The 10 Biggest Security Stories Of 2015
2015: Security Remains Red Hot
Security was one of the hottest topics and markets in 2015, making it especially difficult to choose just 10 of the biggest news stories of the year. From breaches, to vendor shifts, to major hacking events, these security stories rippled through the market and extended across the economy, even impacting political races and causing change in consumer product lines. As the year comes to a close, and likely ushers in an even bigger year in security to come, take a look back at 10 stories that changed the landscape for solution providers and their customers in 2015.
10. A New Strategy For Intel Security
Intel Security unveiled a new strategy in October that will define where the security giant (previously McAfee) is going to position itself for years to come. The new strategy looks to focus on the full threat defense life cycle, which includes protection, detection and correction. The new strategy is significant because it jumps on an industry trend evolving through 2015, which saw vendors and solution providers recognizing the importance of a full set of integrated security solutions, as opposed to point solutions, as well as a move away from an emphasis perimeter-based technologies.
From a product perspective, the new strategy means shifting the emphasis toward threat intelligence, analytics, third-party integration around its centralized management system, essentially looking to be the fabric that binds together a variety of disparate security solutions. It also means divesting product lines that no longer make sense, a list that to date includes more than a dozen email and SaaS security solutions as well as the sale of two network security lines to Raytheon|Websense.
9. Car Hacking
One of the most viral security events of the year was the news in July that two hackers, Charlie Miller and Chris Valasek, had successfully hacked and gained control of Wired reporter Andy Greenberg's Jeep Cherokee using a zero-day exploit in the car's Uconnect system. In doing so, the hackers gained access to the vehicle's entertainment system, controls, steering, brakes, transmission and more -- from more than 10 miles away -- and ultimately caused the car to crash in a ditch. As a result, Fiat Chrysler announced the recall of 1.4 million vehicles for a software patch that should fix the vulnerability and the National Highway Traffic Safety Administration launched an investigation. The pair of hackers later presented their findings at the annual Black Hat conference in Las Vegas. The event was only one of many this year that put the public spotlight on the need for manufacturers of all industries to be more mindful of security and build in more security protections from the start.
8. Sophos Makes Series Of Big Moves
While not a single news event, Sophos deserves a spot on this year’s list for continued big moves throughout the year, including new channel leadership, acquisitions, new security solutions and a blockbuster IPO. The security vendor’s IPO in June landed it a $1.6 billion valuation, and said at the time that the move would allow it to "look forward to the next stage of our development." Since then, the company has made two key acquisitions, including the purchase of email security company Reflexion Networks in May and the buy of next-generation endpoint security player SurfRight in December. The company also added a new North American Channel Chief in Erin Malone, promoting previous channel chief Kendra Krause to vice president of global channel sales. Finally, the company closed the year with the launch of Sophos Security Heartbeat, which brings together the network and endpoint by synchronizing threat intelligence and automation across both facets of the security portfolio.
7. Hillary Clinton Email Servers
Public official security took center stage early this year, and continued throughout 2015, with the controversy over the private hosting of emails by former Secretary of State Hillary Clinton. Solution providers at the time said that Clinton jeopardized the security of her emails by hosting them on a private server and using a personal email account for all official interactions during her 2009 to 2013 tenure as U.S. Secretary of State. An FBI probe was opened into the issue, and Clinton has since released thousands of pages of the emails to the State Department. It was also later reported that Denver-based solution provider Platte River Networks had been hired by the Clintons to provide management and better security, durability and a more professional setup after the server was plagued with outages.
6. Blue Coat Acquired By Bain Capital
In March, Blue Coat announced that it would be acquired by private equity firm Bain Capital for a blockbuster $2.4 billion. Blue Coat was previously owned by Thoma Bravo (which acquired it in 2011 for $1.3 billion), and said the move would help prepare it for a return to the public market and drive toward $1 billion in revenue within three years. Since then, Blue Coat has been on an acquisition spree, planting its stake in the cloud security market with the acquisitions of Perspecsys in July and Elastica in November.
5. Cisco Gets Serious About Security
At the company’s 2015 Partner Summit in May, Cisco executives took the stage to announce that it planned to plant a serious stake in the security market in 2015. Executives said that Cisco was in a unique position to provide a complete end-to-end architecture around security, under a strategy it is calling "Security Everywhere," with recent acquisitions under its belt including Sourcefire, Threatgrid and Meraki. As part of that push, Cisco singled out Palo Alto Networks and Check Point Software Technologies as the vendors it had in its crosshairs, prompting later competitive shots back at the networking giant from the two security players.
Cisco backed up that push throughout the year with the launch of multiple new security solutions, more than $1 billion in acquisitions around security including OpenDNS and Lancope, as well as naming former CEO John Chambers as "executive sponsor for security."
4. Symantec Split
While the Symantec split began in 2014, it was a major news topic throughout this year as the company navigated the logistics of the split and planned for its future as a security-only company. In August, Symantec announced that instead of spinning out Veritas as an independent company, it would be selling it to private equity firm the Carlyle Group for $8 billion. Since then, the company has completed its operational split, launched a new partner program and says it is on track for the anticipated split finalization at the beginning of next year. However, the journey hasn’t been without its hiccups along the way, as Symantec lost both Executive Vice President and General Manager of Global Sales and Operations Adrian Jones and Vice President of Global Channel Programs and Sales Tom LaRocca, both regarded by partners as key facets in the company’s reinvigorated push into the channel.
3. Major Health-Care Breaches
Major health-care breaches took center stage throughout 2015, led by the February breach of Anthem, which exposed more than 80 million patient and employee records. That breach came on the heels of the breach of more than 11 million subscribers at Premera BlueCross BlueShield in January. Other major health-care breaches this year included Excellus BlueCross BlueShield and CareFirst. Throughout the year, solution providers said that the breaches showed the need for increased investment in security by health-care and insurance providers, as more attackers move to take advantage of a lucrative black market for health-care records.
2. Birth Of Optiv Security
The merger of security superstars Accuvant and FishNet Security, which was first announced in November 2014, closed in February of this year, creating a $1.5 billion solution provider with 1,400 employees. The company completed its operational integration of both its technical systems and personnel in August, going forward under the name Optiv Security and the leadership of CEO Dan Burns. The merger was a game-changer for the security industry, as it sets the solution provider in stone as the biggest security player, with a real say in the success of security vendors big and small alike.
1. Office Of Personnel Management Breach
While not the biggest breach in 2015 by number of people impacted, the breach of the Office of Personnel Management was hands down the most significant breach of the year, arguably of all time. Discovered in late May, more than 21.5 million federal workers were impacted by the breach, exposing the Social Security numbers, residency and educational history, employment history, information about immediate family and other personal and business acquaintances, health, criminal and financial history, and more. The breach, which reports linked back to China, kicked the federal government into action around cybersecurity, initiating a 30-day cybersecurity sprint and a 90-day interagency review. However, the long-term impact of the breach has yet to be seen and there’s no precedent for what could happen with a breach this expansive, both in number of people affected and the extensive personal information exposed.