There's a lot going on in the data protection and cyber security markets - it can be hard to keep up with all the news. That's where The Competitive Corner's Newsletter comes in, to help curate and distill the most pertinent movers and shakers each month to make your job easier.
There was a lot that went on this month, and to include ALL of it would have made for a very long newsletter so I had to curate the list more than usual. February 2024 had a number of key announcements including the biggest news being the #Cohesity planned acquisition of #Veritas. Other newsmakers this month include #Veeam, #Superna, #Commvault, #Varonis, #Arcserve, #Clumio, and more! Below you'll find a breakdown of why these news items matter to you, links to the original articles, and related blogs for further research and insights.
February 2024 Competitive Headlines:
(click any headline to jump directly to the analysis)
Cohesity set to acquire Veritas' Data Protection business for $3B USD
Superna expands its data security offerings with acquisition of DefendX
Commvault Cloud Platform Release 2024 is now Generally Available + Preview of next SaaS release
Gartner announces Customer Choice 2024 Award Winners for Enterprise Backup and Recovery Software
Varonis adds sensitive data analytics to their Salesforce solution
Cohesity set to acquire Veritas' Data Protection Business for $3B USD
[Link to Original Article]
Why it Matters?
After over 40 years in the industry, Veritas will cease to exist at the end of this year. Cohesity will be acquiring Veritas' data protection business for a cool $3B. This will include the NetBackup (SW & appliances) and ALTA SaaS Data Protection (Hubstor) products, with the remaining ex-Veritas portfolio (Enterprise Vault, eDiscovery, Analytics/Governance products) spun out into a new company that will be known as "DataCo" and run by Lawrence Wong (former SVP of Strategy and Products for Veritas).
The $3B price might seem high, but remember Carlyle paid $8B back in 2016, and Veritas has been in constant decline for market share (dropping from over 22% to less than 10% in just the 2019-2022 time period) as well as drops in revenue as they focused less on acquisition of new customers and more on preservation of their maintenance revenue to keep the lights on. Carlyle gets to eject from the Veritas investment and get a stake in Cohesity who is still hoping to IPO. Cohesity itself has also been rumoured to struggle of late with churn issues for both customers and employees - which would impact growth and revenue. We have 2 legacy, infrastructure centric companies coming together with product portfolios that 100% overlap. When it comes to the future roadmap, I'm highly doubtful that Cohesity will dump their own namesake product, but I could see them swapping in the Veritas Alta SaaS Data Protection (HubStor) behind the scenes as it is a stronger product than their own current offering.
What does Cohesity get out of this? Realistically they get the ego boost of temporarily jumping to #1 in the backup market share (Cohesity had ~3-5% + Veritas ~9% = more than Veeam's 12%), but that will likely short lived due to attrition/churn. Cohesity DOES get access to Veritas' install base which is not inconsequential (and bigger than theirs) and would get them a footprint, in name at least, with 96 of the Fortune 100 companies. Cohesity's plan there should be obvious: try to transition as many of those customers off of the legacy Veritas products to Cohesity.
Superna Expands its Data Security Offerings with New Threat Protection Technology: DefendX
[Link to Original Article ]
Why it Matters?
Unstructured data is growing -- there's no debate there. With that growth come the challenges of intelligently managing and protecting that data from threats. With so much data, how do you know what's of value or what can be archived or outright deleted? What do you prioritize in a recovery? Well, to address half of that puzzle is Superna's existing Cyber Storage solution which provides active monitoring for cyber threats at the data layer itself. Now with this announced acquisition of DefendX (for an undisclosed sum), Superna adds the visibility and classification elements into the mix. With DefendX's abilities around deep understanding of the underlying data, customers will be better able to manage their growing unstructured data volumes.
Superna now has 2 very important tools in their toolbox to help secure and manage unstructured data.
Veeam to Provide Data Backup and Recovery Software for the US Navy with Contract in Total Value of $21 Million
[Link to Original Article]
Why it Matters?
This is a significant win for Veeam, there's no doubt about that, but there are some things to keep in mind:
Veeam launched a subsidiary "Veeam Government Solutions Inc." back in 2021 to focus specifically on winning these types of contracts. The entire board is made up of high ranking ex-military and government staff and spent their efforts lobbying for certifications and business within the US Fed space. Veeam has been working hard to develop their business to win this exact sort of contract.
Anyone who has competed for big government RFPs knows that it's not always the best solution that wins. Hence the term "Military Grade" = The cheapest product that meets the bare minimum requirements of the RFP or contract requirements. Still, it's a big win.
These US Navy deployments will be small, completely isolated installations of Veeam spread across the various ships of the US Navy itself. So, while the size of the contract is large, the Veeam environments will not be. This actually helps skirt the issues of Veeam at scale (ie: they'll be running many small Veeam instances instead of a big one).
Arcserve Makes Sudden Cloud Services Exit, Leaves MSPs Scrambling
[Link to Original Article]
Why it Matters?
Arcserve sent a memo out to their MSP partners on February 12th to advise them that they are terminating sales of Arcserve Cloud Services and Arcserve OneXafe Solo offerings on March 8th. This is part of a general “end-of-life” process they are executing against both products. MSPs currently offering these solutions have also been told by StorageCraft (who merged with Arcserve in early 2021) that they also must use the new increased pricing rates for these products beginning on March 8th. So, not only are MSPs on the hook to find a new solution to migrate their own customers to, they have to now charge their customers a higher fee in the interim to continue using these defunct offerings.
MSPs are understandably fuming over this sudden change, and many have been vocal publicly regarding their unhappiness with StorageCraft - even citing their decisions to stick with the vendor even after StorageCraft suffered backup data loss in 2022.
Commvault Cloud Platform Release 2024: True Cyber Resilience for the Hybrid Enterprise
[Link to Original Article]
Why it Matters?
Commvault announced the general availability of their Platform 2024 release. Now, if any of these features sound familiar, it's because Commvault did some early announcements for this release back in Q3 -- this is just to let everyone know that all those EA features are now GA :)
These can be pretty large updates with a list of additions, fixes, tweaks, and enhancements so let's look at the highlights:
(enhanced) Ongoing consolidation and visual improvements of the main Commvault "Cloud" console, aiming to reduce the number of dashboards you need to hop through to execute tasks
(new) Threatwise Advisor: Building on the Threatwise "Threat Deception" technology (TrapX was acquired in Feb 2022), this feature aims to proactively assess the environment and recommend ideal deployment locations for their decoy sensors. This only applies to customers looking to use the Threatwise technology.
(new) Threat Scan Predict: Aimed at better detection of zero-day and polymorphic/AI-driven malware, this is the next iteration of Commvault's AI threat detection abilities with some fresh marketing
(new) Cleanroom Recovery: Commvault can help automate the creation of a virtual isolated recovery zone to stage and test recovery or perform forensics on potentially infected systems.
(enhanced) Commvault's scale-out appliance, HyperScale X, is supported on a number of vendor platforms. With this latest release their HyperScale X platform is available on a wider variety of Dell hardware options
Lots more! Full list here
In addition, Commvault teased some upcoming enhancements for their SaaS (Metallic) platform scheduled for mid-March:
(enhanced) Risk Analysis for M365: This is simply the extension of their existing "Sensitive Data Governance" features (rebranded last year as "Risk Analysis") to now be supported from the Metallic SaaS platform and cover analysis of M365 data sets. This is positioned to identify sensitive data and proactively alert administrators so they can respond and ensure that data is properly being managed.
(new-ish) Auto Recovery for VMs: This DRaaS-like service has been available for some time as part of the core Commvault platform, but will soon be offered via their SaaS (Metallic) service. Auto Recovery provides orchestration and failover for DR situations and the upcoming SaaS version appears like it will be limited to just VMs for the time being.
(new-ish) Threat Scan support for files: There is not quite feature parity between the core-Commvault platform and the Metallic SaaS product, with many features and capabilities only existing in one product or the other. However, Commvault is working to reduce that list of items that can't be found in both. This is the case here as most of the features for Threat Scan (Commvault's malware detection feature set) were only available via the Core Commvault platform. It appears as though in mid-March this will be available for scanning file data protected by Metallic for malware.
Regardless of rebranding the entire platform as "Commvault Cloud", there are still fundamentally 2 products underneath which do not yet offer the same features/functions - though Commvault is certainly aiming at getting closer to parity in the long term.
Clumio Announces $75M Series-D and 4x YoY growth in ARR
[Link to Original Article]
Why it Matters?
In January 2021, Clumio made the decision to focus their backup portfolio solely on protecting AWS native workloads. They cut their limited on-prem product (VMware only) and even (temporarily) halted sales of their M365 backup solution - though they reneged on that less than a quarter later and made it available again. Their goal was to pivot and become a "cloud-first" vendor. This shift in focus also led to 2 major rounds of layoffs with sources claiming that ~2/3 of their sales staff (yes...66%) was let go.
So, to summarize what's led up to this: Clumio not only cut their staff, but also reduced their addressable market to focus on protecting:
EC2/EBS
S3
RDS, SQL on EC2, DynamoDB, and
Microsoft 365
Now, let's look at today's news! Clumio has announced a fresh $75M infusion of Series-D funding, bringing their total funding to $261M over 4 rounds. In addition to the funding news, Clumio also shared that they have seen 4x growth in ARR in 2023 with that revenue figure sitting "well into the double-figures in millions" which leads me to estimate their ARR at no more than about ~$30M-ish. They've also disclosed that they currently are protecting over 100PB of customer data. Clumio cut their TAM and cut their sales capabilities, so any growth will move that needle a lot, but this is yet another sign that the market demand is driving towards SaaS backup.
Gartner 2024 Customer's Choice Awards announced for Enterprise Backup and Recovery Software Solutions
[Link to Original Article]
Why it Matters?
Every year Gartner publishes their Customer Choice list of solutions based on the reviews on the Gartner Peer Insights pages. Druva, Rubrik, and Cohesity were all recognized this year. Veeam, Commvault, and Dell were not. These are all decided based on customer reviews submitted to the Gartner Peer Insights, and they serve as excellent insights into how these products are working in the real world. The Peer Insights are useful resources for seeing what customers really are enjoying (or finding challenging) about the solutions they are leveraging. Well worth checking in on them now and again to balance the marketing vs. the customer reality.
Varonis delivers market-leading Salesforce security
[Link to Original Article]
Why it Matters?
Varonis continues to expand their data classification capabilities with the addition of in depth analysis of Salesforce data. Announced is a new capability to look inside Salesforce records, fields, files, and even attachments to find and classify sensitive information within those data sets. With the sensitive data identified, Varonis can then level their other analytics against it to help understand if there is a need to right-size permissions to the data (such as guest users or contractors who still have access), detection of potential exfiltration attempts, finding misconfigurations and other vulnerabilities within the Salesforce instance, and more.
There is a ridiculous amount of critical and sensitive data that is stored in Salesforce and other CRM tools, and the ability to lock it down (or at least see what's in there) is going to become increasingly important as the threats continue to escalate.
In addition to this news Varonis has added its own monitoring services to their existing threat detection technology to create a new "MDDR" offering for customers. This 24x7 service will help detect and respond to threats faster by adding in an actual human keeping watch over the environment at all times. These security experts will help evaluation threats, and even determine if there was potential exfiltration of data. While Varonis claims this is an "industry first", they actually are not the first to add this sort of monitoring service to their portfolio. Vendors like Druva have been augmenting customer service desks with 24/7 monitoring for some time.
We're seeing more and more organizations starting to provide cyber security services on top of their own detection technology, and I'd expect this trend to continue.
Kyndryl and Veeam Announce Global Strategic Alliance to Deliver Comprehensive Cyber Resiliency
[Link to Original Article]
Why it Matters?
Kyndryl was the old "IBM Global Services" professional services and consulting organization that was spun off of IBM a few years back. They are experts in delivering enterprise IT services across a wide portfolio. The timing of the Veeam addition to their list of alliances is interesting though as it comes just a few weeks after the announcement of the upcoming Cohesity acquisition of Veritas. Veritas was the only standalone backup offering available from Kyndryl, so perhaps they are making sure they have a "backup" solution they can position for customers.
This is also another step in the Veeam campaign to try and break into the enterprise market. Don't expect Kyndryl to be walking into all of their customers and looking to swap out their existing solution with Veeam, that's not how this works -- Kyndryl has no product allegiance and will work with whatever products the customer directs them to.
That said, do not be surprised if Veeam comes up in conversations where Kyndryl is engaged and looking for greenfield opportunities.
Introducing Acronis Cyber Protect 16: A new benchmark in easy and fast recovery after cyber attacks and data loss
[Link to Original Article]
Why it Matters?
This week, Acronis announced the general availability of Cyber Protect 16. Cyber Protect is one of many Acronis products that make up the Acronis Cyber Protect Cloud (MSP only), but is also available for home, business, and enterprise customers - however, Acronis' main GTM focus remains the SMB and MSP markets.
In this latest release of Cyber Protect, they have added the following features:
One-Click Recovery - This DR feature is meant for smaller scale recovery of entire systems as part of a single operation. This feature is available for endpoints and includes BMR capabilities for physical systems.
Immutable Backup Storage - Pretty self-explanatory, but apparently it was not available previously. Acronis is spinning this as "Cyberthreat protection", but it does not include any detection capabilities - just immutability.
Endpoint Detection & Response (EDR) - While Acronis introduced their EDR product a year ago, it was only available for MSP partners. With the release of Acronis Cyber Protect 16, the EDR security features are now available to their broader customer base.
Centralized Dashboard
While many of these features seem mundane, Acronis has a security heavy portfolio that extends outside of just backup and can help them get a seat at the table.
Written by Matt Tyrer. These posts reflect my own opinion and are not necessarily the opinion of my employer.
Comments