Hello everyone

To start with, a little quiz: Who has an idea of which company shows the sales of in the attached chart?

Resolution then in the next market commentary.

Our hobby is the selection of security solutions and services with the associated procurement and implementation processes.

Here, we stumbled across a few interesting estimates of the security purchasing volume that is already being handled through the AWS Marketplace :

  • Wiz: ~0.5 billion USD/a, corresponding to ~50% of sales
  • Crowdstrike: ~0.4 billion USD/a, corresponding to ~15% of sales
  • Okta: ~0.2 billion USD/a, corresponding to ~10% of sales

Crowdstrike puts the average transaction via AWS Marketplace at around $200k, which means we’re not just talking about SMBs stocking up on off-the-shelf products. Since the entire procurement process from requirements definition to PoC is known to be somewhat more complex for many security products in large organizations and involves a multi-level distribution chain (manufacturer-distributor-reseller), the question naturally arises as to how this can actually work as e-commerce. Here is my state of knowledge so far after a few conversations:

  • The linchpin is the so-called “committed spend”, which every major enterprise customer agrees to with AWS, Azure or GCP cloud services and which expires at the end of the contract year (or can only be used on worse terms) if it is not spent on time
  • This committed spend can be used not only for storage, compute and services directly from AWS, for example, but also for product purchases via AWS Marketplace
  • This is a great way to bypass the standard purchasing processes => No RfP, no more verification by purchasing or legal necessary, no justification letter 😉. In principle, it works like a framework agreement.
  • The implementation is carried out by an implementation partner who is selected and paid for by the manufacturer. In most cases, it is probably the case that the system house as CPPO (Channel Partner Private Offers) pushes the sale, registers the deal and only the transaction takes place via AWS Marketplace in order to use the above-mentioned budget and the simplified approval process. AWS only replaces the distributor in the distribution chain.
  • So this does not currently lead to better purchasing conditions through increased efficiency à la e-commerce. But tend to even be at worse prices, because as a customer you have to spend the money under time pressure, possibly not even obtain alternative offers, and this is of course known on the provider side.
  • When is the end probably still the means of choice?
    • If you can really make the best use of the budget for this security software,
    • and, for example, is about to renew with a provider with whom you are very satisfied,
    • or the offer comparison between manufacturers who are all on the marketplace.
  • Basically, I can only recommend every provider to participate in this system and benefit from the growth and growing bargaining power of AWS, Azure and GCP. There also seems to be potential in penetration: On Google Marketplace, a search for “security” yielded only ~700 offers. Since most providers have several products / versions on offer, I guess that only about 10% of all providers are represented there at all.
  • Anyone who has already had experience here or has other insights is of course welcome to let us know.

From the M&A corner:

  • CyberOwl offers security solutions especially for shipowners, including a Managed SOC for ship fleets = > Cool approach and one of the few cases in which a security provider specializes 100% in one sector. That’s why they have now been bought by the leading classification society DNV (some of us probably know it as the parent company of the former Germanischer Lloyd).
  • Dragos has taken over Network Perception – good fit from my point of view, we had a look here . Especially in OT brownfield environments, the cost-effective automated acquisition of data streams is essential in order to be able to segment in a targeted manner.
  • Logpoint (SIEM) has acquired the NDR provider Muninn , both based in Denmark
  • Mitratech (GRC, Workflow Automation) strengthens its position with Prevalent (3rd Party Cyber Risk Management)

Here are some key points from vendor briefings:

Tufin:

  • US provider for scalable management of multi-firewalls (competitors to e.g. Algosec or FireMon)
  • Automated implementation of security policies for access rights including change management processes between specialist departments and firewall admins
  • In addition to perimeter and segmentation FW of the usual suspects, cloud FW/SDN (Azure, AWS, VMWare, Cisco ACI…) and CASB (ZScaler, Palo Alto Prisma, Netskope…) can also be managed
  • Of course, there are also advantages for compliance/audit documentation, which is available at the touch of a button
  • One of the few product categories that allows customers to save costs and improve security at the same time
  • ~500 employees, reference customers including VW, BASF, EON, Roche, Deutsche Telekom, Deutsche Bank, but also various municipal utilities and medium-sized companies
  • Typically pays off from ~25 firewalls/CASB or similar over at least 2 manufacturers (e.g. Checkpoint & Fortinet). Cost indication mentioned in this scenario (SecureTrack+ model) ~EUR 70 thousand/year + setup EUR 30-40 thousand
  • Realistically, 6-12 months must be set aside for implementation
  • Logically, it is also suitable for MSSP to offer managed firewall services across different customers

