information security: wave 16 reference technology · pdf fileinformation security: wave 16...

© 2013 451 Research, LLC. www.451research.com

Information Security: Wave 16

Reference Technology Roadmap Allowing comparison of all 48 technologies tracked in the study, this high-level reference contains the Technology Heat Index, the Adoption Index, leading vendor tables, overall technology roadmap and spending charts. It also indicates what is included in the more detailed reports based on each technology segment covered in the study.

WWW.451RESEARCH.COM NEW YORK · BOSTON · WASHINGTON DC · SAN FRANCISCO · SEATTLE · DENVER · LONDON · SAO PAULO · DUBAI · SINGAPORE


About TheInfoPro’s Information Security Study

TheInfoPro’s Information Security Study takes an in-depth look at key industry trends and tracks the performance of individual vendors. Now in its eleventh year, this study was finalized in December 2013 and is based on 207 interviews.

TheInfoPro’s methodology uses extensive interviews with a proprietary network of IT professionals and key decision-makers at large and midsize enterprises. Each interview explores several fundamental areas, including the implementation and spending plans for technologies, evaluations of vendors observed from business and product perspectives, macro IT influences transforming the sector, and factors affecting decision processes. Results are collated into comprehensive research reports providing business intelligence in the form of technological roadmaps, budget trends and vendor spending plans and performance ratings.

Examples of Vendors Covered in the Study

Aruba Networks Blue Coat Systems Check Point Cisco Dell

EMC (RSA) FireEye Fortinet Guidance Software Hewlett-Packard

Imperva Juniper Networks McAfee Microsoft Palo Alto Networks

Qualys Sophos Sourcefire Symantec Websense

About the Author This report was written by Daniel Kennedy, Research Director for Networking and Information Security. Daniel Kennedy is an experienced information security professional. Prior to joining 451 Research, he was a partner in the information security consultancy Praetorian Security LLC, where he directed strategy on risk assessment and security certification. Before that, he was Global Head of Information Security for D.B. Zwirn & Co., as well as Vice President of Application Security and Development Manager at Pershing LLC, a division of the Bank of New York. Kennedy has written for both Forbes online and Ziff Davis, has provided commentary to numerous news outlets, including The New York Times and The Wall Street Journal, and his personal blog, Praetorian Prefect, which was recognized as one of the top five technical blogs in information security by the RSA 2010 Conference. Kennedy holds a master of science degree in information systems from Stevens Institute of Technology, a master of science in information assurance from Norwich University, and a bachelor of science in information management and technology from Syracuse University. He is certified as a CEH (Certified Ethical Hacker) from the EC-Council, is a CISSP, and has a NASD Series 7 license.


Guide to Information Security Study Reports A wave of research produces a series of reports that are published approximately in this order:

Source: Information Security – Wave 16 |

2014 INFORMATION SECURITY OUTLOOK

IT professionals describe how 2014 looks for budgets, projects and pain points with time series charts to give perspective to the coming year.

INFORMATION SECURITY METRICS Benchmarking organization efficiency, this report contains metrics about staffing, organization structure, the existence of written policies, compliance and internal security.

REFERENCE TECHNOLOGY ROADMAP Allowing comparison of all 48 technologies tracked in the study, this high-level reference contains the Technology Heat Index, the Adoption Index, leading vendor tables, overall technology roadmap and spending charts. It also indicates what is included in the more detailed reports based on each technology segment covered in the study.

APPLICATION SECURITY TECHNOLOGY ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers five technologies including: Web application firewalls, application security testing and database security.

INFRASTRUCTURE SECURITY TECHNOLOGY ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 17 technologies including: endpoint and network data-loss prevention (DLP), mobile device security and tokenization.

NETWORK SECURITY TECHNOLOGY ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 12 technologies including: firewalls, NIPS, NAC, UTM, anti-spam and SSL VPNs.

SECURITY MANAGEMENT TECHNOLOGY ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 14 technologies including: Mobile device management, SIEM, event log management, IT GRC, threat intelligence and computer forensics.

