The 2014 RSA conference for cyber security vendors and related service providers opens this week in San Francisco to the strongest security and risk market we’ve seen to date. Security publics, in particular recently IPO’ed companies like FireEye and Palo Alto, are riding a wave of investor enthusiasm. Sector M&A volume and multiples are approaching historical highs and VC/PE investment volume is also near its 2007 peak.
The good news is in the bad news, however. At this point, it’s common knowledge that security measures have failed to protect everything from credit cards and Facebook accounts, to websites and classified government data. Simply put, to keep up with breathtakingly rapid changes to our digital lives, the cyber security infrastructures in place today will need to be largely replaced in their entirety over the next five years — and the sooner the better. Security products purchased even two years ago often feel about as up-to-date as the Blackberry you keep in your junk drawer. But these days security is not a luxury, it literally is a matter of success or failure for businesses. For individual consumers, according to a recent Pew study, security remains the primary driver of whether and how much a consumer will transact over the web.
With security on the forefront of everyone’s mind, the eye-popping investment, trading and acquisition multiples that have become commonplace over the last two years make sense, especially when considering the refresh/replace cycle underway in security and risk spending.
Although it is not always clear which vendors will benefit most from the current security wave, one can be sure that many of them will be at the RSA conference this week. RSA remains the premier event for showcasing what is new and innovative in the security and risk industry. RSA events have consistently spotlighted smaller, private security companies that were subsequently snapped up by larger ones. It’s this fact that makes RSA a trendsetter for what is important, as well as hotbed of transactional activity.
So, what are 2014′s trends to notice? Based on research and anecdotal evidence, we think they’re Security Intelligence Platforms (SIPS), Identity Management, Anti-Malware, and Managed and Cloud-Based Security (all detailed below).
Security Intelligence Platforms (SIPs). Gartner Research recently published a report highlighting the mega trend of SIPs. As in business and war, those who know the most the fastest win. Basically, networks, applications and data each require a set of integrated security applications to cover the Prevention, Detection, Defense and Response cycle on a continual basis. Rapidly morphing threats and organizations need a Big Data driven all-seeing eye (viewer) and remediator (doer). Easier said than done…remember the self-defending network? The SIP concept, which consists of many companies each tackling a piece of the challenge, is already used by such stalwarts as IBM, HP and Splunk on the backs of their SIEMs. It’s sure to be a topic of conversation at RSA.
Identity Management. This is not traditional authentication and access, but clever and advanced ways to see and control who does what. It includes exciting new business and consumer authentication approaches. It also relates to fraud detection, which relies on determining identity and associated rights. Finally, identity management touches upon tracking user activity to baseline — this ties into the all-encompassing SIP and is called Identity Access Intelligence.
Anti-Malware. This space remains highly profitable for the big antivirus vendors and is overdue for reformulation. APT technologies are an important aspect of this, as are whitelisting, new behavioral detection and other technologies that improve the ability to recognize morphing and multi-stage threats, to quarantine and block them, and to discover them more quickly after-the-fact. This remains an area rife with innovation.
Managed and Cloud-Based Security. This area is an expansive opportunity. As more organizations move IT to the cloud, they want to do the same with security and analytics, hence the rapidly growing demand for security in the sky.
RSA has always been both a platform for large companies marketing their newest messages, and a coming-out ball for the newest vendors. This year, more than ever, it is also a barometer of how well the industry will do in the coming year to prevent more jaw dropping thefts, attacks and compromises that directly threaten our virtual well-beings.
Managing Director, Security & Risk Investment Banking – Signal Hill
Follow Don More on Twitter: @SecurityBanker