Few, least of all in IT, would dispute that better technology is generally a good thing. Yet in the case of cybersecurity, burgeoning technology and increased usage has been nothing but a headache.
As devices and functions proliferate so too must the means of securing it, forcing the industry to create firewalls, antivirus, sandboxes, spam filters and, more recently, complex analytics tools to keep track of everything. And with new opportunities, come new companies.
"New capabilities tend to enter the market through new companies," Bob Hansmann, director of product security at the cybersecurity firm Websense. Yet like many of his peers he thinks too many vendors can lead to market fragmentation, with gaps between technologies allowing the crooks to slip through.
So what will the industry do about it?
To build or to buy
Andrew Kellett, principal analyst at research firm Ovum, has seen this all before. "I think that’s been a situation that’s existed for a very long time," he said, describing a permanent cycle of innovation and consolidation.
Like Hansmann, he argued that the security market tends to evolve via start-ups springing up in the wake of new threats. "What tends to happen is the threat marketplace strengthens, and organisations like Intel and their tier-one competitors recognise the value," he said.
This results in the so-called "build or buy" dilemma. When a usurper enters the market, firms can acquire them (in a manner akin to Facebook’s purchase of WhatsApp, a messenger), or they can get to work on their own similar product. The choice is not always clear.
The advantage of buying your own technology is that it is often quicker. Cisco, a networking firm, recently finished absorbing ThreatGRID’s malware analysis and security analytics into its cybersecurity portfolio, a mere seven months after it acquired the firm.
But by building your own tools you can potentially avoid integration headaches, and may not have to lay out as much cash initially. These days you can also leverage significant open source resources that are maintained by communities of programmers.
As a compromise some firms will even assemble a number of so-called "white label" components from other firms and then rebrand it under their own name, according to Kellett. The process is common in many businesses, with Kellett highlighting how IBM has used the strategy in its security portfolio.
"If you’re looking at an organisation trying to put together an integrated solution for enterprise and they have never developed a malware protection solution they’re not to going write a new on because all the technology they need is out there," he said.
Building the cybersecurity immune system
Asked which strategy was more like to be in vogue over the next year, Raj Samani, VP and EMEA CTO at Intel Security, said he wished he knew. "I think you’ll see a little bit of everything," he added, giving no indication of his own firm’s intentions.
Yet he does highlight "the amount of data firms have to get a handle on" as a particular integration challenge. In that vein, Intel has recently launched the Threat Intelligence Exchange (TIE), and the Data Exchange Layer (DXL), a kind of "immune system" for cybersecurity.
This kind of unified offering can be attractive for customers, who often tire of managing a large portfolio. As Kellett put it: "Why do large enterprises need to work with 12 different security providers when we have all the tools you need?"
Yet he remains optimistic about the fortunes of cybersecurity start-ups. Even as the market consolidates, new problems will arise, new opportunities for start-ups, and new fragmentation. That much at least will not change.