CyberCompare Marktkommentar #38: Anthropic vs. Okta et al.; Where will our children work?

Marktkommentar /

Hello everyone,

the share prices of almost all listed security providers are now around 30% below all-time highs/IPOs. The main reason: concerns about further growth, fueled by recent publications by Anthropic on the capabilities of Claude Code Security. The focus was on code scanning (SCA/SAST) and, more broadly, vulnerability management. In other words, the audacious goal of using AI to fabricate not only code, but even secure code. I didn’t even know that Okta or Cloudflare suddenly stand for pronounced vulnerability management. However, they were particularly battered on the day of the press release, along with the rest of the sector. My take:

  • For my arch-reactionary-conservative dusty (in)understanding, the evaluations have long been far exaggerated, a correction not surprising
  • And it is true that scenarios (up to the Citrini Doomsday) are priced in in which fewer “seats” are sold and/or the balance of power changes in such a way that the margins of the SW providers collapse – no matter how low or high, the probability of this happening is not zero. Who knows what the world will look like in 3 years.
  • Somehow, the providers of foundation models and AI chips have to earn money, while the end customers cannot pay as much as they want for the software => The pie is growing slower than the number of uninvited guests at the table. OpenAI, for example, has the goal of making USD 280 billion in sales in 5 years
  • Talk is cheap: Although the CEOs of the affected manufacturers all indignantly claim that they would benefit from AI, none of them buys the shares with their own money at the current oh-so-cheap prices
  • Claude has been proven to be able to find significantly more exploitable vulnerabilities than conventional code scanners by capturing business logic and context . So this is definitely technical progress.

But:

  • Even before LLMs, there was fierce competition, open source alternatives for customers with sufficient capacity + know-how, and many highly capitalized start-ups in the security market
  • Customers pay for reliability in operation and support – which CISO wants to be accused after an incident of using a proven solution instead of reinventing the wheel themselves? Every enterprise sales professional knows: Distribution beats features.
  • The costs of new software development have fallen drastically. But this also applies to the established providers, not only to startups or DevSecOps teams on the customer side. What should stop e.g. Snyk or Aikido from embedding the same functions? There are plenty of LLMs. Example: Cisco has just integrated a security LLM in Splunk , trained on its own data, specifically for mapping to MITRE and recommended Next Action to Take
  • Economies of scale also apply in a world with generative AI: Selling a product to many is more economical than if everyone develops their own products. Cloud solutions are on average more efficient than the on-prem operation of individual customers. I could also put organic chickens in my garden, technologically not a thing. But getting the eggs from the supermarket is more convenient + cheaper (according to the business case ChatGPT created for me)
  • I therefore do not yet see that self-programmed DIY solutions will become a danger for enterprise top dogs such as Crowdstrike, Fortinet, PAN or ServiceNow , and also not for directly affected market leaders in the above-mentioned segments such as Tenable or Qualys. The situation is different for e.g. pure AI Pen Test or Agentic SOC Enhancement newbies without an existing customer base
  • In addition, some security manufacturers in particular are constantly conspicuous by blatant and avoidable vulnerabilities. Hopefully, more thorough vulnerability management through AI tools will help them and us.

By the way, Anthropic itself does not seem to be so convinced of Vibe Coding yet, preferring to rely on Cloudflare and Microsoft Defender , according to its own Trust Center and a report by Vectra . Phew!

“If my family didn’t live here, I would have emigrated long ago.” Quote from a security startup CEO who made me feel caught. Because I’ve had exactly the same thought more than once. If you read the news about job cuts and relocations, you could quickly become depressed:

