Cybersecurity professionals are not looking for a silver bullet. And even if the marketplace was under the delusion that there was such a thing as a cure-all for all of its woes, the level of threats, attacks, vulnerabilities, and incidents feel more like a zombie attack than that of a lone werewolf.
Market consolidation in the form of M&A is usually a precursor to the emergence of a suite of best-in-class architectures, platforms, and products in an IT vertical. Such was the case with artificial intelligence in the technology sector in the 2014-2016 timeframe. If MAMAA (Meta, Apple, Microsoft, Amazon, and Google’s parent company Alphabet) are circling above an innovation, you can definitely count on an active period of competitive merger and acquisition activity. Are the final solutions sometimes a VHS v. Beta tradeoff, Word and Excel functionality scope creep, or some of the unintended security consequences of the open-source software movement? Sure. The market is efficient, not perfect. Let’s start sorting it all out…
$500M by Google for Security Orchestration, Automation, and Response (SOAR) Services Provider Siemplify
Cybersecurity M&A activity got off to a big start yesterday, specifically in the cloud-based and enterprise security subsector. Google Cloud announced the $500 million acquisition yesterday of Israeli-based Siemplify, a startup that specializes in end-to-end security services for enterprises, also known as security orchestration, automation, and response (SOAR) services. This acquisition comes at a time when Google Cloud has committed $10 billion to advance cybersecurity. Siemplify will be part of the Google Cloud Platform by way of Google Chronicle, which was Google X’s oldest moonshot incubation effort that was ported over to Google Cloud in 2019.
Techcrunch captured the value proposition of Siemplify’s SOAR platform in the context of the end-to-end telemetry innovation on which Google Chronicle was designed:
“Chronicle was built as a platform designed for cybersecurity telemetry: specifically tracking the movement of data across all devices and networks, as a way of getting a clue to detecting and stopping breaches. SOAR platforms are the customer-interface element of that activity: they are used by security operations specialists to manage and monitor activity, begin the process of remediation (either automatically or manual), and to log everything to help prevent the same thing from happening in the future. As Google adds more services and automation to woo more customers, adding SOAR capabilities is the logical next step for the company.”
Google Cloud elaborates: “Providing a proven SOAR capability unified with Chronicle’s innovative approach to security analytics is an important step forward in our vision. Building an intuitive, efficient security operations workflow around planet-scale security telemetry will further realize Google Cloud’s vision of a modern threat management stack that empowers customers to go beyond typical security event and information management (SIEM) and extended detection and response (XDR) tooling, enabling better detection and response at the speed and scale of modern environments. We plan to invest in SOAR capabilities with Siemplify’s cloud services as our foundation and the team’s talent leading the way. Our intention is to integrate Siemplify’s capabilities into Chronicle in ways that help enterprises modernize and automate their security operations. ”
$65M by Recorded Future for Attack Surface Intelligence (ASI) Platform SecurityTrails
Back in 2019, Recorded Future was the megadeal of the year when it was acquired in a $780M all-cash deal by private equity firm Insight Partners. As TechCrunch reported at the time, “the acquisition effectively bought out the company’s earlier investors, including Google’s venture arm GV, and In-Q-Tel, the nonprofit venture arm of the U.S. intelligence community.”
Yesterday, Recorded Future announced the $65 million acquisition of Los Angeles-based SecurityTrails, which represents innovation in the attack surface intelligence (ASI) space. This M&A activity is on top of the company’s $20 million Intelligence Fund, designed for seed and Series A investments in cybersecurity startups, specifically data intelligence tools. Yahoo Finance describes SecurityTrail as an “internet inventory startup that collects and banks current and historical domain and IP address data. SecurityTrails collects and maintains vast amounts of current and historical internet records, such as domain name records, registration data, and DNS information, giving organizations visibility into what their threat attack surface is — that is, the networks and servers that are accessible from the wider internet.”
In their announcement of the deal, Recorded Future detailed the company’s plans for integration of the SecurityTrails Attack Surface Intelligence Module into the Recorded Futures stack: “Recorded Future…has acquired SecurityTrails, the Total Internet Inventory™ and leading provider of Attack Surface Monitoring. SecurityTrails’ technology collects hundreds of data points at an internet-wide scale, correlating and normalizing to get a near real-time snapshot as well as a historical view of all assets on the internet at any given time. The resulting intelligence enables organizations to manage both critical assets and shadow infrastructure for a complete understanding of their attack surface.”
“With this acquisition, Recorded Future will be launching its Attack Surface Intelligence Module within the Recorded Future Intelligence Platform. Existing Recorded Future clients will also continue to gain insight from SecurityTrails data in other existing Intelligence Modules, incorporated through the company’s Intelligence Graph, and the company will continue to aggressively invest in SecurityTrails’ Total Internet Inventory™ collection and intelligence capabilities to build out the world’s deepest, real-time dataset of the internet.”
In their announcement of the deal, SecurityTrails Co-Founders Chris Ueland, Courtney Couch, and Fred Madarshahian stated: “Upon acquisition, SecurityTrails will continue to function as a stand-alone platform and operate as an independent unit inside Recorded Future — still equally dedicated to furthering our ability to provide… comprehensive awareness of…internet-facing infrastructure.”
Cybersecurity Innovation: SOAR AND ASI
Source: https://www.gartner.com/en/doc/security-operations
A few notes about Security Orchestration, Automation, and Response (SOAR)
- Activity in the space is moving quickly, and a Gartner Magic Quadrant for the SOAR solution space does not even exist yet, which is telling.
- SOAR is in the early stages of the ‘trough of disillusionment’ on Gartner’s Hype Cycle for Security Operations, 2021
- SOAR platforms include Splunk Technology and Rapid7; Palo Alto Networks and IBM are also in the SOAR game.
- FireEye also contextualizes its solutions in the SOAR framework.
- Crowdstrike integrates Siemplify’s SOAR platform into the Crowdstrike Falcon offering
- Fortinet offers an interesting SOAR v. SEIM breakdown here.
A few notes about Attack Surface Intelligence (ASI)
- ASI is usually grouped with Attack Service Management (ASM).
- External Attack Surface Management (EASM) and Cyber Asset Attack Surface Management (CAASM) are emergent innovations in this space.
- ASI Platforms include RiskIQ, Cyware Labs and the Recorded Future platform contextualized in this post. All three companies were included in The 2020 OODA Cybersecurity Watch List.
Related Reading:
Black Swans and Gray Rhinos
Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis
Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking
The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real-world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking
Corporate Sensemaking: Establishing an Intelligent Enterprise
OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along its journey to optimized intelligence. See: Corporate Sensemaking
Artificial Intelligence Sensemaking: Take advantage of this megatrend for competitive advantage
This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking
COVID-19 Sensemaking: What is next for businesses and governments
From the very beginning of the pandemic, we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily intelligence as well as pointers to reputable information from other sites. See OODA COVID-19 Sensemaking Page.
Space Sensemaking: What does your business need to know now
A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking
Quantum Computing Sensemaking
OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See Quantum Computing Sensemaking.
The OODAcast Video and Podcast Series
In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision-making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast
