XM Cyber, a leading cyber threat intelligence and breach and attack simulation provider, recently announced their acquisition of Confluera, which offers autonomous detection and response (ADR) solutions. Industry analysts have had mixed reactions to the acquisition – while some are positive about the merger, others have expressed caution. With the expertise of both companies now combined, XM Cyber aims to deliver an improved level of protection against cyber threats.
According to Tom Croll of Lionfish Tech Advisors, XM Cyber seems to be a neo on-premises Breach Attack Simulation (BAS) or SOC tool with some cloudy features, such as attack path management. He notes that their core technology seems like it could be redeployed for public cloud without much effort, but there are concerns that the company may not be inherently public cloud-native.
Despite mixed reactions, the acquisition signals the need for consolidation in the cybersecurity landscape. The growing importance of a multifaceted approach to defense means that the newly formed entity could provide customers with a more comprehensive view of their security posture, enabling them to detect and respond to threats more effectively and efficiently. This is critical, given the increasingly complex and dynamic threat environment that businesses face.
Executives from XM Cyber and Confluera have stated that the advantages of the combined offering lie in the ability to provide organizations with a more holistic view of their cybersecurity posture. Confluera’s ADR technology gives XM Cyber customers access to real-time threat intelligence and incident response capabilities, enabling them to more effectively prioritize and address vulnerabilities in their security infrastructure.
However, while Croll acknowledges that the addition of Confluera gives XM Cyber a truly cloud-native capability, there are elements missing in the combination to really be considered “a fully-functioning CNAPP” platform. These include software composition analysis, DevSecOps integration, and extensive CIEM features.
The acquisition is part of a broader trend in the cybersecurity sector, as companies look to consolidate and strengthen their offerings to meet the evolving needs of their customers. As businesses around the world grapple with the challenges of digital transformation and the growing threat of cyberattacks, more acquisitions and partnerships among smaller providers like these will be more likely. It remains to be seen exactly how the merger will play out, but the future looks promising for the newly-formed entity.