  • The years of decline in real economic output are having an effect. The Handelsblatt reports that unemployment among computer scientists and engineers in this country is at a 10-year high
  • Where is the prospect of improvement?
  • With the same qualifications, a job in Germany is now more expensive for companies than in Switzerland or Denmark. Neither of these are low-wage locations, and not far away from us
  • The restructuring costs here are three times as high per employee as in the neighbouring countries mentioned above (keyword protection against dismissal). Who wants to take the risk of creating new jobs with us? Ingenious innovations usually require a phase of trial and error. If no one dares to try something new anymore because the risk is too great in the event of failure, then nothing worth mentioning will be invented anymore
  • Cybersecurity as an island of bliss when it comes to job security? Every job that is lost at our company usually means 1-2 fewer devices. At some point, the question arises as to why the IT of German companies must necessarily be managed from Germany, when 80-90% of the IT users are abroad anyway. And once the new CIO is based in Bulgaria, Poland or similar, then the security team will probably also be migrated to the east. Defense as a new boom industry? I’m not sure how many security salesmen Rheinmetall will hire.
  • The high horse on which we galloped through the countryside in the past with a raised index finger and a self-mandated ideological educational mandate has now shrivelled up into an old farm horse that is only tiredly smiled at by the rest of the world. Prosperity through knowledge advantage is not a God-given privilege, but must be worked for continuously. You have to be able to afford parasitic bureaucracy .
  • Can anyone still remember the time when an engineer could earn the same as someone in the USA? It is now normal for good US developers to earnmillions . We don’t have jobs like that at all.
  • Internal calculations by a company I know show that the productivity of French colleagues is now higher than that of Germans. In my parents’ generation, our neighbors in the West were still known and popular for joie de vivre (= red wine for a two-hour lunch and quarterly strikes), not for high efficiency. It is clear: We are living beyond our means
  • It seems to be similar in Austria. While OpenClaw is spreading virulently, inventor Peter Steinberger writes why he is going to OpenAI: “In the US, most people are enthusiastic. In Europe, I am insulted, people shout regulation and responsibility. And if I really build a company here, then I can struggle with issues such as the Investment Protection Act, employee participation and paralyzing labor regulation. At OAI, most people work 6-7 days a week and are paid accordingly. It’s illegal here.”
  • I don’t know what you think about this, feedback welcome – for me the conclusion is: If we don’t want our children to move abroad across the board, the welfare state finally collapses and we rot in a museum village populated by pensioners, then we have to offer them well-paid jobs here. To do this, we need companies that want to invest with us because it pays off for them. Ergo: Please more reason again instead of regulations, prohibitions, administration and taxation.
  • Let’s keep our fingers crossed that we can achieve a European turnaround together. We have the best prerequisites for this: a still very good state education system that is open to everyone. World-class research. A health care system that costs 40% less per capita than the American one. An economic substance that has been eaten up but not used up. A country worth living in (especially near 😉 the coast ). A functioning democracy. Hard-working people who like to work a lot – if it’s worth it for them.

The only M&A headline that has gotten through to me in the last few days: Arctic Wolf buys Sevco (Exposure Mgmt via outside-in scans).

Vendor Call Notes:

Knocknoc:

  • Australian startup (approx. 20 employees) for a special solution: Firewall Management. Roughly in the same playing field as Firemon, Tufin, and the SASE vendors like ZScaler (depending on the use case)
  • Approx. 50 customers, including public authorities, critical infrastructure, pharmaceuticals, some of them in EU + Switzerland
  • Can control not only network FW, but also WAF, host FW or reverse proxy filter rules across
  • Interesting: Access can be activated via the FW on a user- and application-specific basis as well as for a limited time, but is not routed via the instance of Knocknoc. In other words, it reduces exposure on the network layer.
  • Also works for access from unmanaged devices
  • This then allows SSO / MFA for legacy systems (user has to log in to Knocknoc first, otherwise he doesn’t see the target system at all)
  • SW can be operated on prem itself or purchased as SaaS
  • Search for Channel Partners in Europe

Loch.IO:

  • US scale-up specifically for monitoring wireless connections and devices (“Wireless Airspace Defense”)
  • Core function: Detection and analysis (software-defined radio) of frequencies between 300 MHz and 6 GHz using proprietary hardware, i.e., passive sensors. Also available as a backpack version or camouflaged as a pebble 😉
  • Focus on OT environments such as (airport) ports, government/defense, refineries, utilities… already customers in the EU
  • Core problem yes that IIoT devices often allow open connections via 4G/5G, Bluetooth or similar due to defaults/incorrect settings => This is detected with the solution
  • Any type of transmitter in the above-mentioned frequency band can be located with an accuracy of a few centimeters
  • In addition, very special solutions for GPS protection or drone jamming
  • All in all, a very refreshing appearance – extremely technical (30 patents), little marketing and a founder from Scotland who makes the video calls from a room full of antennas, books and uniforms

Halcyon.AI:

  • US provider of ransomware protection as a supplement to EDR (messaging similar to Deep Instinct, Bullwall or Rubrik, but technically very different)
  • ~600 corporate customers, including the first in the DACH region
  • Exciting: Intercepts key material during ransomware encryption to enable decryption. Quasi a MiTM attack on the malware. It probably works by putting hooks in the cryptography libraries of Windows, esp. for random number generation
  • This also explains the current limitations: only works on Windows OS, and also not for ~20% of the ransomware variants that generate its own key material
  • In addition, behavior-based detection of data exfiltration via connections of the endpoint to known C2 infrastructure or conspicuously high volumes
  • Must be installed on each host, endpoints need to connect to Halcyon’s central SaaS engine (via proxy if necessary)
  • House number of 15-20 EUR/end point per year (for larger environments)
  • Still looking for channel partners

As always, questions, suggestions, comments, experience reports, topic requests and also opposing opinions or corrections are welcome by email. Ditto for unsubscribing from the mailing list.

For people who have received the market commentary for the first time: Here you can register if you are interested or check the archive for compliance with the deletion deadlines.

Best regards,

Jannis Stemmann

Ready to make your cybersecurity more affordable?

CyberCompare is your independent partner to make IT, OT and IoT security easier, clearer and more affordable.

With our established cybersecurity ecosystem, you achieve cybersecurity excellence and increase your resilience: With us you save time and money but never lose focus.

Get in Touch

Get in Touch

Associations and industry collaborations

Scroll to Top