VENDOR VULNERABILITY AND SPENDING

This report allows you to compare IT professionals’ spending intentions and loyalty ratings for 16 vendors.

VENDOR MARKET WINDOWS AND RATINGS

TheInfoPro’s unique Market Window uses IT professionals’ ratings of vendors on 14 separate criteria to calculate scores for Vendor Promise and Vendor Fulfillment, allowing comparison of vendors’ effectiveness at strategy, marketing, delivery and execution.

CUSTOMER ASSESSMENTS FOR INDIVIDUAL VENDORS

Summarizing IT professionals’ assessments for each of 16 vendors, this report profiles individual vendors based on spending, vulnerability, and ratings on 14 categories. Time series are included.

NARRATIVES Compiling open-ended commentary from in-depth interviews with IT professionals, you hear the direct ‘voice of the customer’ discussing technology, their industry and the future of this sector.

MARKET DYNAMICS Designed for IT professionals, this report captures highlights from the complete study, and provides business intelligence in the form of technological roadmaps, budget trends and voice-of-the-customer narratives.


Table of Contents

About TheInfoPro Information Security Study 2

Principal Findings 5

Implementation Plans 6

Spending Plans 7

Technology Heat Index and Leading Vendors 9

Appendixes

Methodology, Sample Variation, Demographics 17

How to Interpret the Data 18



Principal Findings

• Mobile device management (MDM) had the strongest spending intentions in 2013; 41% of respondents said their enterprises increased spending as a management response to employees’ ‘bringing your own devices’ (BYOD) to work. Spending on MDM is expected to improve in 2014, with 46% of respondents planning to increase spending.

• Cloud-specific security solutions are implemented in less than 15% of enterprises now, but expect that to change, potentially doubling in penetration over the next 18 months. Forty-three percent (43%) of security managers say securing the hybrid cloud is a priority.

• Firewalls, both standard stateful ones and newer ‘application-aware’ products, both had healthy spending allocations in 2013, placing second and third respectively in the list of technologies the greatest percentage of security managers increased spending on.

• Next year, security information and event management (SIEM) climbs to second place behind only MDM in spending, as security managers continue their renewed focus on proactive monitoring and reaction to security incidents in addition to preventative controls.

• According to TheInfoPro’s proprietary Heat Index, a measure of the immediacy of user needs around a security technology, endpoint data-loss prevention (DLP) takes the pole position. Compliance concerns around both customer custodial information and firm intellectual property continue to drive DLP adoption, currently led by endpoint security titans Symantec and Intel’s McAfee.

• The aforementioned phenomenon of employees connecting personal devices to the company network, BYOD, sees MDM climb to third in the Heat Index and has also driven network access control (NAC) from a more stagnant technology to sixth place.



Information Security Technology Roadmap

Q. What is your status of implementation for this technology? n=198-205. Source: Information Security – Wave 16 |

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 55% 60% 65% 70% 75% 80% 85% 90% 95% 100%

Cloud Security Information or Digital Rights Management

TokenizationUnified Threat Management (UTM) Mobile Device Security (Not MDM)

Network Data-loss Prevention Solutions Virtualization Security

Network Access Control (NAC) Multifactor Authentication for Web-based Applications

File Integrity MonitoringAdvanced Anti-malware Response

Application Security Testing – External Interface Fuzzing or Testing Vulnerability Assessment Threat IntelligenceDatabase Security

Endpoint Data-loss Prevention SolutionsIT GRC (Governance, Risk, Compliance)

Managed Security Service Provider (MSSP)Application Security Testing – Code or Binary Analysis-based Vulnerability Assessment

Anti-botnet Web Application Firewall (WAF)

Secure Instant MessagingApplication-aware Firewall

IT Security Training/Education/AwarenessPolicy and Configuration Management

Key Management and/or Public Key Infrastructure Host Intrusion Detection and/or Prevention (HIDS/HIPS)

Single Sign-onIdentity Management

Computer ForensicsMobile Device Management

Hard Drive EncryptionEmail/Messaging Archiving/Compliance

Security Information Event Management (SIEM)Secure File Transfer

Email Encryption Two-factor (Strong) Authentication for Infrastructure (e.g., VPN, Remote Access)

