Revenue growth in services will change industry marketing and investment.
Think about all of the industry activity with malware detection and response and what comes to mind? Most people would probably focus on technology vendors like Bromium, Cylance, Damballa, FireEye, and Palo Alto Networks since these firms have garnered headlines, raised vast fortunes of VC funding, and even pushed through successful IPOs.
Yup, all of these technology vendors seem to be doing just fine, but there is another parallel success story in play – albeit a rather stealthy one. Advanced malware detection and response services revenue is actually growing at about twice as fast as product revenue. Much of this growth is coming from the mid-market but enterprise organizations are also jumping on the bandwagon. According to ESG research, 60% of enterprise organizations already working with professional/managed security services have increased their use of these services “substantially” or “somewhat” over the last 2 years.
Why are so many firms seeking cybersecurity help? Combine the increasingly dangerous threat landscape with the cybersecurity skills shortage and you’ve got a paradigm shift cocktail. Additionally, many firms realize that chasing anomalous behavior and malcode demands time, resources, and the right technologies. Given this, an average regional bank, process manufacturing company, or teaching hospital may not want to play cyber cops and robbers anymore.
ESG research also provides some details on what types of incident detection/response services are most popular with enterprise organizations.
*45% of enterprise organizations are investing in, “cybersecurity training services for IT and non-IT employees.”
*41% of enterprise organizations are investing in, “penetration testing services.”
*41% of enterprise organizations are investing, “managed network security services.”
*39% of enterprise organizations are investing in, “risk assessment services for existing policies and technology controls”
*39% of enterprise organizations are investing in, “vulnerability scanning services.”
It is also worth mentioning that around 23% of organizations have simply outsourced incident detection and response completely or are using a service provider in these areas for staff augmentation and additional support.