Morgan Stanley
  • Research
  • Aug 11, 2021

New Investor Opportunities Emerge in Cloud-Era Cybersecurity

As cyber threats follow enterprises into the cloud, two key software markets are set to converge into a single discipline for more effective threat prevention, detection and response. A look at the opportunities for investors.

As companies accelerate the move of their operations, applications  and digital services into the cloud, security challenges have intensified. Tools that were once effective at diagnosing and monitoring the performance of IT infrastructure are now falling short, requiring a more modern approach.

“Cloud-era IT architectures have become much more dynamic and distributed, making them harder to monitor and analyze,” says equity analyst Keith Weiss, who heads U.S. Software Research. “Data often gets trapped in silos, limiting a company’s overall ability to detect and quickly respond to alerts.”

To mitigate new threats, two previously distinct markets, Security Analytics and Observability, are poised to converge into a combined discipline, enabling more effective threat prevention, detection and response.

“This trend towards convergence and next-generation cyber analytics could result in significant M&A activity and market share shifts. This means key beneficiaries in both the Security and Observability ecosystems could be poised to grow at least twice the rate of the current market,” says Weiss.

Together, Security Analytics and Observability represent a large addressable market forecast to grow from about $18 billion today to $28 billion by 2024—an 11% compound annual growth rate.

Core Observability and Security Analytics Poised to Grow at an 11% Annual Growth Rate to $28 billion by 2024

Source: IDC, Gartner and Morgan Stanley Research

Sizing Up the Next-Gen Cybersecurity Market

The first market, Security Analytics, is the more traditional approach largely tied to on-premise application architectures. It uses data collection, data aggregation and analysis tools for threat detection and security monitoring. These tools allow an organization to analyze security events to detect potential threats before they can negatively affect the company's infrastructure.

However, as enterprises built new digital services and moved more of their applications to the cloud, this approach became more limited in its effectiveness.

Enter the second market, Observability, which takes a more wholistic approach, analyzing the internal state of a system. This allows companies to understand a system’s inner workings and uncover deeper, systemic issues.

In simplest terms, Security Analytics monitoring tells security teams something is wrong. Observability enables them to understand why.

Convergence and Big Data Analytics

The emerging, combined model advances protection by centralizing data, then enabling data and event correlation at massive scale. It also accelerates remediation times by establishing a centralized and automated response capability. This approach will ultimately require vendors to marry security domain expertise with strong capabilities in data analytics/machine learning in the cloud.

“We see two distinct groups vying for the convergence opportunity,” says Weiss. “Cloud security firms who have the domain expertise, but often lack big data analytics capabilities, and observability players who have developed strong capabilities in large scale data integration and event correlation, but who lack security domain expertise.”

The relative strengths and weakness between these two groups have been a key factor in the pickup in M&A activity as companies position for the future.

The Strategic High Ground

For investors eyeing opportunities, cloud security vendors may have an advantage, at least initially. “While the Observability players may have a better ability to digest and analyze large amounts of data versus those primarily in the security domain, we expect the market to favor converged solutions from cloud security vendors in the near-term,” says Weiss. “This is largely due to their deeper level of domain expertise and closer relationships with decision makers in the security department.”

However, opportunities may also exist for modern observability players among mid-market customers running a cloud operating model. This reflects a growing trend towards convergence across development, operations and security teams for these types of customers.

“Building upon core capabilities in data correlation and machine learning analytics, we see Observability vendors playing an increasingly important role by unifying data across teams, leading to real-time intelligence and more nimble responses to threats.”