The increasing complexity of today’s rapidly evolving threats targeting government entities and organizations in every industry vertical have fueled an unprecedented number of mergers and acquisitions in the vendor arena recently.
Analysts believe the increase in M&A activity is expected to further gain momentum in the near future as leading companies continue to make substantial investments in order to improve the breadth and depth of their security solution offerings.
There is widespread interest both within and outside of the security community in this emerging M&A trend, and so James B. Johnson, Tripwire’s CEO, will be participating in a upcoming panel discussion titled Cyber Security Market Forecast & Emerging M&A Trends at the 2014 DC Metro Cyber Security Summit, which takes place on June 5, 2014, at the Sheraton Premiere in Tysons Corner, Virginia.
The panel will examine how many companies are seeking to gain a competitive advantage in today’s tumultuous marketplace by making acquisitions in very specialized security firms and will explore aspects of the complicated M&A process, including corporate strategies, potential financial implications, legal aspects involved, and the challenges behind the secure transition of highly valuable business applications and other intellectual property.
In addition to Johnson, the panel will include Chris Fedde, President of Hexis Cyber Solutions; Cleve Adams, CEO of AirPatrol; and Kevin DeSanto, the Co-Founder & Managing Director at KippsDeSanto & Co., and the session will be moderated by Jason Kaufman, Principal, The Chertoff Group.
Johnson has served as Tripwire’s President and Chief Executive Officer since joining the company in 2004. Prior to that, Johnson spent 27 years at Intel Corporation where he served as Vice President of the Internet Service Operation and as Director of Marketing for the Internet and Communications Group.
He also co-founded and served as General Manager of Intel’s PC Enhancement Division in its retail products group. Johnson holds a B.S. degree in Electrical Engineering from the University of California at Berkeley and an M.S. degree in Computer Science from Stanford University.
Einstein famously said that doing the same thing over and over and expecting a different result is the definition of insanity – and Johnson adds that it’s also a good way to lose your job or market share in the highly competitive and fast paced tech industry.
“The leadership in the security world is changing. The old guard of McAfee, Symantec and RSA are retrenching and somewhat lost in the ‘new threat’ world, and there is a new class of security companies that are working hard to emerge as the next generation security leader,” Johnson said.
“Will it be a network of companies integrating security into its core, or a threat company extending its reach into endpoints, or an endpoint company reaching into the network, or a combination thereof? They are all fair guesses at this point in the game.”
The increase in security M&As is important and worthy of further discussion because there are certainly implications for the security industry as a whole, as well as for the organizations they serve.
“The security landscape is also changing very very rapidly. The offense (bad guys) is moving faster than the defense, and the issue of security is finally moving into the board room,” Johnson said.
“Target’s former CEO six months ago didn’t fully understand the risks present in his IT systems, and it cost him his job. Boards are now demanding answers, and the old way of security is clearly not cutting it.”
Naturally, new leadership in the security sector will emerge, but growing a strong company organically may be too slow to suit the needs of the marketplace, Johnson noted, so the next generation leaders will have to pull all the right elements together and truly integrate them to deliver the right result for the IT shop and the board room – mergers and acquisitions is the most expedient way to accomplish this feat.
“And the next generation CISO must be able to really connect security to the business in order to provide the right level of protection,” Johnson continued. “Yesterday’s solutions simply will not work in this new and increasingly complex world of real-time threats.”
The consolidation trend is not without its risks, as Johnson points out. There have been plenty of larger companies who sought to expand their offerings by swallowing up smaller, more specialized vendors, but they did not realize the full benefits of the acquisitions due to incompatibilities with existing offerings and an an inability to fully integrate the products into one comprehensive solution set.
“Are you more secure using the old-guard’s products? Will a company automatically be better if it acquires or is acquired? Execution here is critical, as not all combinations will be successful, but doing nothing will fail for sure.”
Johnson says the goal should be to bring together all elements of a network so that the security program can operate in real-time with an ability to stay focused on both the systems and the endpoints.
“The critical servers hold the data that the bad guys are after, and the end-points represent possible avenues of compromise,” Johnson said. “The winning solution ultimately will understand and protect those critical servers using the information from threat intelligence, end-points, understanding network flow, and more.”
Johnson says he hopes the attendees at the session will come away with a better understanding of how to make sure they have access to the right types of intelligence that is conditioned in light of their business’s context.
Then, combine that with a deeper understanding of how to apply real-time information while reducing false positives in order to focus the limited yet critical resources available to the company.
“It’s about putting together the right set of technical and business solutions. Today, no one company can do that,” Johnson said. “We live in a world where moving too slow can be more risky than moving too fast, and the problems are too big. Change is a must. The old rules are dead.”
- Attention General Counsel: Do You Know Your DDoS from Your APT?
- The Meaning of Security Hype
- Understanding What Constitutes Your Attack Surface
- Target and the Security Liability Blame Game
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock