The privileged access management (PAM) market – also known as privileged identity management or privileged user management – has been around for decades, yet by most accounts the sector has not quite gained the notoriety (and budget dollars) of its 'sexier' infosec relatives such as advanced threat detection, anti-malware or even its close cousin, identity and access management. That appears to be changing, thanks in part to the deluge of security breaches in the past year that have garnered tons of press and raised awareness of the importance of protecting high-value targets and resources. The common denominator of many of these incidents is that after the initial breach, most attackers look to move laterally within the organization and target privileged accounts or credentials that provide access to sensitive and potentially valuable information. After digesting a string of acquisitions that took place during a rollup strategy put in place under a previous management regime, BeyondTrust has devoted several years and numerous product releases to ensuring that all of the pieces fit together, the centerpiece of which is a new platform plan that brings together its various privileged and vulnerability management products behind a single interface, BeyondInsight. Under new private equity (PE) owner Veritas Capital, the company has embarked on an aggressive hiring initiative to help it maintain a growth rate in excess of the PAM market.
The 451 Take
As we have commented regarding other areas of information security (infosec), platform strategies are inherently sensible – tying together multiple products behind a single UI should be a relief to beleaguered CISOs that are already struggling to manage a mélange of point products, with cloud, mobile and 'big data' likely to place additional strains on already stretched internal security staff. Of course, the challenge is to provide a truly integrated suite and not just cobble together a bunch of second-rate offerings, and though BeyondTrust has made great strides tying its acquired properties together, there is still room for further integration work and feature enhancements. That said, the PAM space still largely consists of niche providers that solve discrete pieces of the privileged management puzzle, and a more comprehensive platform could resonate with customers seeking more than short-term tactical services. While the PAM market is growing significantly, the vulnerability management (VM) space is a mature, slower-growth one. The logic of combining PAM and VM is sound, but the reality is that the two sectors have historically addressed different internal buying centers, and synergies between them have been slow to materialize.. However, thanks to the growing role of privilege abuse in recent data breaches, we sense that is slowly changing. Until the tide fully turns, the VM side of the house