Event Log Management System Laptop Encryption

Anti-spywareWeb Content Filtering

Penetration Testing Vulnerability/Risk Assessment/Scanning (of Infrastructure)

Network Intrusion Detection and/or Prevention (NIDS/NIPS)SSL VPNs

Patch ManagementAnti-spam/Email Security

Network FirewallsAnti-virus

In Use Now (Not Including Pilots) In Pilot/Evaluation (Budget Has Already Been Allocated) In Near-term Plan (In Next 6 Months)In Long-term Plan (6-18 Months) Past Long-term Plan (Later Than 18 Months Out) Not in PlanDon't Know


2013 vs. 2012 Spending Change for Information Security Technologies

Q. How will your spending on this technology change in 2013 as compared to 2012? n=45-201. Data from respondents not using the technology or that don't know about spending are hidden. Source: Information Security – Wave 16 |

3% 4%

3% 2%

3% 2%

1% 1%

3% 2%

2% 1% 1%

1% 1%

1% 1%

1%

3%

1% 4%

3% 1%

1% 3%

2% 1% 3%

3% 2% 4%

2% 1%

3%

2% 5%

1%

89% 84%

87% 86%

85% 86% 83% 82%

84% 82%

73% 83% 82% 81%

79% 75%

77% 80%

80% 72%

73% 76%

74% 71%

74% 70%

72% 56%

73% 73%

72% 70%

64% 71% 71% 69%

66% 65%

65% 65% 62%

57% 62%

63% 59%

60% 54%

53%

7% 9% 9%

10% 11% 11%

12% 12% 12% 13% 13% 14% 14% 14% 14%

16% 16% 17% 17%

18% 19% 20% 20% 20%

21% 21% 21%

22% 22% 23%

24% 24% 24% 25% 25%

26% 26%

27% 29% 29%

30% 30%

31% 32% 32%

34% 39%

41%

Host Intrusion Detection and/or Prevention (HIDS/HIPS)Hard Drive Encryption

Anti-spywareAnti-spam/Email SecurityFile Integrity Monitoring

Anti-virusPenetration TestingThreat IntelligenceLaptop Encryption

Patch ManagementInformation or Digital Rights Management

Email EncryptionEmail/Messaging Archiving/Compliance

Key Management and/or Public Key InfrastructureSecure File Transfer

Database SecurityMultifactor Authentication for Web-based Applications

Vulnerability/Risk Assessment/Scanning (of Infrastructure)Secure Instant Messaging

Single Sign-onApplication Security Testing – External Interface Fuzzing or

Policy and Configuration ManagementTwo-factor (Strong) Authentication for Infrastructure (e.g.,

Virtualization SecurityAdvanced Anti-malware Response

Computer ForensicsWeb Content Filtering

Cloud SecuritySSL VPNs

Anti-botnetWeb Application Firewall (WAF)

Application Security Testing – Code or Binary Analysis-based Mobile Device Security (Not MDM)Unified Threat Management (UTM)

TokenizationEndpoint Data-loss Prevention Solutions

Network Access Control (NAC)IT Security Training/Education/Awareness

Managed Security Service Provider (MSSP)Event Log Management System

Network Intrusion Detection and/or Prevention (NIDS/NIPS)IT GRC (Governance, Risk, Compliance)

Identity ManagementSecurity Information Event Management (SIEM)

Network Data-loss Prevention SolutionsApplication-aware Firewall

Network FirewallsMobile Device Management

Less Spending About the Same More Spending


2014 vs. 2013 Spending Change for Information Security Technologies

Q. How will your spending on this technology change in 2014 as compared to 2013? n=45-201. Data from respondents not using the technology or that don't know about spending are hidden. Source: Information Security – Wave 16 |

