If you are CISO or IT executive of any level of organization of any size, you really have a tough problem on hand. The consistent thread across any surveys done globally or region-wise is that IT security is the number one priority for CISOs. If they get IT security wrong, they can literally ruin their company and it could be the end of the business in many cases.
But many security companies have a new ‘detection is more important than prevention’ GTM. Doesn’t it confuse CSOs more?
First of all, it’s not true. It is equivalent to saying that it is not important for an intruder to enter the bank. The only important thing is detecting their action when they get in there. It just makes no logical sense. The truth is that sometimes tech companies get excited about the latest things and some pretend to win the innovation game with a renewed pitch. A responsible security strategy should be complete, work as a system and it should be simple. Prevent as much as possible and if the sophisticated hacker gets in, detect it extremely fast. But it should be executed across multiple parts of security infra.
Most major vendors, particularly over the past couple of decades, were good in either network or endpoint security. Symantec, Trend Micro, McAfee were good at endpoint but they never did network security. On the other side, vendors like Palo Alto Networks, Cisco, Fortinet were good at network security but they have little or no endpoint expertise. Cybercriminals today are very effective in finding gaps between each other because the products do talk to each other.
Sophos is leading both the portfolio across end-point and network. The independent silos meaningfully talk to each other and catch threats (if any) quicker through Sophos synchronized security concept.IT security was earlier like security guards inside and outside the building. For the first time ever we have given walkie talkies to them (outside (endpoint) and inside (network) to actively talk to each other.
SonicWALL, McAfee became independent entities this year while Symantec swelled with Blue Coat, Dell with RSA as few examples. Aren’t we over with M&A in security world?
Security is one of the few markets in all IT that hasn’t seen a dramatic amount of consolidation in last two decades. Security is the only technology space where instead of playing tennis against a wall, you are playing tennis against millions of active participants on the other side of the net. It’s different than just building a good database or a great web application for the customer. However, cybercriminal has an eye on that database every single day.
In Cybersecurity market we see a wave of some large companies launching new solutions to combat new-age threats or some small companies with innovative solutions getting acquired. Then a fresh batch of security startups which gets acquired. And this cycle continues to pedal.
Sign up for Computerworld eNewsletters.