The rate of innovation coming out of Silicon Valley is increasing all the time, meaning it can be difficult for even the most far-reaching cybersecurity resellers to keep up with the market.
To offer some insight into what is happening on the west coast, CRN quizzed cybersecurity specialist Momentum Cyber about the trends we can expect to see throughout 2018 and beyond.
Momentum Cyber is the world's first dedicated cybersecurity investment bank, it claims, tracking every acquisition in the industry and advising vendors on their M&A strategy.
The company was started two years ago by managing partner Eric McAlpine, but he says he considers the start of this year to be the company's true founding. The firm rebranded from Momentum Partners in January, with former FireEye CEO Dave DeWalt coming on board as a partner.
Speaking to CRN, McAlpine picked out the key areas and vendors in cybersecurity that he expects to see lift off in 2018.
Managed detection and response
The concept of managed security services (MSS) is not new, in fact McAlpine said that over recent months Momentum has been inundated with calls from the world's largest security firms, seeking advice on how to build out an MSS offering, making boutique MSSPs hot property.
"We have been called by every large IT services vendor on the planet," he said. "Atos, Fujitsu, IBM Global Services, Deloitte, PwC…everyone is eyeing this sector.
"Last year was a record-setting year for cybersecurity in terms of M&A activity, with 178 deals, and 25 of those were MSSP deals. We expect that trend to continue. Everyone is looking at that space."
While some of these deals will likely result in increased competition in the channel, McAlpine said that the growing number of MSSP operations will be beneficial to the channel.
"I think it's going to be an effort that is very channel friendly," he said. "If you look at CDW, Arrow, these guys are now having white-labelled MSSP."
More specifically in the MSS space, Momentum is seeing rapid growth in the managed detection and response (MDR) space.
He said that a growing number of firms are offering MDR as a service, but are able to offer it to SMBs at an affordable price because of their scale.
Momentum is seeing some organisations offer MDR at a ratio of 10 customers to one security specialist, bringing the cost to the customer down to an affordable level, he added.
He picked out Canadian player eSentire as one to watch in this space, along with Phantom and Resilient.
According to Gartner, 15 per cent of organisations will be using MDR by 2020, up from one per cent in 2017. It predicts that 80 per cent of MSSPs will have an MDR offering in their portfolio within three years.
"There's a category called managed defence and response and these are cropping up everywhere," McAlpine said. "Think of it as ADT for your network; someone is monitoring your network 24/7 and they can detect breaches in minutes rather than months, so that's a new flavour of MSSP that is a pretty hot sector.
"There is a company in Canada called eSentire that is killing it. They just had a recap in that they took on investment from a large private equity firm based in New York which bought out the early investors with management. They're going to take it to the next level.
"We're finding that law firms, doctors' offices - medium-sized businesses that have high-valued digital assets such as personal data - have to protect it, and it's very costly. We saw a breach in a Toyota dealership and they went out of business.
"True SMBs have to have an offering that they can afford and these MDR vendors are trying to figure out how to deliver services to protect these small networks.
"Some of them will use off-the-shelf technology, but most of them have developed their own IP and they automate a lot of what's happening in the SOC. The name of the game there is scale - how many customers can we service per analyst, and we're seeing some interesting ratios, in some cases getting 10 to one."
This scale can be achieved by bringing automation into the SOC, McAlpine explained. He highlighted Phantom Cyber and Resilient as vendors to watch in this space.
Palo Alto-based Phantom offers an SOC automation platform, and was incidentally acquired by Splunk just a few days after CRN spoke to McAlpine.
Detection and response vendor Resilient was acquired by IBM in 2016.
The second area McAlpine picked to watch this year is authentication - backing Oracle as a dark horse in the security space.
Oracle acquired Zenedge in mid-February to bolster its cloud security play.
"If you look at what Oracle is doing with their identity SOC, I would really follow those guys," McAlpine said.
"They're becoming very interesting in biosecurity and they recently acquired Zenedge. They brought in Akshay Bhargava, who was a very senior product guy at FireEye.
"A little-known fact about the Oracle cloud offering is that it is developed and sits on the shoulders of the security team. When you think about how important it is to Oracle, it sits squarely on the security team's shoulders - not the product team. They're very identity focused and it's an area about which we see a tremendous amount of inbound queries."
Article continues on next page
Managed services project involving Dounreay nuclear site thought to be worth as much as £15m over five years
In a boon for the channel, shares in UK publicly listed resellers and MSPs are on the rise. Here we count down the five stocks that have performed the best so far this year
Amazon Web Services holds pole position in all territories, Synergy Research Group claims
Comms giant picks up Portsmouth-based Cisco and Apple partner