Open main menu
Home
Random
Donate
Recent changes
Special pages
Community portal
Preferences
About Stockhub
Disclaimers
Search
User menu
Talk
Contributions
Create account
Log in
Editing
Darktrace
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Competition landscape == Growing demand for proactive threat detection and response solutions (across network, cloud, email and endpoint) has underpinned Darktrace’s rapid customer- base and ARR growth in recent years. However, with relatively low barriers to entry and increased competition, JP Morgan sees a risk of commoditization of solutions targeting the use-cases addressed by Darktrace. A growing list of vendors that seek to combine different point security solution offerings into an eXtended Detection and Response (XDR) fabric will only increase the competitive intensity for vendors such as Darktrace, whose offerings are a complement (rather than a replacement) for other point security tools such as Endpoint Detection and Response (EDR), in JP Morgan's view. Today, Darktrace leads the Network Detection and Response (NDR) market and has seen good early success with its email product; however, against the backdrop of commoditization, high competition, growing enterprise awareness of vendors addressing proactive detection and response use-cases and relatively low switching costs, JP Morgan believes that customer acquisition and retention is likely to get tougher for Darktrace, going forward. In addition, there is a real competitive threat from public cloud vendors such as Microsoft, Amazon and Google making a big push into proactive threat detection and response solutions for cloud traffic and email as enterprise workloads transition to the cloud. Darktrace’s approach to threat detection and response does not rely on a historical signatures-based detection / rules-based response playbook; instead, its technology aims to learn the ‘patterns of life’ for an enterprise, creating a constantly evolving baseline for ‘normal’ behavior, and detects and responds to deviations from the normal. Darktrace’s cyber AI platform provides coverage across an enterprise’s network (on-premises, OT, cloud and SaaS), email and endpoints. Further, Darktrace will roll out solutions tackling preventative security and remediation/healing post attacks as part of its continuous AI security loop. Given its breadth of offerings and platform approach, Darktrace does not fit neatly into any particular cybersecurity sub-segment. Darktrace notes that it does not compete with the vast majority of cybersecurity vendors as it sees its offering as complementary to an enterprise’s existing layered security stack. However, enterprise purchasing decisions are business-problem- driven and the use-cases addressed by Darktrace today are targeted by point security solution vendors such as EDR (Endpoint Detection and Response), NDR (Network Detection and Response), SIEM (Security Information and Event Management) / SOAR (Security Orchestration, Automation and Response) system and secure email gateway/cloud email security vendors. Over the mid-term, competition may also come from vendors combining multiple point solutions as part of an eXtended Detection and Response (XDR) platform. With visibility into a growing portion of enterprise traffic, public cloud vendors and zero trust/secure service edge providers such as Zscaler and Fortinet may choose to offer an integrated threat detection and response solution, potentially trimming the available opportunity for Darktrace, in JP Morgan's view. Below, JP Morgan provides an overview of Darktrace’s competitors across different categories based on the product offering/use-case. === Competition remains intense in the network detection and response market === The security industry is seeing a shift from legacy prevention-based security approaches to proactive detection and response technologies. Endpoint security has already undergone this transition, with organizations moving from antivirus (AV) to next-generation AV to Endpoint Detection and Response (EDR) solutions. The move to Network Detection and Response (NDR) is a similar shift on the network, i.e. the next step in the transition from traditional prevention-only security solutions such as Intrusion Detection Systems (IDS) and Intrusion Detection and Prevention Systems (IDPS). NDR vendors offer an integrated set of network traffic monitoring, threat detection, investigation and response capabilities – these vendors provide a broad visibility into an enterprise’s internal network by monitoring and analyzing traffic among users/devices across the enterprise’s digital estate (on-premises, SaaS and cloud). NDR approach to security has gained traction in recent years as this provides an added layer of network visibility without requiring agents to be installed on devices and is invisible to attackers. NDR tools augment the capabilities of security teams by monitoring network traffic in real-time (or near real-time), detecting and prioritizing threats and syncing (via APIs) with other point security solutions (firewalls, network access control, EDR, SIEM/SOAR systems) either to initiate an automated customized response (especially for high-risk incidents/breaches) or for further investigation and threat hunting. Put simply, NDR tools employ unsupervised machine learning to establish a baseline for ‘normal’ network activity and flag deviations from the normal as alerts for further monitoring; supervised machine learning and other tools can