5% 4% 3%

4% 4%

4% 5% 6%

3% 3%

2% 2%

4% 9%

4% 3%

3% 11%

1% 9%

2% 5%

5%

4% 1%

4% 13%

1% 2%

3% 5% 8%

2% 3%

6% 10%

8%

10% 5%

8% 2%

2%

7% 4%

83% 83% 82%

84% 82%

83% 80% 78%

76% 71%

79% 76% 74%

69% 72%

73% 70%

71% 65%

71% 66%

64% 63%

64% 68%

58% 63% 62%

53% 66%

63% 60%

51% 49%

58% 52%

54% 51%

51% 54%

46% 50% 48%

53% 48%

32% 44% 42%

7% 10% 10% 10% 11% 11%

13% 14%

15% 16%

17% 18%

19% 20% 20% 21% 21% 21% 22%

23% 23%

24% 26% 26% 26%

27% 28% 29% 29% 30%

31% 32%

33% 34% 34% 35%

36% 36% 37% 37%

39% 40%

40% 42% 42%

44% 46% 46%

Anti-spam/Email SecurityPatch ManagementPenetration Testing

Anti-spywareHard Drive Encryption

Laptop EncryptionAnti-virus

Host Intrusion Detection and/or Prevention (HIDS/HIPS)Secure File TransferComputer Forensics

Email/Messaging Archiving/ComplianceVulnerability/Risk Assessment/Scanning (of Infrastructure)

File Integrity MonitoringSSL VPNs

Secure Instant MessagingEmail Encryption

Application Security Testing – External Interface Fuzzing or Key Management and/or Public Key Infrastructure

Web Content FilteringThreat Intelligence

Two-factor (Strong) Authentication for Infrastructure (e.g.,Single Sign-on

IT Security Training/Education/AwarenessAnti-botnet

Multifactor Authentication for Web-based ApplicationsInformation or Digital Rights Management

Database SecurityAdvanced Anti-malware Response

Managed Security Service Provider (MSSP)Policy and Configuration Management

TokenizationWeb Application Firewall (WAF)

IT GRC (Governance, Risk, Compliance)Network Data-loss Prevention Solutions

Application Security Testing – Code or Binary Analysis-based Mobile Device Security (Not MDM)

