Cybersecurity Industry News Roundup, Week of February 1, 2016

FireEye remains aggressive, Norse implodes, and cybersecurity Symantec top the week’s events

Just five weeks into 2016 and it’s already been a busy year for the cybersecurity industry. Here are just a few highlights so far:

FireEye goes on a shopping spree

Ignoring Wall Street’s trepidation, FireEye continues to remain aggressive on the acquisition front by grabbing iSight Partners and Invotas. With the addition of these two companies, FireEye can claim leadership in: 

  • Threat intelligence. FireEye/Mandiant was already strong in this area, and with the addition of iSight, FireEye becomes the instant market leader. FireEye already had a different view of threat intelligence, pivoting from cyber-adversaries (i.e. threat actors, TTPs, etc.) into the enterprise. With this perspective, FireEye believes it can help customers anticipate attacks and become more proactive with prevention, detection, and response. By adding iSight, FireEye attains a broader view of the threat landscape that can be integrated into its products and used to create a variety of threat intelligence services for enterprise and mid-market customers. Oh, and let’s not forget that FireEye picks up a few hundred cybersecurity experts in the deal, which is especially important given the acute global cybersecurity skills shortage. This will certainly boost FireEye’s services presence and revenue.
  • The Integrated Cybersecurity Orchestration Platform (ICOP) market. Invotas sells a market-leading ICOPs solution that helps organizations streamline incident response operations and automate remediation tasks. Just about every enterprise organization needs these IR capabilities, and since it doesn’t make sense for them to write their own software, the ICOPs market is poised to be a big deal in 2016. With Invotas in hand, FireEye becomes an instant player and can now address 4 of 5 areas I call out in my IR “fab 5” concept. 

You’ve gotta admit that FireEye's CEO has a lot of chutzpah. Dave is on a mission to create a new type of cybersecurity company and is willing to march down this path with or without the millennials on Wall Street’s support. Invotas and iSight are bold moves that have the potential to make FireEye a multi-billion cybersecurity vendor over time.

No more Norse

Speaking of threat intelligence, old friend Brian Krebs posted a recent blog claiming that Norse was terminating operations and possibly offloading its assets to network device manufacturer SolarFlare. Personally, I am sad to hear this news, as I’ve worked with the Norse team and believe that it did offer useful and unique threat intelligence. 

Unfortunately, it’s difficult for CISOs to really determine which commercial threat intelligence is of high quality and valuable and which is nothing more than open source with a pretty GUI. According to ESG research, 72% of cybersecurity professionals believe that at least 50% of all commercial threat intelligence feeds are redundant with each other (note: I am an ESG employee). Furthermore, 26% of enterprise organizations claim that it is extremely difficult to determine the quality and efficacy of each individual threat intelligence feed. 

Amidst this threat intelligence market confusion, Norse’s value was lost on many organizations, which ultimately led to its demise. Nevertheless, there is value in Norse’s assets that deserves a new home. Rather than get sidetracked with threat intelligence, SolarFlare should reach out to firms like Check Point, Cisco, FireEye, Fortinet, IBM, Palo Alto Networks, and Symantec with the resources to turn Norse’s loss into a market win.

Symantec Unchained

Okay, it’s been a long and sometimes painful journey, but Symantec and Veritas have finally completed their divorce proceedings. Now Symantec must reinvent itself as a cybersecurity market leader as soon as possible. To do so, it needs strong market visibility, thought leadership, and an aggressive acquisition strategy to fill product holes. For starters, Symantec may look to add a leading SIEM player (AlienVault or LogRhythm), a next-generation endpoint vendor (Cylance, Hexis, Invincea, or SentinelOne), and an ICOPs innovator (CyberSponse, Hexadite, Phantom Cyber, or Resilient Systems).

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.