then be applied on the flagged alerts to categorize possible threats or malicious activity. NDR tools do not rely only on past threat signatures or indicators of compromise for threat detection and can monitor both north-south and east-west traffic (with proper design of NDR deployments), making these tools a good complement to traditional security solutions such as firewalls and IDS/IPS (which primarily rely on historical threat signatures for detection). NDR vendor offerings overlap with Darktrace’s network portfolio (Enterprise Immune System, Antigena for Network and Cyber AI analyst) – in fact, prior to rolling out solutions for email and endpoint, Darktrace was primarily an NDR vendor. According to Gartner, the NDR market stood at $1.3bn in 2021 (+27% YoY) and is expected to grow at a 4-yr CAGR of 16% reaching $2.4bn by 2025. Darktrace is the leading vendor in this market with 25% share, followed by Cisco (14%), ExtraHop (13%) and Vectra AI (9%). Some other key NDR vendors include FireEye (Trellix), Fidelis, Gigamon, IronNet and RSA Netwitness. '''Figure 12: Network Detection & Response (NDR) market ($. m): CY19-25'''<ref name=":3">Source: Gartner.</ref> [[File:Figure 12.png]] '''Figure 13: Network Detection & Response: CY21 Market share<ref name=":3" />''' [[File:Figure 13.png]]Demand for NDR solutions will likely remain high as enterprises introduce an added layer of network traffic visibility to their layered security stack; however, competition in this space remains intense. There are more than 20 vendors offering NDR solutions ranging from early-/mid-stage start-ups to large, established cybersecurity companies. NDR vendor offerings have also matured with basic capabilities and on-premises/cloud/SaaS coverage provided by most vendors. Further, as enterprises increasingly incorporate NDR as part of their security stack, enterprise awareness of different vendor offerings in this space is likely to increase. In addition, with visibility into a growing portion of enterprise traffic, NDR vendors may face competition from zero trust/secure service edge providers such as Zscaler and Fortinet that may add network traffic analytics as part of an integrated cloud security stack (today, NDR vendors offer integrations to zero trust architectures to capture logs for added visibility). Public cloud players such as Amazon, Microsoft and Google may also make a big push addressing real-time cloud traffic analysis and threat response solutions – Today, these public cloud vendors offer packet mirroring, which allows third-party network traffic analysis tools such as Darktrace to monitor traffic to/from virtual machines. However, given the importance of cloud traffic visibility, this may be brought into the fold of in-built cloud security offered by public cloud vendors in the future. === The future of NDR is XDR === As stated previously, endpoint security has undergone a transition from basic AV solutions to next-generation AV and Endpoint Protection Platforms (EPPs) to Endpoint Detection and Response (EDR) solutions. However, there is a growing realization that the siloed approach to security is not enough to combat modern-day cyber threats. In fact, EDR tools face limitations when it comes to visibility into cloud workloads, IoT and unmanaged devices. This security gap is now being filled by tools such as NDR, cloud workload protection platforms, and user behavior analytics. This development has only added more siloed point security tools to an enterprise’s security arsenal. These tools don’t usually work well together and, even when they do, security analysts have to sift through a high number of alerts. These issues are giving rise to a new approach termed eXtended Detection and Response (XDR). XDR vendors seek to integrate telemetry from multiple sources such as endpoint, network, cloud, identity, etc. to offer contextually rich and targeted threat analysis and incident response systems. This is akin to SIEM systems; however, XDR offerings tend to be less open, with the use-case limited to threat detection and response. Eventually, JP Morgan believes that EDR, NDR, user behavior analytics and some SIEM/SOAR functionality will be brought into the fold of XDR. JP Morgan is already seeing integration of NDR capabilities from point solution vendors as part of their XDR strategy. Some key XDR vendors include Cisco, Palo Alto Networks, Crowdstrike, Sophos, IBM, Microsoft, Trend Micro, Rapid7 and SentinelOne. In JP Morgan's view, the growing list of XDR vendors will only increase the competitive intensity for vendors such as Darktrace, which does not have a strong standalone offering for endpoint, SIEM or network security (Darktrace solutions work as a complement to these point security tools). Larger enterprises using best-of-breed security vendors are more likely to license additional modules from these XDR vendors to improve network visibility and threat analytics. Smaller enterprises (with a limited security budget) may choose to outsource threat detection and response to Managed Detection and Response (MDR) vendors or other MSSPs (Managed Security Service Providers) given the high cost and complexity of managing NDR appliances and alerts. Some key MDR / managed SOC vendors include SecureWorks, Arctic Wolf, Rapid7, Sophos, eSentire, etc. Against the backdrop of commoditization of basic NDR capabilities, increased competition from XDR vendors, growing vendor awareness and relatively low switching costs, JP Morgan believes that customer