Cybersecurity is red-hot for investors — here's what Duo, Splunk, Tanium and the rest of those companies actually do

  • Cisco is buying identity and access management company Duo Security for $2.35 billion.
  • The cybersecurity market is red-hot for private and public investors alike.
  • Here's a helpful guide to cut through security jargon and understand what all these companies actually do.
Dug Song, left, and Jon Oberheide of Duo Security
Source: Duo Security
Dug Song, left, and Jon Oberheide of Duo Security

Cisco announced on Thursday that it would acquire Duo Security, a company that specializes in products that help companies manage identity and secure access to devices, for $2.35 billion.

Cisco's move makes sense. One of the most pressing issues in cybersecurity today is how to authenticate users, or prove that they are who they claim to be. It's the problem that leads to some of the cybercrimes most expensive to business -- like email compromise, wire fraud and theft of valuable intellectual property. It's also at the root of the attacks suffered by the Democratic National Committee in the 2016 election.

Duo Security is just one of the companies that fall under the banner of identity and access management, a cybersecurity discipline which itself is just a slice of the overall cyber market.

This is a quick snapshot of that market and some of its established and emerging players. Several of these companies have multiple offerings in each space, but to keep list narrow, we've focused on one key offering per company.

Identity and access management: Controlling who gets in

Companies like Duo, LogMeIn, RSA Security and Okta provide a variety of ways for companies to manage who has access to various applications and computers. They're increasingly focusing on mobile devices.

Most large technology companies also have add-on products for identity management. Some companies are moving toward biometric solutions to either replace or augment passwords, which are increasingly proving to be vulnerable. In January, Facebook acquired Confirm.io, a company that in part provides biometric identity verification. Microsoft launched a number of biometric login enhancements with its new operating system.

Companies like Yubico and Google are expanding offerings of hardware as well, including USB-drive security keys that can be used to authenticate users. Google has said their product has completely eliminated account takeovers internally at the technology company.

Security operations: Managing threats

Many companies have a small cybersecurity staff, but need more people to monitor their networks and flag incoming threats around the clock. Some companies provide a comprehensive line of services for this, including fully staffed security operations centers.

Fully-managed operations services are available from cybersecurity companies like Trustwave and AlienVault, and traditional technology companies like IBM and consulting firms like Ernst & Young.

There are also thousands of software options for the professionals who work in security operations. The main purpose of this software is to wrangle, sift through and make sense of the millions of security alarms, warnings and incidents happening at once, all of which security professionals have to monitor. One goal is to help companies identify attempts to break in as they're happening, so corrective action can be taken. These products often use a combination of machine learning and monitoring of "endpoints," or all devices in a company.

Companies like Splunk, Tanium and LogRhythm offer analytic products to help make sense of incoming information. Companies with intrusion detection offerings include Corero, Juniper Networks, and HP Enterprise, as well as some of the big ISPs that cater to companies, including AT&T and CenturyLink.

Cyber-risk: Figuring out what could go wrong

Thousands of companies help analyze cybersecurity risks through so-called "tabletop" exercises, in which companies hire consultants to do a dry run of a cyber attack with the goal of identifying gaps. Some of the biggest are consulting practices within FireEye, Booz Allen Hamilton and Marsh & McLennan Companies.

Companies like Tenable, Qualys and Rapid 7 try to quantify risk for a board-level audience, with a focus on managing vulnerabilities. They provide software and other tools that take into consideration changing threats, regulations and cyber intelligence, to try to capture the ever-changing risk portrait for the board, c-suite and cybersecurity executives.

Since any type of risk mitigation, including risk from cyber attacks, is usually handled by buying insurance to cover possible costs of a disaster, many insurance companies have expanded to include cybersecurity services in recent years. Sometimes these services come as part of an cyber insurance package, involving a risk assessment and help identifying and fixing problems. In other cases, insurance companies provide ongoing monitoring services or program recommendations that could help lower a company's premiums.

Insurance companies like Chubb, AIG and Hiscox have added a variety of tools meant to calculate cyber-risk and make recommendations for filling in gaps. Insurance company Aon recently launched a software risk management platform, with the backing of Apple and Cisco.

Data loss: Closing the door before it's too late

Tools for monitoring data loss have become increasingly important, as companies have sought to catch sensitive data moving outside corporate firewalls before it's too late.

Companies including Symantec, McAfee, Proofpoint and Check Point all offer software products meant to catch data loss before it becomes a huge problem, whether that loss is from an outside criminal or an insider intent on stealing intellectual property.

Antivirus/malware prevention: Stopping attackers from planting tools

Many of the names in the data loss market, like Symantic and McAfee, may sound familiar, as most got their start in the traditional antivirus software market, monitoring for viruses and their later more sophisticated malware offshoots.

Other names still going strong in the anti-virus and anti-malware market also include Malwarebytes, Bitdefender and the controversial but still popular Kaspersky Labs.

Security architecture: Putting up walls

Corporations have traditionally sought comprehensive tools to help build the backbone of their cyber defenses, including multiple firewalls to keep out intruders and segmented networks to prevent problems like the breach that affected Equifax last year.

Companies like CA Technologies, Fortinet and Palo Alto Networks are big names that provide security architecture services, including company-wide device monitoring, setting up firewalls and segmenting networks.

Building and monitoring "perimeter security" also is a key area of focus for security architects. Perimeter defense is also a primary offering of cyber companies Carbon Black and Crowdstrike.

Investigations and forensics: Figuring out what went wrong

Companies like Stroz Friedberg, Akamai and Kroll are on the speed-dial of many cybersecurity executives.

These firms offer response services to active incidents as well as the computer forensics necessary to help determine what happened, where and why after a breach has occurred.