Staying abreast of rapid changes in cybersecurity technologies can give even the most informed and knowledgeable of organizations a run for their money. Optiv (a Top 200 MSSP for 2019) and Momentum Cyber (a cyber focused investment bank and consultancy), have collaborated to help cybersecurity technology buyers and influencers make informed decisions by understanding peer buying behaviors.
The resulting document, their 2019 Security Technology Spend Insights Report, details the top five cybersecurity technology buying trends and key areas to watch that may reflect shifts in organizational strategy and future buying trends. The study’s findings are based on analysis of Optiv’s client data and Momentum’s merger and acquisition (M&A) tracking.
Five cybersecurity technology segments posting a spending increase of 25 percent or more in 2018:
- Identity management
- Vulnerability management
- Email security
- Data protection
- Cloud security
Areas to watch:
- Endpoint security
- Zero trust architecture
- Security awareness training
- Security automation and orchestration
- Serverless and container security
Identity management:
Growth. From 2017 to 2018, spending on IM as a category grew by more than 45%. Privileged access management grew by 25% and Identity and access management grew by over 55%.
M&A. Identity and access management was the most active sector for M&A activity. Buyers completed 28 deals (40% growth from 2017) totaling $6.4 billion in deal value, including Cisco’s acquisition of Duo Security for $2.4 billion.
Vulnerability management:
Growth. From 2017 to 2018, vulnerability management spending grew by more than 30%. This change reflects VM’s increasing importance to security decision-makers.
Risk. Organizations that know their assets and prioritize all related vulnerabilities could prevent risk associated with up to 97%+ of malware and other applications with known risks.
M&A. Tenable completed its initial public offering and raised $251 million. Risk-based vulnerability management vendors Kenna Security and RiskSense raised a $25 million Series C and a $12 million Series B, respectively.
Email security:
Growth. Email is the delivery mechanism for 96% of phishing attacks and 49% of malware that contributed to breaches.From 2017 to 2018, email security spending grew by more than 30%.
Spending. Companies are spending more because they are trying to plug an information gap. They’re buying products, which may be attached to a core solution, that provide greater insights into email security functions or email campaign metrics or that enhance the visibility of drive-by emails.
M&A. Investments in email security increased significantly. Investors deployed $83 million representing 186% growth from 2017. Agari led all vendors by completing a Series E round of $40 million.
Data protection:
Growth. Data protection is increasingly important as organizations move from on-premises data storage to private, public, hybrid and managed cloud. From 2017 to 2018, data protection spending grew by more than 25%.
M&A. Seven M&A deals for data security assets showed deal values remained relatively steady compared to prior years. Notable acquisitions included ID Quantique (encryption) by SK Telecom for $130 million, Spirion (data privacy) by Riverside and File Lock (encryption) by Reason.
Cloud security:
Growth. Currently, the bulk of spending in this segment relates to cloud access security broker solutions, which protect software-as-a-service applications. From 2017 to 2018, spending on cloud security grew by more than 25%.
M&A. Seven cloud security M&A deals were completed (133% year-over-year growth) representing $683 million in total deal value. Notable transactions included Palo Alto Networks’ acquisition of Evident.io for $300 million and RedLock for $173 million, and Check Point Software’s acquisition of Dome9 for $175 million.
Going forward. “As infrastructure becomes more transitory and cloud adoption persists, security programs will continue moving towards a security model that prioritizes identity, least-privilege access and zero trust. This motion enables enterprises to harden security and focus on data and application access rights,” the study reads.