Endpoint security has become increasingly integral to a comprehensive security posture. Over the previous decades, the importance of endpoint security has been correlated with the proliferation of devices, expanding remote workforces, and increasing IT sprawl. Workforces and IT infrastructure have become so decentralized that it now makes no sense to operate security in a centralized manner. Instead, security must be distributive like the rest of an org's assets. As a consequence, endpoint security has garnered a new level of significance.
Market size estimates for today and the future vary by a wide margin. The range of estimates indicate that the market will grow 8%-10% per annum and reach between $20bn and $35bn at some point between 2026 and 2030. However, we view that there is a bifurcation occurring between the top names and the rest of the endpoint industry, making the growth runway more attractive for the market leaders.
SentinelOne (S), Palo Alto Networks (PANW), and Crowdstrike (CRWD), have each made large acquisitions recently, to radically reorganize their back-end architecture to support their endpoint operations with highly performant and cost-effective data management.
Most of the rest in the endpoint industry are still using SIEM (Security Incident & Event Management) systems for ingesting and retrieving data. These are very slow systems whereby it typically takes a security professional many days to fully investigate and remediate a threat, thereby leaving the org exposed.
It's not likely that the rest will follow the steps of S, PANW, and CRWD. Revamping the data architecture is probably not an option as effectively managing or reorganising data is arguably the hardest endeavour to take on in the digital world. They could use Snowflake or DataBricks to improve their data management, but with their 50% to 60% gross margins it would make the endpoint vendor uncompetitive. The other option is to pay out a few hundred million dollars for a BoB startup in the data lake/warehouse space, but this will likely not be a viable option due to financial reasons, risks, or because there are no more to buy.
For these reasons, we believe endpoint security now has the highest entry barriers in cybersecurity. Endpoint, or security more generally, is becoming a data engineering problem as much it is anything else. Hence, the vendors that have taken huge risks in tackling this are likely to prevail as dominant winners.
For institutional investors (public and private), on request, we can do tailored research for your requirements. For all types of investors, here are individual reports you can purchase related to endpoint security:
For institutional inquiries, or to pay for individual (a' la carte) reports, please click Subscribe for more information. From there you can also sign up as Premium subscriber if you wish to.
Why We Believe SentinelOne Is Better Than CrowdStrike - Free
Part 2 Of Mini Security Series: Entry Barriers ( May 2022) - $50
SentinelOne – Data Engineering Brings In Paradigm Shift To The Security Industry (April 2022) - $50
Tailored research requests - price negotiable