Mergers and acquisitions will drive security software

Gartner says there is a dramatic transformation in the security software market due to four key developments: advanced analytics, expanded ecosystems, adoption of software as a service (SaaS) and managed services, and the prospect of punitive regulations are causing enterprises to rethink their security and risk management software requirements and investments.

"The overall security market is undergoing a period of disruption due to the rapid transition to cloud-based digital business and technology models that are changing how risk and security functions deliver value in an organisation," said Deborah Kish, principal research analyst at Gartner. "At the same time, the threat landscape and rise in the number of high-impact security incidents are also creating demand for security technologies and innovations that deliver greater effectiveness."

Acquiring and integrating products and technologies will be a critical strategy to increase market share and enter new markets, it says. Given the preponderance of startups and smaller vendors pursuing innovative approaches to security problems, acquisition, integration and consolidation are highly effective strategies to increase market share and enter completely new markets. In many cases, mature vendors in search of continued growth are acquiring faster-growing companies from emerging adjacent markets. In other cases, vendors are optimising profits by consolidating similar products under a single brand, therefore leveraging economies of scale by combining core functions, such as development, support, sales and marketing.

Enterprises are increasingly seeking products that incorporate "smarter" predictive and prescriptive analytic technologies, which help warn users of potential security incidents and provide guidance on optimal responses. These more-advanced analytical capabilities are driven by a variety of underlying technologies, such as heuristics, artificial intelligence/machine learning and other techniques. Successful vendors will work with customers and prospects to understand use cases where analytics will deliver significant value and augment limited security staff and resources.

The EU General Data Protection Regulation will come into effect on 25th May, 2018 and could see organisations facing heavy fines should they receive a single complaint for mishandling private data. Punitive regulations will create board-level fears, driving security software budget decisions based on the potential financial impact of fines and noncompliance. Consequently, organisations will look to providers with products that provide the needed visibility and control of their data. Providers should identify the key regulatory requirements and constraints in target geographies by working with legal counsel to deliver product and service choices that will alleviate board-level fears.