According to most surveys, vendors and even the odd board of directors, cybersecurity isn’t very secure. HP, which currently holds down sixth place in enterprise security, but believes the time is right to grow its share, has announced new products and a renewed focus to help “accelerate” its security business.
As Sue Barsamian, appointed SVP and GM, HP Enterprise Security Products a month ago, announced at this week’s HP Protect 2015 event to 1,700 security professionals, perimeter security, which accounted for 77% of all security spending last year, isn’t working. The attack surface has increased dramatically, she said, and a new approach is required. “At HP we’re doubling down on analytics.”
As part of Wednesday’s announcements centered on security analytics, the company unveiled:
-HP DNS Malware Analytics, which will be available on September 15, with a one-year subscription starting at $80,000 to analyze up to 5 million DNS packets per day;
-HP Fortify scan analytics, currently available as part of HP Fortify on Demand;
-HP User Behavior Analytics, currently available, with version 1.1 of the solution, UBA Premium, released on August 30 and packaged according to base identities, starting at $250 per identity and decreasing with larger deployments; and,
This week’s announcements – and the new management team led by Barsamian – reflect the shift taking place in the company [generally, and the security business unit specifically], said Eric Schou, Director, Product Marketing, HP ArcSight. He told IT Trends & Analysis that the shift isn’t dramatic, but “we’re seeing some of the fruits with the announcements this week.”
A big part of that shift is the growing importance of Big Data and analysis, which is breathing new life into legacy products like SIEM (security information and event management). Big data is pushing hard on that technology, he said, and SIEM has never been more relevant.
However other vendors are only offering part of the solution, leaving the data science part to their customers, and they don’t have the resources for that, said Schou. HP’s focus is different: “we want to put as much of the data science in the box as possible.”
After five years of selling respected but aging security products, HP intends to regain a larger share of the security market by 2017, under the auspices of the newly formed Hewlett-Packard Enterprise (HPE), blogged Jane Wright, Engagement Manager/Senior Analyst, Technology Business Research, a week ago. Dell will be most impacted by HP’s new maneuvers in the coming year, although IBM is also a prime target for HP’s competitive moves.
‘TBR believes HPE’s renewed security strategy will lift its year-to-year enterprise security revenue growth from its current mid single-digit rate to low double-digit growth in two years. The growth will reduce the distance between HPE and the fifth-largest vendor (Intel, with McAfee) in the enterprise security market, positioning HPE to move into a higher leadership position after 2017.’
The opportunity – i.e. fixing security – is huge, and one of the fastest growing areas (21% year to year) of a shrinking IT market. Unlike worldwide IT spending, originally expected to increase 2.4% to $3.8 trillion in 2015, and now forecast to decline 5.5% to a mere $3.5 trillion, cybersecurity is surging in double-digit growth rates.
A quartet of new reports illustrate the heightened attention security is now getting, at least from a budget perspective:
-the risk analytics market is expected to grow from $13.77 Billion in 2015 to $26.32B by 2020, at an estimated Compound Annual Growth Rate of 13.84%;
-the global perimeter security market is expected to grow from $14.010B in 2015 to $20.25B by 2020, at a CAGR of 7.6%;
-the Identity and access management (IAM) market is estimated to grow from $9.16Bn in 2014 to $18.30B, a CAGR of 14.85%; and,
-the global cybersecurity market will grow from $106.32B in 2015 to $170.21B by 2020, at a CAGR of 9.8%.
A number of other studies indicate why security is getting a lot more respect. A recent survey from Intel found that most organizations believe they are better protected than the facts support. “We believe we have a degree of overconfidence, possibly complacency,” said Raj Samani, EMEA CTO, Intel.
According to a recent survey of more than 500 respondents, including US business executives, law enforcement services, and government agencies, organizations come in three variants when it comes to board alignment: horrendous, adequate, and excellent. Nearly a third, 28%, said their security leaders make no presentations at all to the board, while 26% of CISOs, or their organization’s equivalent, provides an annual presentation to their board of directors, leaving 30% who said their senior security executives stay in regular contact with the board by providing quarterly cybersecurity presentations.
The dynamic threat landscape that faces organizations is growing at a rate unfathomable even 12 months ago, blogged Charlotte Thygesen Poulsen, Associate VP, IDC. Symantec recently noted that it had detected 317 million new pieces of malware created last year – almost one million each day.
How can organizations keep this many attack forms at bay forever? “Security experts need to swallow their professional pride and accept that their organizations are probably already compromised.”
The FBI reports that hackers have funneled $1.2 billion out of companies’ accounts since October 2013. In the first eight months of this year, there has been a 270% increase in identified victims and exposed losses due to business email compromise schemes.
The reality is that we are less secure today than ever before:
-by 2019 cybercrime will cost businesses over $2 trillion, almost four times the estimated cost of breaches in 2015;
-security compromises increased 64% in 2014;
-54% of breaches remain undiscovered for months;
-60% of data is stolen in hours; and,
-100% of companies connect to domains that host malicious files or services.
HP may be focused on growing its security business through acquisitions, R&D, and stealing marketshare from the likes of Dell and IBM, but it appears some subtraction will also be involved. According to a new report, the company is shopping around its network security TippingPoint business, a move that could allow it to drive more focus in its security business around software and big data and analytics. It is reportedly valued between $200 million and $300 million, and was acquired in 2010 as part of the $2.7 billion acquisition of 3Com.
Schou is optimistic about the security BU’s prospects. With the new focus, portfolio and upcoming HP split in November, he said they can take off running, build an identity for HPE and look forward to “some of the best days head. It’s going to be a lot of fun ahead.”