), Palo Alto Networks has been driving innovation ever since it shook up the industry with the first next-generation firewall back in 2007. Today, Palo Alto sports a broad range of cloud-based security products and services. Forrester ranks Palo Alto as a leader in zero trust. And Forrester’s evaluation of endpoint security states that the Palo Alto offering “is the most comprehensive in this study, offering threat prevention, detection, and access controls spanning endpoint, IoT, network, and cloud apps.”
Power moves: In November, Palo Alto Networks announced its intent to acquire attack surface management vendor Expanse for $800 million. In February 2021, Palo Alto Networks bought cloud security company Bridgecrew for around $156 million.
By the numbers: 14: The number of Palo Alto acquisitions over the past four years.
Outlook: Palo Alto stock jumped recently when the company announced that its buying spree was over, at least for the time being. The company plans to continue to integrate recent acquisitions into its product lines and take advantage of the headwinds associated with the increasingly dangerous security environment that enterprises are facing. Jefferies analyst Brent Thill says, “We believe that the leader in network security remains well-positioned to meet customer needs in a hybrid world given its formidable investments in cloud security.” Mizuho analyst Gregg Moskowitz adds that Palo Alto “easily possesses the strongest array of cloud assets among traditional network security vendors.”
Why they’re here: Named a leader in Gartner’s most recent evaluation of SIEM products, Rapid7 has built a wide-ranging portfolio of cloud-native security offerings under the Insight banner. The Rapid7 platform includes threat detection and incident response, vulnerability management, application security, cloud posture management, user behavior analytics, network traffic analysis, logging and reporting.
Power moves: Rapid7 recently purchased threat intelligence startup IntSights for $335 million to provide customers with a unified view into threats, attack surface monitoring, and proactive threat mitigation.
By the numbers: $335 million: The amount of that Rapid7 paid for IntSights.
Outlook: Rapid7 is well positioned for the future. As a cloud-native platform, it is built for today’s hybrid and multi-cloud environments. The company’s strong suits are analytics and automation, two areas that are increasingly important for enterprise security organizations. It offers a managed detection and response service, which can be critical for understaffed and overwhelmed security professionals who are dealing with an increasingly dangerous attack landscape. And Rapid7 is constantly adding new capabilities to its platform. For example, in July the company launched InsightCloudSec, which brings together the cloud and container security capabilities of recent acquisitions DivvyCloud and Alcide.
Why they’re here: Enterprises may start out simply wanting secure remote access to cloud services, but they quickly realized that they need more: a really security cloud access system includes zero trust network access (ZTNA), remote browser isolation (RBI), sandboxing, firewall as a service (FWaaS), data loss prevention (DLP), cloud access security broker (CASB) and other cloud-based security services. In Gartner’s latest analysis of secure web gateways, Zscaler was the only vendor to appear in the leader category.
Power Moves: In May, Zscaler has agreed to buy Smokescreen Technologies, which provides technology to proactively hunt for emerging adversary tactics and uses deception technology to confuse adversaries.
By the numbers: 59.6%: The year-over-year revenue increase for Zscaler in its latest quarter ($110.5M to $176.4M.)
Outlook: Zscaler is in great shape to take full advantage of the trends toward zero trust security, increased remote access by employees and the surge of applications and data to the cloud. Zscaler also positions itself not simply as a cloud-based security vendor, but as a partner to enterprises embarking on their digital transformation journeys.