acquisition and retention will likely get tougher for Darktrace, going forward. JP Morgan acknowledges that the shift toward integrated XDR solutions will not happen overnight and these solutions may take some time to mature. However, with vendors already aggressively pursuing such strategies, JP Morgan believes that the convergence between EDR, NDR, cloud workload protection platforms and user behavior analytics tools is inevitable. === Pure-play NDR specialists are good acquisition candidates === Given the prospect of commoditization and eventual convergence with XDR offerings, JP Morgan expects some consolidation in the NDR market; JP Morgan sees pure-play NDR vendors as good acquisition candidates. Deal activity in the NDR market is picking up pace – as examples, Blackstone-backed Vectra AI raised $130m at a post money valuation of $1.2bn in Apr-21; ExtraHop was acquired by Bain Capital and Crosspoint Capital for $900m in Jun-21. Existing network equipment vendors are also making a play in this market (Arista acquired Awake Security in 2020 and Cisco has been developing its Stealthwatch offering). In addition, vendors are adding NDR capabilities as part of their integrated XDR platform; these vendors are either buying pure-play NDR specialists or organically building NDR capabilities – as examples, Check Point Software introduced its NDR offering in 2021, Crowdstrike acquired a strategic stake in Corelight in Sep-21, Sophos acquired Braintrace in Jul-21, LogRhythm acquired MistNet in Jan-21 and VMware acquired Lastline in Jun-20. Darktrace is a not a pure NDR specialist and offers an XDR-like approach to security (across network, email and endpoint). Thus it does not look a strong acquisition candidate in this context, especially from vendors that have an established EDR or email security offering. Having said this, JP Morgan would not rule out the possibility of Darktrace being acquired by a larger security vendor (looking to add AI-driven threat detection and response capabilities) in the future. {| class="wikitable" |+Table 5: Deal activity in the NDR market is picking up pace<ref>Source: Company releases, J.P. Morgan.</ref> |NDR vendor |Deal type |Acquired by |Date |Comment |- |Bricata |Acquisition |OpenText |Nov-21 | |- |Corelight |Series D | |Sep-21 |Raised $75m in Series D investment led by Energy Impact Partners, With strategic investment from Crowdstrike Falcon Fund |- |Braintrace |Acquisition |Sophos |Jul-21 | |- |ExtraHop |Acquisition |Bain Capital and Crosspoint Capital |Jun-21 |Purchase price of $900m. |- |Vectra AI |Series F | |Apr-21 |Led by Blackstone, raised $130m at $1.2bn valuation (post-money). |- |MistNet |Acquisition |LogRhythm |Jan-21 | |- |Awake Security |Acquisition |Arista |Sep-20 | |- |Lastline |Acquisition |VMware |Jun-20 | |- |ProtectWise |Acquisition |Verizon |Mar-19 | |- |LightCyber |Acquisition |Palo Alto Networks |Mar-17 |Acquired for $105m. |} === Email security moving beyond secure email gateway solutions; however, competition is heating up === Similar to the trends discussed above for endpoint and network, email security is seeing a transition from traditional gateway-led protection approaches to AI-led cloud email security supplement solutions that scan the entire email system for anomalies. These solutions link to cloud email systems (Microsoft/Google) via APIs to provide a contextually richer understanding of email activity (analyzing user behavior, senders, links and attachments in the context of normal “patterns of life”) – adding an additional line of defence on top of built-in capabilities offered by email providers such as Microsoft and Google. In JP Morgan's view, mature enterprises are not likely to replace existing secure email gateway solutions in favor of integrated cloud email security offerings (just as these enterprises are not likely to forgo investments in IDS/IDPS in favor of NDR); rather these solutions will likely supplement existing secure gateway investments. Smaller enterprises may choose integrated cloud email security solutions (working in conjunction with built-in security from cloud email providers such as Microsoft’s Defender) over secure email gateway offerings. JP Morgan expects integrated cloud email security solutions to gain traction in the coming years. However, like in the NDR space, JP Morgan does see pure-play cloud email security specialists as good acquisition candidates – either by secure email gateway vendors or XDR vendors (e.g. Check Point’s acquisition of Avanan in Aug-21). Darktrace’s Antigena Email (launched in 2019) has seen good early success in the market for integrated cloud email security solutions. Here, the company competes with vendors such as Avanan, Abnormal Security (raised $50m at $500m+ valuation in Nov-20), Tessian ($500m valuation as of May-21), Vade and Ironscales. In addition, competition (especially, in the SMB/mid-market segment) may come from secure email gateway vendors such as Proofpoint and Mimecast. === Breach and attack simulation vendors === Although still in the early stages of product roll-out, Darktrace’s foray into preventative cybersecurity (breach and attack simulation) puts the company in competition with vendors such as CyCognito, Mandiant, Qualys and AttackIQ. Darktrace plans to roll out its ‘Prevent’ product suite more broadly by mid-CY22.
Summary:
Please note that all contributions to Stockhub may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Stockhub:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)