Vendors battle for security endpoint real estate
Endpoint security vendors are battling it out in the war for market share, according to Technology Business Research.
Endpoint security solutions were prominent at the RSA Conference this year, with established and emerging vendors showcasing technologies that protect PCs, Macs and other endpoint devices from various attack vectors.
According to TBR, in order to cover the full spectrum of risks, organisations need to install a number of endpoint security solutions.
"But organisations are reaching the limit in available compute capacity, memory space and even electrical power — collectively called real estate — on their users' endpoints," explains Jane Wright, principal analyst, Security, TBR.
These limitations will motivate established vendors such as Symantec, Trend Micro, Intel Security, Dell and IBM to acquire or more closely integrate new or unique threat management technologies from emerging vendors such as Invincea, Cylance and SentinelOne, Wright says.
"Integrating more endpoint security technologies on less endpoint real estate will not be an easy task, and most companies will require about two years to combine the development, sales and marketing efforts," she explains.
By the RSA Conference 2018, Wright says TBR expects the endpoint security market segment will be far less crowded, with the remaining vendors delivering more comprehensive solutions requiring real estate on endpoints.
Moreover, Wright says customers are increasingly hesitant to run the larger or additional security clients needed to prevent, detect and block all the different threats to their endpoints.
"To address this hesitation, endpoint security vendors at the conference demonstrated a variety of approaches to reduce organisations' need for endpoint real estate," she says.
For example, Symantec showed how its new ATP solution moved some threat analysis and response decisions to an off-endpoint appliance. Intel Security demonstrated its newly streamlined Endpoint Security 10.X (ENS) client. And Webroot emphasised a model that offloads compute cycles to a cloud-based service.
"Customers increasingly expect these types of adaptations to preserve endpoint performance so that users do not rebel and turn off the endpoint security controls altogether," Wright adds.
Meanwhile, the research firms believes a lack of alignment between security solution messaging and business outcomes limits security revenue growth opportunities.
Throughout RSA Conference 2016, most security vendors highlighted the benefits of their solutions in terms of security operations metrics, Wright says.
"These vendors have yet to elevate their conversations to the business outcomes that are important to business decision makers in their customers' organisations, and this lack of engagement at the business level will limit the revenue and revenue growth potential for many vendors," she explains.
According to Wright, TBR visited more than three dozen vendors during the conference, asking their sales and marketing representatives about the business benefits of their security hardware, software or service offerings.
"Most vendors responded in operational terms such as the number of security staff hours saved, faster time to detect a breach or easier compliance reporting. These are all important considerations," she says.
"But when prompted to describe business outcomes enabled by their security solutions, most vendors were unable to associate their solution with the mission statements of their customers.
However, Wright says two vendors adapted their conversations to examples of business outcomes for customers.
"Hewlett Packard Enterprise explained how its security analytics and managed services help its customers transform into a digital enterprise faster, reaping the opportunities and profits from a new style of engaging their end customers, clients and partners.
"Alert Logic described how its cloud-based security controls help customers launch applications more quickly and confidently, deriving business benefits from those applications such as faster time to market, new revenue streams or stronger competitive positions for the customer organization," she explains.
"Security is increasingly a board-level discussion at many companies, with executives from marketing, manufacturing, finance and other departments weighing in on security purchasing decisions," Wright continues.
"Security vendors that can communicate their benefits in terms that resonate with all customer departments — not just the security, IT, workstation, network or compliance departments — will be best-positioned to expand their partnership role in their customers' organisations and increase their share of customers' overall spending," she says.