Did you miss a session on the Knowledge Summit? Watch On-Demand Right here.
With SentinelOne asserting plans to accumulate Attivo Networks — coming one week after Google mentioned it has an settlement to purchase Mandiant — a latest prediction from analysis agency Gartner a few new wave of safety business consolidation appears to be proving itself.
On March 7, Gartner recognized vendor consolidation among the many high seven safety and danger administration trends for 2022. “Safety expertise convergence is accelerating, pushed by the necessity to scale back complexity, scale back administration overhead and improve effectiveness,” Gartner mentioned in a information launch.
The very subsequent day, one of many largest safety business acquisitions in latest reminiscence — Google’s $5.4 billion deal to accumulate safety powerhouse Mandiant — was introduced.
And at this time, one other sizable acquisition is coming to mild: AI-driven cybersecurity agency SentinelOne introduced a $616.5 million deal to accumulate id safety agency Attivo Networks, partly to bolster SentinelOne’s Singularity XDR (prolonged detection and response) platform.
What the 2 acquisitions have in frequent is that each seem aimed toward delivering an XDR, or XDR-like, structure to prospects.
Concentrate on XDR
Whereas capabilities can range throughout distributors in XDR, the general idea is to combine and correlate information from quite a few safety instruments — and from throughout various environments — to assist prospects prioritize the most important threats.
Whereas lower than 5% of organizations are utilizing XDR at this time, that’s anticipated to climb to 40% by 2027, based on a latest report from Gartner.
In an interview final week, Gartner’s Peter Firstbrook advised VentureBeat that proper now, “one of many driving components of vendor consolidation is XDR.”
XDR brings a solution to the important thing query of “how do I combine all of the menace intel from all these safety parts I purchased — in order that I can do a correct incident response, and the people could make sense of these alerts in a short time?” mentioned Firstbrook, a analysis vice chairman and analyst at Gartner
In different phrases, XDR permits safety groups to “resolve alerts shortly and transfer on,” he mentioned. “As a result of proper now, most organizations are actually struggling to take care of all their alerts.”
And in the case of XDR-driven consolidation within the safety business, “that is only the start of this development,” Firstbrook mentioned within the interview final week.
Microsoft had reportedly wished to accumulate Mandiant, earlier than Google stepped in, “so perhaps they’ll purchase SecureWorks or Reliaquest or eSentire to jumpstart their program,” he mentioned, referring to a number of distributors within the XDR house.
Google’s strikes
The shift to embracing an XDR-like structure seems to have been among the many components behind Google’s curiosity in Mandiant, in addition to a think about Google’s acquisition of Siemplify in January.
“I really feel this merger between Mandiant and Google Cloud permits us to be the brains behind a lot of these controls that individuals are relying on,” Mandiant CEO Kevin Mandia mentioned throughout a information convention final week. The transfer will convey collectively Mandiant’s menace intelligence and providers with the Google Chronicle safety analytics service and Siemplify, Mandia famous.
Chronicle and Siemplify are all about “interoperability between a ton of different applied sciences — [they] work with each firewall firm, work with all of the endpoint firms, work with logs generated from totally different functions,” he mentioned.
In the meantime, with SentinelOne’s announcement at this time, the concentrate on XDR is much more overt. The acquisition of Attivo, set to shut within the quarter ended July 31, will prolong the capabilities of the Singularity XDR platform “to identity-based threats throughout endpoint, cloud workloads, IoT units, cell and information wherever it resides,” SentinelOne mentioned in a information launch.
Identification menace detection
Notably, one other development highlighted on Gartner’s latest record — id menace detection and response — components closely in SentinelOne’s deliberate acquisition of Attivo as effectively. The time period, coined by Gartner, refers back to the method of going past id authentication to truly detect when id programs have been compromised.
Identification is “the brand new perimeter,” mentioned SentinelOne COO Nicholas Warner in a information launch. And “id menace detection and response is the lacking hyperlink in holistic XDR and 0 belief methods,” Warner mentioned.
As for Google Cloud, the acquisitions are unlikely to cease with Mandiant, Forrester analysts Jeff Pollard and Allie Mellen wrote in a blog post final week. Subsequent up on the acquisition precedence record may be an answer for endpoint detection and response (EDR), the analysts mentioned.
“Provided that GCP (Google Cloud Platform) wants EDR to achieve full possession of the applied sciences that comprise its XDR providing, its subsequent purchasing record doubtless consists of an EDR device,” the analysts wrote within the weblog. “GCP desires to change into a high–tier cybersecurity participant, and its acquisitive actions match its targets.”
Extra broadly, the Mandiant acquisition “could have a serious ripple affect throughout the cybersecurity house as cloud stalwarts Amazon and Microsoft will now be pressured into M&A and additional bulk up its cloud platforms,” wrote Daniel Ives, managing director for fairness analysis at Wedbush Securities, in a observe to buyers final week.
Wedbush believes that cybersecurity distributors together with Varonis, Qualys, Tenable, Rapid7, CyberArk, SailPoint and Ping Identification stand out as candidates for a attainable acquisition, given the “laser focus” these distributors convey on securing cloud workloads in opposition to assaults, Ives wrote.