Perception Point:

  • Email and browser security (i.e., competitor to MS Defender for Office, Proofpoint, Mimecast…), approx. 125 employees, headquarters in Israel
  • Deployment nur als SaaS
  • ~8000 corporate customers, including Red Bull and Linde in the DACH region
  • Interesting for email filters: Offer a managed service for monitoring and analysis, e.g. to exclude false positives and thus facilitate the work of the SOC team
  • Browser module also includes DLP function, available for all common browsers
  • Also checks files uploaded to collaboration tools like Salesforce, Teams, Jira
  • Budget indication (all modules) ~25-30 EUR/user and year

SecureVisio:

  • Combined solution for SIEM/XDR/SOAR (similar to Exabeam), GRC, CMDB and vulnerability management
  • Polish provider that is just starting in the DACH region => reference customers including T-Mobile Poland and Polish municipalities / clinics, largest installation so far ~65k endpoints
  • Simple licensing model: Cost per endpoint with agent (workstations/servers only, not mobile). Example: 10k endpoints, license costs for 3 years a total of approx. 1 million EUR – no matter what log volume and how many sources are connected
  • ~400 SIEM Regeln und ~300 SOAR-Playbooks out of the box
  • Have some experience with the (partial) replacement of Splunk or QRadar to save costs for customers without sacrificing security functionality. Existing rules or playbooks of the customers can be migrated/translated, but in my understanding this does not work fully automatically
  • The discussion about performance was once again resinous. Somehow, almost all SIEM vendors have a hard time with a comparative measurement, but at the same time claim that their solution is more performant than the competitors.
  • Can be installed on-premise, but no SaaS option. MSSPs can set up multi-tenant environments for customers. So far, however, I don’t know of any MSSPs in the DACH region who are familiar with the solution

Vorlon:

  • American startup for 3rd party API security, i.e. it is not about checking the self-developed APIs against the OWASP vulnerabilities, but about the customer data that is accessed via APIs of the SaaS software used such as Salesforce, Hubspot or Okta
  • So far, about 100 SaaS applications are supported out of the box
  • Works via log monitoring, i.e. a kind of SIEM extension in which parsing and rules for the SaaS APIs are stored (the founder comes from Demisto)
  • Also rotation of access tokens, detection of misconfigurations
  • 25 mA
  • Currently only a handful of customers (mainly banks), all in the USA

DigiCert (Update):

  • We know this from PKI for IoT projects. In addition, DigiCert also offers pure enterprise PKI/Certificate Authorities, as well as certificate management for documents or DNS servers
  • Newly added: SDK for device developers with usable security features so that they do not have to be reprogrammed, e.g.
    • Authentication via EAP-IKEv2
    • Over the air Software-Updates
    • Cryptographic functions for embedded devices that comply FIPS140 L1
    • MQTT Client
    • Code-Signing
  • For microcontrollers and (real-time) operating systems such as QNX, Wind River Linux, Windows Embedded, Green Hills…
  • Referenzkunde u.a. B.Brown Medical

CyberSaint:

  • Cyber Risk Quantification (similar to Axio or Safe Security) for risk management and board reporting
  • Advisen dataset with 90,000 infosec or IT incidents as a basis for assessing risks for certain sectors and company sizes in terms of probability of occurrence and impact
  • FAIR method and Monte Carlo simulations, dashboards also according to NIST 800-53, automated compliance and SEC reporting
  • Manual entry of the implemented security measures along MITRE ATT&CK or other frameworks such as ISO27001, DORA…
  • Of course, it can also be used for regular progress documentation
  • Integration with the leading GRC tools
  • Very transparent calculations in cross-comparison with other solutions

As always, questions, suggestions, comments, experience reports and also opposing opinions, corrections (or even informal unsubscriptions from this mailing list) are welcome by email. And again a big thank you to all the interviewees who had an open ear for my questions!

Regards

Jannis Stemmann

The Marktkommentar by Jannis Stemmann

Subscribe to Marktkommentar.

Gain More Insights Early On.

Marktkommentar includes insights from discussions with providers and customers on security projects and vendor briefings, questions and selective observations as well as unpopular theses in the security community.

Scroll to Top