Malwarebytes Does Layoffs, to Split Consumer, Corporate Arms – Source: www.govinfosecurity.com

Endpoint Detection & Response (EDR)
,
Endpoint Protection Platforms (EPP)
,
Endpoint Security

Endpoint Security Firm Lays Off At Least 100 Employees, CIO, CPO, CTO All Departing

Michael Novinson (MichaelNovinson) •
August 31, 2023    

Antivirus stalwart Malwarebytes laid off at least 100 employees this week and plans to split its consumer and corporate-facing business units into separate companies.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

The Silicon Valley-based endpoint security company cut between 100 and 110 workers and has in recent weeks axed its chief product officer, chief information officer and chief technology officer. The overhaul precedes Malwarebytes splitting into an enterprise-facing organization focused on managed and endpoint detection and a consumer organization offering identity protection and VPN, TechCrunch reported.

“A profitable business is a viable business,” Malwarebytes CEO Marcin Kleczynski told TechCrunch. A Malwarebytes spokesperson confirmed the layoffs to Information Security Media Group, but didn’t respond to questions about separating the consumer and enterprise businesses (see: Malwarebytes Cuts 14% of Staff to Narrow Focus on SMB).

Brain Drain in the C-suite

The layoffs were accompanied by a C-suite exodus, with TechCrunch reporting that CIO Greg Higham, CPO Mark Strassman and CTO Adam Hyder have all left the company. None of the executives are still listed on Malwarebytes’ website, and Kleczynski told TechCrunch the company made leadership changes as part of the “strategic reorganization.” Higham has now joined advisory firm StrataFusion as a partner.

Kleczynski told TechCrunch the layoffs affected employees globally and were an exercise in rationalizing expenditures. The job cuts follow Chief Operating Officer Barry Mainz’s November departure to become CEO of Forescout and the exit of CISO Laura Whitt-Winyard, SVP of Global Sales Amy Appleyard, CMO Dariusz Paczuski, VP of Cloud Ops Brian Morehead and VP of Demand Gen Brian Smith since May 2022 (see: Forescout Gets 4th CEO Since 2020, Hires Barry Mainz).

The latest cuts come almost exactly a year after Malwarebytes eliminated 14% of its global workforce, or about 125 employees, to prioritize growth with small and midsized customers. A month after that, Malwarebytes received a $100 million minority investment from private equity firm Vector Capital to accelerate momentum with channel partners and consolidate the company’s ownership structure (see: Malwarebytes Gets $100M Weeks After Laying Off 14% of Staff).

Just last week, Malwarebytes bought online privacy startup Cyrus for an undisclosed amount to examine social media, dark web content and a person’s online presence to flag early indicators of irregularities. Cyrus will become part of Malwarebytes’ consumer business unit, which has been led by former Digital Trends and Corel executive Mark Beare since August 2022.

Malwarebytes has failed to gain much traction in the corporate endpoint security market, holding just 1% market share after growing its business by only 6.4% from $119.1 million in 2021 to $126.7 million in 2022, market intelligence firm IDC found. The company appeared in neither this winter’s Gartner Magic Quadrant for Endpoint Protection or last year’s Forrester Wave for Endpoint Detection and Response.

Following in Symantec, McAfee’s Footsteps

Malwarebytes is today the only U.S.-based endpoint security firm with both a consumer and enterprise arm. Symantec sold its enterprise unit to Broadcom for $10.7 billion in 2019 and merged its consumer team with Avast in 2022 to form Gen Digital. McAfee’s enterprise unit and FireEye’s product team came together in 2021 to form Trellix, while Advent and Permira bought McAfee’s consumer division in 2022.

Once Malwarebytes separates its consumer and enterprise divisions, the only endpoint security firms serving both home users and businesses will be based in Europe: Bitdefender, Eset and Kaspersky. In the authentication and password management space, a number of companies continue to serve both consumers and enterprises including 1Password, Aura, GoTo and LastPass.

Kleczynski told ISMG in April that the lack of a dedicated security operations center can make it difficult for smaller organizations to benefit from security tools. To streamline security, he said it’s critical to have a user-friendly interface and experience that is easy to comprehend and understand (see: Strengthening Cybersecurity for Organizations Without a SOC).

“You can’t expect an SMB to shell out hundreds of dollars per endpoint to just protect devices,” Kleczynski said during RSA Conference 2023. “This needs to be a compelling and comprehensive offering – from email to DNS to vulnerability and patch management – trying to bring all of that into a single console, single pane of glass, for a pretty compelling price.”