ronstik - stock.adobe.com
HP Inc. plans to acquire Bromium Inc., an endpoint security vendor that uses microvirtualization technology to isolate threats from untrusted sources.
Bromium, founded by Gaurav Banga, Simon Crosby and Ian Pratt in 2010, is known for its Microvisor software, which uses hardware virtualization to launch a virtual machine for every browser tab or email attachment opened. The idea is to trap malicious code before it can infect a user's machine.
Analysts called the acquisition unsurprising. Not only has HP been reselling Bromium software as Sure Click since 2017, but the endpoint security vendor market has been in the throes of rapid consolidation. Just last month, VMware and Broadcom acquired Carbon Black and Symantec, respectively.
Analysts also labeled the news a good thing for IT admins. Brad LaPorte, an analyst at Gartner specializing in endpoint security and threat intelligence, said a deal like this "is a multiplier" for those in charge of HP devices.
"When you roll out a fleet of HP laptops, you'll already have a centralized agent that is secure by default, which will greatly reduce the number of agents you have to install and manage," he said. "The added security will also mean fewer alerts because your attack surface has been greatly reduced."
But, he cautioned, while HP is headed in the right direction, not every company will benefit from the acquisition and there are steps HP still needs to take to round out its security program.
HP's response to Dell
LaPorte described the acquisition as a safe bet for HP, one that could help the company stay relevant. "This is a play to compete against Dell's Endpoint Security Suite that it's had for a couple of years now," he said.
Eric Parizo, senior analyst at Ovum, also pointed to the Dell rivalry as rationale behind the acquisition. He ticked off Dell's growing endpoint security capabilities, which include its RSA NetWitness Endpoint security product, its ownership of managed security services provider SecureWorks, and its more recent go-to-market partnership with CrowdStrike.
Eric ParizoSenior analyst, Ovum
"HP needed additional endpoint security technology to bolster the capabilities it can provide as a technical solution to secure its PCs and laptops, but also as a bundling option to increase the size of its sales opportunities," Parizo said. "This move also helps counter the perception that Dell has more to offer in the way of endpoint security. Although Dell still has more options, now at least, HP can say it has a viable alternative."
By acquiring rather than reselling the technology, HP can build out the Bromium functionality, something Paula Musich, security and risk management research director at Enterprise Management Associates Inc., fully expects to see.
"HP hasn't offered a roadmap for where they plan to take the acquired technology, but it wouldn't be a huge surprise to see them eventually extend the technology to HP's vast printer portfolio," she said. "Internet-connected printers are a target for attackers, and there's a potentially huge addressable market in adapting the technology to HP printers."
If Musich's theory becomes practice, IT admins would benefit by having "a single source for protecting both printers and PCs/laptops," she said.
Even in the short term, the acquisition will help IT admins better manage HP laptops and PCs, as well as provide an added layer of security. Bromium provides security "from the user in versus the network out," said Zeus Kerravala, founder and principal analyst at ZK Research in Boston.
"The more distributed computing becomes and the more we do more things on more devices in more places, the more something like Bromium is needed," he said.
LaPorte described Bromium as an endpoint security vendor whose product operates on a pre-OS layer, or hardware layer, rather than post-OS layer. Investing in such products is HP's -- and Dell's, for that matter -- attempt at getting ahead of attacks that target deeper layers of the computing stack.
'Too many pizza shops'
Although the dollar figure HP will pay for Bromium was not disclosed, LaPorte described the acquisition as a likely cheap bet for HP. In a 2016 attempt to secure funding, Bromium's valuation was cut almost in half; its growth and profitability had recently been in the single digits.
But the acquisition may not be a good fit for everyone. LaPorte said companies that use a golden image, or a preconfigured template for virtual machines, may miss out on the benefits that an endpoint security product provides. "When you remove these features to meet specific organizational needs, you are sacrificing security in lieu of efficiency," he said. "Buyers need to consider these requirements before purchasing."
And the buy still leaves HP's security services and endpoint detection and response functionality lacking, especially compared to Dell. LaPorte believes HP will take its next steps in these areas.
On the whole, LaPorte expects consolidation of the endpoint security vendor market to continue on a weekly if not multiweekly basis. "There are too many pizza shops and not enough people buying pizza," he said simply.
Clear leaders, such as CrowdStrike and Microsoft, control a significant portion of the market share, making it difficult for other endpoint security vendors to find decent footing in the market, according to LaPorte.
"The market share for the people who are not the leaders in this space is going down exponentially," he said.
Although he has little insight into the Bromium acquisition, Steve Athanas, associate CIO of system architecture at UMASS Lowell and VMUG president, said it's a market he is keeping an eye on. "I'm very interested to see how this wave of security acquisitions and consolidation plays out," he said.