undefined | Better HN

0 pointsmarcus0x621y ago0 comments

Perhaps I should have been clearer, but especially compared to the rest of the enterprise tech market, security is unusually fragmented. There is no Microsoft or Cisco of the security market in the way those companies dominate the desktop operating system and core networking markets, respectively.

Analysts sometimes refer to the enterprise networking market as "Cisco and the Seven Dwarves". Nobody has ever said that about Symantec (prior to the Broadcom acquisition) or Palo Alto Networks.

It is often the case that in a new security product category, the products are so different, it is hard to collect them together in a single category with a straight face. Example: next generation AV circa 2015-2016. AV was a well-worn product category. All of the legacy products did basically the same thing. More or less at the same time, a bunch of new products came to market that all claimed the mantle of "next generation AV:"

* Bit9 did process whitelisting, later adding Carbon Black for endpoint forensics

* Fire Eye had a proto-EDR solution

* Cylance did ML-based malware detection

* Palo Alto Networks had an exploit-mitigation focused agent that they bolted ML-based malware detection onto.

The industry slowly converged on EDR as the sort-of successor to endpoint AV budgets.

A few years later, the cloud security space was the same fragmented mess. Some were what we now know as CSPM, some were glorified DLP solutions, some container security solutions, etc.

0 comments

FreakLegion1y ago

Microsoft is the Microsoft of the enterprise security market, more or less. They completely dominate email, largely dominate identity, have a plurality if not a majority on endpoint, but don't compete in network.

> The industry slowly converged on EDR as the sort-of successor to endpoint AV budgets.

This was a dedicated effort by CrowdStrike working with analysts back in 2017-2018. EDR capabilities themselves, interestingly, grew out of forensics companies like Guidance Software. HBGary and Mandiant were the early players. FireEye killed Mandiant's EDR off, but HBGary's lives on to some extent today, two or three acquisitions later, at GoSecure.

marcusb1y ago

> Microsoft is the Microsoft of the enterprise security market, more or less. They completely dominate email, largely dominate identity, have a plurality if not a majority on endpoint, but don't compete in network.

The most recent figures I’ve seen are that Microsoft has around 25% of the endpoint market[0], which is a plurality because the market is so fragmented. Proofpoint claims around 24% of the email security market[1].

The only security market you can say they “dominate” is identity, if you ignore the MFA market. AD is, at least, almost everywhere.

> This was a dedicated effort by CrowdStrike working with analysts back in 2017-2018.

That’s one interpretation of events. It’s also completely orthogonal to what I wrote.

0 - https://www.microsoft.com/en-us/security/blog/2024/08/21/mic...

1 - https://www.proofpoint.com/us/blog/email-and-cloud-threats/p...

FreakLegion1y ago

> Proofpoint claims around 24% of the email security market

Proofpoint is the clear number two, but Microsoft always sits behind Proofpoint (and Mimecast, IronPort, etc.). They're also always in front of Abnormal and other API-only options. Every big company has E5 with Defender for Office 365 on their email, and the rest either still have E5 or they have EOP.

> That’s one interpretation of events.

In 2017 EPP and EDR were distinct categories, and CrowdStrike had a big internal initiative (driven top-down by Kurtz, but managed by a PM director under Rod Murchison) to merge them, while Cylance and others that had separate SKUs for each area worked to keep them apart. CrowdStrike was more effective.

I mentioned this because it wasn't just a natural market convergence; B2B companies spend absurd amounts of money with the Gartners and Forresters of the world to align their products with line items in budgets. It's capitalism all the way down.

Not speculating on anything here. I was at or worked closely with all of the companies mentioned in both posts.

marcus0x62OP1y ago

You like to make absolute statements like “always”, but I know of large organizations (Fortune 500) that use Proofpoint, but not Microsoft email security. And in endpoint, there are shops that license defender as part of an EA, but don’t use it - of course, those seats go into the Forrester figures that Microsoft likes to tout.

1 more reply

j / k navigate · click thread line to collapse

0 comments

FreakLegion1y ago

> The industry slowly converged on EDR as the sort-of successor to endpoint AV budgets.

marcusb1y ago

The only security market you can say they “dominate” is identity, if you ignore the MFA market. AD is, at least, almost everywhere.

> This was a dedicated effort by CrowdStrike working with analysts back in 2017-2018.

That’s one interpretation of events. It’s also completely orthogonal to what I wrote.

0 - https://www.microsoft.com/en-us/security/blog/2024/08/21/mic...

1 - https://www.proofpoint.com/us/blog/email-and-cloud-threats/p...

FreakLegion1y ago

> Proofpoint claims around 24% of the email security market

> That’s one interpretation of events.

Not speculating on anything here. I was at or worked closely with all of the companies mentioned in both posts.

marcus0x62OP1y ago

1 more reply

j / k navigate · click thread line to collapse