The view from Silicon Valley

San Francisco-based cybersecurity investment bank Momentum Cyber tells CRN what technology to look out for 2018

The rate of innovation coming out of Silicon Valley is increasing all the time, meaning it can be difficult for even the most far-reaching cybersecurity resellers to keep up with the market.

To offer some insight into what is happening on the west coast, CRN quizzed cybersecurity specialist Momentum Cyber about the trends we can expect to see throughout 2018 and beyond.

Momentum Cyber is the world's first dedicated cybersecurity investment bank, it claims, tracking every acquisition in the industry and advising vendors on their M&A strategy.

The company was started two years ago by managing partner Eric McAlpine, but he says he considers the start of this year to be the company's true founding. The firm rebranded from Momentum Partners in January, with former FireEye CEO Dave DeWalt coming on board as a partner.

Speaking to CRN, McAlpine picked out the key areas and vendors in cybersecurity that he expects to see lift off in 2018.

Managed detection and response

The concept of managed security services (MSS) is not new, in fact McAlpine said that over recent months Momentum has been inundated with calls from the world's largest security firms, seeking advice on how to build out an MSS offering, making boutique MSSPs hot property.

"We have been called by every large IT services vendor on the planet," he said. "Atos, Fujitsu, IBM Global Services, Deloitte, PwC…everyone is eyeing this sector.

"Last year was a record-setting year for cybersecurity in terms of M&A activity, with 178 deals, and 25 of those were MSSP deals. We expect that trend to continue. Everyone is looking at that space."

While some of these deals will likely result in increased competition in the channel, McAlpine said that the growing number of MSSP operations will be beneficial to the channel.

"I think it's going to be an effort that is very channel friendly," he said. "If you look at CDW, Arrow, these guys are now having white-labelled MSSP."

More specifically in the MSS space, Momentum is seeing rapid growth in the managed detection and response (MDR) space.

He said that a growing number of firms are offering MDR as a service, but are able to offer it to SMBs at an affordable price because of their scale.

Momentum is seeing some organisations offer MDR at a ratio of 10 customers to one security specialist, bringing the cost to the customer down to an affordable level, he added.

He picked out Canadian player eSentire as one to watch in this space, along with Phantom and Resilient.

According to Gartner, 15 per cent of organisations will be using MDR by 2020, up from one per cent in 2017. It predicts that 80 per cent of MSSPs will have an MDR offering in their portfolio within three years.

"There's a category called managed defence and response and these are cropping up everywhere," McAlpine said. "Think of it as ADT for your network; someone is monitoring your network 24/7 and they can detect breaches in minutes rather than months, so that's a new flavour of MSSP that is a pretty hot sector.

"There is a company in Canada called eSentire that is killing it. They just had a recap in that they took on investment from a large private equity firm based in New York which bought out the early investors with management. They're going to take it to the next level.

"We're finding that law firms, doctors' offices - medium-sized businesses that have high-valued digital assets such as personal data - have to protect it, and it's very costly. We saw a breach in a Toyota dealership and they went out of business.

"True SMBs have to have an offering that they can afford and these MDR vendors are trying to figure out how to deliver services to protect these small networks.

"Some of them will use off-the-shelf technology, but most of them have developed their own IP and they automate a lot of what's happening in the SOC. The name of the game there is scale - how many customers can we service per analyst, and we're seeing some interesting ratios, in some cases getting 10 to one."

This scale can be achieved by bringing automation into the SOC, McAlpine explained. He highlighted Phantom Cyber and Resilient as vendors to watch in this space.

Palo Alto-based Phantom offers an SOC automation platform, and was incidentally acquired by Splunk just a few days after CRN spoke to McAlpine.

Detection and response vendor Resilient was acquired by IBM in 2016.

Authentication

The second area McAlpine picked to watch this year is authentication - backing Oracle as a dark horse in the security space.

Oracle acquired Zenedge in mid-February to bolster its cloud security play.

"If you look at what Oracle is doing with their identity SOC, I would really follow those guys," McAlpine said.

"They're becoming very interesting in biosecurity and they recently acquired Zenedge. They brought in Akshay Bhargava, who was a very senior product guy at FireEye.

"A little-known fact about the Oracle cloud offering is that it is developed and sits on the shoulders of the security team. When you think about how important it is to Oracle, it sits squarely on the security team's shoulders - not the product team. They're very identity focused and it's an area about which we see a tremendous amount of inbound queries."

Article continues on next page

The view from Silicon Valley

San Francisco-based cybersecurity investment bank Momentum Cyber tells CRN what technology to look out for 2018

Entrants from left field

A wider trend that McAlpine said will increase over the next few years is physical security players moving into the cybersecurity space.

Previously, he explained, physical security companies thrived by protecting our physical assets, but times have changed and our most valuable assets are now tied up in data.

Last year, Momentum advised on a takeover for physical security giant ADT. The firm acquired Datashield and renamed it ADT Cybersecurity, marking its first step into the virtual world.

"We're helping ADT cross over from physical security into cybersecurity, which is a fascinating theme," McAlpine explained.

"Physical security providers have realised that for the last century or so they've been helping protect physical assets. Really now it's the digital assets that people are after, so companies such as ADT are looking to make sure they remain relevant for the next 100 years through acquisitions."

ADT Cybersecurity is focused specifically on offering MDR to SMBs, but is currently operating in North America.

Lack of innovation

But not all vendors are thriving when it comes to innovation.

Legacy vendors, McAlpine said, are finding it increasingly difficult to keep up with the rate of change - hence the record-breaking number of M&A deals completed last year.

McAlpine said that while start-ups are innovating at a rate of knots, Momentum does not see innovation from legacy vendors.

"We don't [see any]," he said. "That's why our company is in business, because we spend so much time helping them acquire. It's just too hard. The cycles are pretty quick and it's very difficult for the large vendors."

While M&A is currently the preferred method of innovation for larger vendors, some don't quite have the freedom to expand at the desired rate.

McAlpine said vendors that choose to go public as a way of raising capital often find that they can't implement their M&A strategies effectively enough.

He highlighted Barracuda as the latest example. Barracuda went public in 2013 but its share price struggled and it was eventually snapped up by Thoma Bravo last November.

"We're now starting to see companies go public and then 12, 16, 24 quarters later go private again," he explained.

"What happened? Well, there is some slowing in growth and innovation and the really smart private equity companies track these companies, and they use a very programmatic M&A team to reposition the company. Look at BlueCoat as an example. You see that a lot.

"McAfee also has a strong M&A programme; they just spent $400m on Skyhigh, a company that had less than $50m in revenue."

One vendor that is having no problems following through with its M&A strategy while remaining public is Proofpoint.

Such is its success that McAlpine chose Proofpoint when asked to name the single vendor to watch in 2018.

Proofpoint's share price has increased sixfold since it listed on the NASDAQ in 2012.

"If you look at the stock price, that company is killing it," he said. "They have acquired 17 companies in the last five or so years.

"They have very wisely used their leadership position in email and broadened the offering. That's a company that I would track very closely in terms of really getting that broadened strategy out there, because their sales guys now have a lot in the bag to sell and it's really working."