Cyber Security: The Stew Is Stirred
October 12, 2022
Cyber security, in my opinion, is often an oxymoron. Cyber issues go up; cyber vendors’ marketing clicks up a notch. The companies with cyber security issues keeps pace. Who wins this cat-and-mouse ménage a trois? The answer is the back actors and the stakeholders in the cyber security vendors with the best marketing.
Now the game is changing from cyber roulette, which has been mostly unwinnable to digital poker.
Here’s how the new game works if the information in “With Security Revenue Surging, CrowdStrike Wants to Be a Broader Enterprise IT Player” is on the money. I have to keep reminding myself that if there is cheating in competitive fishing, chess, and poker, there might be some Fancy Dancing at the cyber security hoe down.
The write up points out that CrowdStrike, a cyber security vendor, wants to pull a “meta” play; that is, the company’s management team wants to pop up a level. The idea is that cyber security is a platform. The “platform” concept means that other products and services should and will plug into the core system. Think of an oil rig which supports the drill, the pumps, spare parts, and the mess hall. Everyone has to use the mess hall and other essential facilities.
The article says:
Already one of the biggest names in cybersecurity for the past decade, CrowdStrike now aspires to become a more important player in areas within the wider IT landscape such as data observability and IT operations…
Google and Microsoft are outfits which may have to respond to the CrowdStrike “pop up a level” tactic. Google’s full page ads in the dead tree version of the Wall Street Journal and Microsoft’s on-going security laugh parade may not be enough to prevent CrowdStrike from:
- Contacting big companies victimized by lousy security provided by some competitors (Hello, Microsoft client. Did you know….)
- Getting a group of executives hurt in the bonus department by soaring cyber security costs
- Closing deals which automatically cut into both the big competitors’ and the small providers’ deals with these important clients.
The write up cites a mid tier consulting firm as a source of high value “proof” of the CrowdStrike concept. The write up offers this:
IDC figures have shown CrowdStrike in the lead on endpoint security market share, with 12.6% of the market in 2021, compared to 11.2% for Microsoft. CrowdStrike’s growth of 68% in the market last year, however, was surpassed by Microsoft’s growth of nearly 82%, according to the IDC figures.
CrowdStrike’s approach is to pitch a “single agent architecture.” Is this accurate? Sure, it’s marketing, and marketing matters.
Our research suggests that cyber security remains a “reaction” game. Something happens or a new gaffe is exploited, and the cyber security vendors react. The bad actors then move on. The result is that billions in revenue are generated for cyber security vendors who sell solutions after something has been breached.
Is there an end to this weird escalation? Possibly but that would require better engineering from the git go, government regulations for vendors whose solutions are not secure, and stronger enforcement action at the point of distribution. (Yes, ISPs and network providers, I am talking about you.)
Net net: Cyber security will become a market sector to watch. Some darned creative marketing will be on display. Meanwhile as the English majors write copy, the bad actors will be exploiting old and new loopholes.
Stephen E Arnold, October 12, 2022