Start your day with intelligence. Get The OODA Daily Pulse.

Cybersecurity professionals are not looking for a silver bullet.  And even if the marketplace was under the delusion that there was such a thing as a cure-all for all of its woes, the level of threats, attacks, vulnerabilities, and incidents feel more like a zombie attack than that of a lone werewolf.

Market consolidation in the form of M&A is usually a precursor to the emergence of a suite of best-in-class architectures, platforms, and products in an IT vertical.  Such was the case with artificial intelligence in the technology sector in the 2014-2016 timeframe.  If MAMAA (Meta, Apple, Microsoft, Amazon, and Google’s parent company Alphabet) are circling above an innovation, you can definitely count on an active period of competitive merger and acquisition activity.  Are the final solutions sometimes a VHS v. Beta tradeoff, Word and Excel functionality scope creep, or some of the unintended security consequences of the open-source software movement?  Sure.  The market is efficient, not perfect.  Let’s start sorting it all out…

$500M by Google for Security Orchestration, Automation, and Response (SOAR) Services Provider Siemplify

Cybersecurity M&A activity got off to a big start yesterday, specifically in the cloud-based and enterprise security subsector.  Google Cloud announced the $500 million acquisition yesterday of Israeli-based Siemplify, a startup that specializes in end-to-end security services for enterprises, also known as security orchestration, automation, and response (SOAR) services.   This acquisition comes at a time when Google Cloud has committed $10 billion to advance cybersecurity.  Siemplify will be part of the Google Cloud Platform by way of Google Chronicle, which was Google X’s oldest moonshot incubation effort that was ported over to Google Cloud in 2019.

Techcrunch captured the value proposition of Siemplify’s SOAR platform in the context of the end-to-end telemetry innovation on which Google Chronicle was designed:

“Chronicle was built as a platform designed for cybersecurity telemetry: specifically tracking the movement of data across all devices and networks, as a way of getting a clue to detecting and stopping breaches. SOAR platforms are the customer-interface element of that activity: they are used by security operations specialists to manage and monitor activity, begin the process of remediation (either automatically or manual), and to log everything to help prevent the same thing from happening in the future. As Google adds more services and automation to woo more customers, adding SOAR capabilities is the logical next step for the company.”

Google Cloud elaborates:  “Providing a proven SOAR capability unified with Chronicle’s innovative approach to security analytics is an important step forward in our vision. Building an intuitive, efficient security operations workflow around planet-scale security telemetry will further realize Google Cloud’s vision of a modern threat management stack that empowers customers to go beyond typical security event and information management (SIEM) and extended detection and response (XDR) tooling, enabling better detection and response at the speed and scale of modern environments.  We plan to invest in SOAR capabilities with Siemplify’s cloud services as our foundation and the team’s talent leading the way. Our intention is to integrate Siemplify’s capabilities into Chronicle in ways that help enterprises modernize and automate their security operations. ”

$65M by Recorded Future for Attack Surface Intelligence (ASI) Platform SecurityTrails

Back in 2019, Recorded Future was the megadeal of the year when it was acquired in a $780M all-cash deal by private equity firm Insight Partners.  As TechCrunch reported at the time, “the acquisition effectively bought out the company’s earlier investors, including Google’s venture arm GV, and In-Q-Tel, the nonprofit venture arm of the U.S. intelligence community.”

Yesterday, Recorded Future announced the $65 million acquisition of  Los Angeles-based SecurityTrails, which represents innovation in the attack surface intelligence (ASI) space.  This M&A activity is on top of the company’s $20 million Intelligence Fund, designed for seed and Series A investments in cybersecurity startups, specifically data intelligence tools.   Yahoo Finance describes SecurityTrail as an “internet inventory startup that collects and banks current and historical domain and IP address data.  SecurityTrails collects and maintains vast amounts of current and historical internet records, such as domain name records, registration data, and DNS information, giving organizations visibility into what their threat attack surface is — that is, the networks and servers that are accessible from the wider internet.”

In their announcement of the deal,  Recorded Future detailed the company’s plans for integration of the SecurityTrails Attack Surface Intelligence Module into the Recorded Futures stack:  “Recorded Future…has acquired SecurityTrails, the Total Internet Inventory™ and leading provider of Attack Surface Monitoring.  SecurityTrails’ technology collects hundreds of data points at an internet-wide scale, correlating and normalizing to get a near real-time snapshot as well as a historical view of all assets on the internet at any given time. The resulting intelligence enables organizations to manage both critical assets and shadow infrastructure for a complete understanding of their attack surface.”

“With this acquisition, Recorded Future will be launching its Attack Surface Intelligence Module within the Recorded Future Intelligence Platform. Existing Recorded Future clients will also continue to gain insight from SecurityTrails data in other existing Intelligence Modules, incorporated through the company’s Intelligence Graph, and the company will continue to aggressively invest in SecurityTrails’ Total Internet Inventory™ collection and intelligence capabilities to build out the world’s deepest, real-time dataset of the internet.”

In their announcement of the deal, SecurityTrails Co-Founders Chris Ueland, Courtney Couch, and Fred Madarshahian stated:  “Upon acquisition, SecurityTrails will continue to function as a stand-alone platform and operate as an independent unit inside Recorded Future — still equally dedicated to furthering our ability to provide… comprehensive awareness of…internet-facing infrastructure.”

Cybersecurity Innovation:  SOAR AND ASI

Source:  https://www.gartner.com/en/doc/security-operations

A few notes about Security Orchestration, Automation, and Response (SOAR)

A few notes about Attack Surface Intelligence (ASI)

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real-world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along its journey to optimized intelligence. See: Corporate Sensemaking

Artificial Intelligence Sensemaking: Take advantage of this megatrend for competitive advantage

This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking

COVID-19 Sensemaking: What is next for businesses and governments

From the very beginning of the pandemic, we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily intelligence as well as pointers to reputable information from other sites. See OODA COVID-19 Sensemaking Page.

Space Sensemaking: What does your business need to know now

A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking

Quantum Computing Sensemaking

OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See Quantum Computing Sensemaking.

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision-making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast

Daniel Pereira

About the Author

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.