| INTEGRATIVE INSIGHTS ON EMERGING OPPORTUNITIES |
Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.
hsmith@firstanalysis.com
- We frame and assess the endpoint security landscape, discussing dynamics such as market drivers and the growth outlook, solution trends, hurdles facing next-gen market evolution, positioning of 25 or so private players, and an overview of eight key players. Some of our commentary highlights include:
- Two main approaches. Prevention and detection-plus-response are in our view emerging as two primary next-generation endpoint security approaches. Both paradigms have strengths and weaknesses, and we believe prevention is garnering most interest while detection platforms (including usually greater investigation capacity) may be particularly valuable for resource-richer enterprises.
- Agent consolidation significant issue. The industry-wide move toward greater security consolidation and more strategic buying is also felt on the endpoint. Companies look to simplify their endpoint agents and related management burden toward a smaller number of endpoint solutions featuring the necessary security functions while ensuring user productivity and easier deployment/management.
- Two key adoption factors. Despite fast growth (off a relatively low base), next-gen adoption is still in early innings. We see break-out traction depending on more compliance certification, allowing antivirus budget to be spent on new solutions, and greater familiarity and comfort with new technology approaches (it is a noisy market causing some customer confusion).
TABLE OF CONTENTS
Includes profiles of 8 public and private companies
The next-generation Endpoint Security market
The next-gen landscape: What’s going on?
What’s driving new Endpoint Security solutions?
Who is focusing on the Endpoint opportunity?
Endpoint-Security Primer: What is it and why does it matter?
Company profiles
INTRODUCTION
‘Endpoint security’ refers to directly protecting end-user-accessed, network-connected devices, such as laptops. It is arguably the most valuable and vulnerable segment of an organization’s infrastructure.
While endpoint security has existed for a long time (mainly in the form of antivirus), this report seeks to orient readers about the newer ‘next-generation’ endpoint landscape that is building up and commanding growing attention. Endpoints now require multiple security solutions, not just antivirus. (How many solutions enterprises will tolerate is an important question in this evolving market.) It’s a landscape featuring easily more than 25 private companies and significant associated venture funding, as well as a handful of public security players sporting next-gen endpoint solutions, along with legacy antivirus players seeking to evolve with the market.
We touch on market and technical dynamics, as well as highlight a handful of public and private players that feature next-gen offerings. We aim to supplement over time this door-opening effort with a series of follow-ups that serve as ongoing commentary about what should become an increasingly meaningful security growth area.
Pockets of urgency and a general recognition something must be done. Need for more robust endpoint protection is fairly widely understood. For instance, a late-2015 Promisec survey found that more than two-thirds of 150 C-level IT professionals agree that endpoint protection is their top security concern. More recently (April 2016), a Ponemon Institute survey found 61% of respondents say endpoint security is becoming a more important part of their organizations’ overall IT security strategy.
Pushing the issue to the fore are fundamental dynamics, such as 1) recognition that existing solutions (mainly antivirus), and perimeter-only architectures (firewall-centric), are usually inadequate and/or too system-heavy to form a reliable, lightweight endpoint barrier. At the same time, 2) increasingly sophisticated, ongoing breaches (Yahoo!, the Democratic National Committee, Verizon Enterprise Solutions, and others) pose greater business risk and render overall security posture a more visible board/governance issue.
The still relatively early-stage market is seeing adoption pains, but nonetheless, well-known security reseller Optiv reports that the “vast majority” of its roughly 600 Fortune 1,000 clients feature an endpoint-security refresh as a roadmap key, with an emphasis on advanced threats.
This translates into a pretty attractive market. EMA research pegs the 2016, roughly $800MM next-gen endpoint security market growing to $3B-plus by 2020—an implied 42% CAGR.
Thus, there are at least pockets of endpoint security urgency, and we think there’s underlying recognition that something about endpoint risk exposure must be done. However, we think to a greater degree than its predecessor, first-generation endpoint era, there is significant confusion about the right answer to address the need.