The new endpoint security market: Growing in size and scope

Venture capital investments in cybersecurity companies are aggressive these days, but yesterday’s news was startling nonetheless. Cylance announced a round of $120 million led by Blackstone Tactical Opportunities. Cylance says the funding will help it expand sales and marketing initiatives and extend its global footprint. 

Prior to the Cylance announcement, CrowdStrike announced a round of $200 million, funded by Accel, General Atlantic, and IVP, and now claims a valuation of more than $3 billion. Like its rival, CrowdStrike says the new funding will go toward sales and marketing, as well as product development.

These two “unicorns” are not alone. Tanium and Cybereason have also enjoyed funding rounds of $100 million, while SentinelOne raised $70 million in a series C round last year. Holy antivirus, Batman!

All this VC investment seems a little crazy at first glance. After all, the entire endpoint security market is somewhere in the $5 billion- to $7 billion-dollar range, and its currently dominated by a cabal of vendors, including Kaspersky Lab, McAfee, Sophos, Symantec, Trend Micro, and Webroot. Given this market reality, it’s fair to ask how the Sand Hill Rd. phat cats can justify this level of investment in a crowded and mature market.

Today’s endpoint security market is transforming

Yup, endpoint security investment is aggressive, but there is some wisdom behind this VC strategy. Today’s endpoint security market no longer looks like the antivirus market circa 2008. Rather, it is transforming rapidly for several reasons:

1. Market consolidation. According to ESG research, 53 percent of enterprise organizations (i.e. 1,000 employees or more) currently has three or more different endpoint security products deployed across its network. (Note: I am an ESG employee.) Each of these products requires its own software agent, its own management portal, and its own care and feeding by security and IT operations staff.  CISOs know that this type of tactical approach is an operations nightmare, so they are actively winnowing down endpoint products and vendors. The future belongs to endpoint security suites, not point tools.  
2. Market expansion. Endpoint security products were usually based upon two basic competences in the past – antivirus protection and network firewalls. Fast forward to 2018, and endpoint security functionality can now include application controls, port controls, browser sandboxing/isolation, deception technology, endpoint detection/response (EDR), HIPS, DLP, etc. Furthermore, many vendors now bundle in managed security services as part of their product suites, providing services options from staff augmentation, to hybrid on-premises/cloud models, to full outsourcing. The result? The endpoint security product pie is getting bigger annually, while endpoint security product vendors can now goose sales through a portfolio of complementary managed services.
3. An endpoint is no longer just a PC. While this transition is moving slowly, enterprise organizations want central command and control and distributed enforcement for PCs, mobile devices, IoT and OT sensors/actuators, etc. This, too, will broaden the endpoint security market.
4. Endpoints can act as the center of the security universe. Endpoint security changes are also being driven by two peripheral trends: 1. Most network traffic is encrypted today, and decrypting packets as they traverse networks can impact network engineering, operations, and throughput. Therefore, endpoints act as termination points for analyzing and filtering network traffic. 2. Endpoints provide extremely rich security telemetry, and now that new endpoint security suites include EDR capabilities, endpoint security can act as the new nexus for security analytics. In other words, endpoint security telemetry may usurp log files as the go-to data source for new types of security analytics.

In summary, new and old endpoint security vendors believe there are many new product and services opportunities that will center on burgeoning use cases for endpoint security. Yes, some of these will be supplemented with network and cloud-based controls, but $100 million funding rounds give startups the financial muscle to acquire and integrate these technologies as needed. 

The endpoint security market is expanding before our eyes, and massive VC investments are the financial equivalent of the expression, “You ain’t seen nothing yet.”  Some of these investments will certainly be swings and misses, but others could literally change the world.