Network Intrusion Detection and/or Prevention (NIDS/NIPS)Network Firewalls

Event Log Management SystemVirtualization Security

Application-aware FirewallIdentity Management

Unified Threat Management (UTM)Endpoint Data-loss Prevention Solutions

Network Access Control (NAC)Cloud Security

Security Information Event Management (SIEM)Mobile Device Management

Less Spending About the Same More Spending


Information Security Technologies: Heat Index® vs. Adoption Index

n=207. Source: Information Security – Wave 16 |

Heat Rank

Technology Heat Score Adoption

Score Heat Rank

Technology Heat Score Adoption

Score

1 Endpoint Data-loss Prevention Solutions 100 28 25 Information or Digital Rights Management 32 0

2 Application-aware Firewall 97 28 26 Laptop Encryption 28 67

3 Mobile Device Management 95 52 26 Tokenization 28 2

4 Security Information Event Management (SIEM) 87 57 28 Email/Messaging Archiving/Compliance 27 47

5 Identity Management 85 48 29 Multifactor Authentication for Web-based Applications 25 18

6 Network Access Control (NAC) 78 13 30 Hard Drive Encryption 24 42

7 Event Log Management System 76 63 31 Key Management and/or Public Key Infrastructure 24 37

8 Network Data-loss Prevention Solutions 73 13 32 Database Security 23 24

9 Unified Threat Management (UTM) 72 2 33 Single Sign-on 23 39

10 Application Security Testing – Code or Binary Analysis-based

Vulnerability Assessment 70 26 34 Network Firewalls 22 100

11 IT GRC (Governance, Risk, Compliance) 60 22 35 Web Content Filtering 20 67

12 Policy and Configuration Management 54 35 36 Application Security Testing – External Interface Fuzzing or

Testing Vulnerability Assessment 19 22

13 Two-factor (Strong) Authentication for Infrastructure (e.g.,

VPN, Remote Access) 51 53 37 File Integrity Monitoring 18 18

13 IT Security Training/Education/Awareness 51 25 38 Vulnerability/Risk Assessment/Scanning (of Infrastructure) 15 80

15 Advanced Anti-malware Response 50 17 38 Secure File Transfer 15 46

15 Network Intrusion Detection and/or Prevention (NIDS/NIPS) 50 86 38 SSL VPNs 15 79

17 Virtualization Security 48 12 41 Penetration Testing 14 69

18 Email Encryption 46 53 41 Computer Forensics 14 38

19 Web Application Firewall (WAF) 44 26 41 Secure Instant Messaging 14 24

20 Mobile Device Security (Not MDM) 43 8 44 Anti-spyware 8 68

20 Anti-botnet 43 24 44 Host Intrusion Detection and/or Prevention (HIDS/HIPS) 8 36

20 Threat Intelligence 43 19 46 Patch Management 6 82

23 Cloud Security 41 1 47 Anti-virus 4 90

23 Managed Security Service Provider (MSSP) 41 20 48 Anti-spam/Email Security 0 82

Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. Technology Adoption Index: measures aggregate investment in a technology based on several factors including: usage or planned usage, changes in planned spending, and an organization’s budget for the relevant IT sector. A high score means the technology is already experiencing healthy adoption.


Information Security Technologies: Heat Index® Ranking and Leading Vendors (1 of 2)


Heat Rank

Heat Score Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use

1 100 Endpoint Data-loss Prevention Solutions Symantec! McAfee Symantec! McAfee

2 97 Application-aware Firewall Palo Alto Ntwks Check Point Palo Alto Ntwks Imperva

3 95 Mobile Device Management MobileIron! Good Tech Good Tech MobileIron

4 87 Security Information Event Management (SIEM) LogRhythm IBM HP IBM

5 85 Identity Management Oracle! EMC; CA Tech Microsoft Oracle

6 78 Network Access Control (NAC) Cisco! Aruba Ntwks Cisco! ForeScout

7 76 Event Log Management System LogRhythm! McAfee Splunk HP

8 73 Network Data-loss Prevention Solutions Symantec McAfee Symantec! Websense; EMC

9 72 Unified Threat Management (UTM) Fortinet Palo Alto Ntwks; Check

Point Palo Alto Ntwks; Fortinet Check Point

10 70 Application Security Testing – Code or Binary

Analysis-based Vulnerability Assessment Veracode WhiteHat Sec IBM HP

11 60 IT GRC (Governance, Risk, Compliance) EMC! IBM EMC! Homegrown

12 54 Policy and Configuration Management Microsoft! Symantec; Open Source;

FireMon Microsoft! Tripwire

13 51 Two-factor (Strong) Authentication for

Infrastructure (e.g., VPN, Remote Access) EMC! Symantec EMC! SafeNet

13 51 IT Security Training/Education/Awareness SANS Inst! Wombat Homegrown! SANS Inst

15 50 Advanced Anti-malware Response FireEye! Check Point; Palo Alto

Ntwks FireEye Symantec

15 50 Network Intrusion Detection and/or Prevention

(NIDS/NIPS) Palo Alto Ntwks Check Point Cisco! McAfee; HP

17 48 Virtualization Security VMware Check Point VMware! Microsoft

18 46 Email Encryption Microsoft Symantec Microsoft Cisco

19 44 Web Application Firewall (WAF) F5 Ntwks! Check Point F5 Ntwks Imperva

20 43 Mobile Device Security (Not MDM) MobileIron AirWatch MobileIron Good Tech

20 43 Anti-botnet Check Point Palo Alto Ntwks FireEye Symantec

20 43 Threat Intelligence CrowdStrike Symantec Symantec IBM

23 41 Cloud Security CipherCloud! Ping Identity Amazon Web Svcs Oracle; Homegrown

23 41 Managed Security Service Provider (MSSP) Dell AT&T Symantec Dell

Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. A ‘!’ vendor has at least twice the number of selections as the closest competitor. A “!” vendor has at least twice the number of responses as the closest competitor.


Information Security Technologies: Heat Index® Ranking and Leading Vendors (2 of 2)


Heat Rank

Heat Score Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use

25 32 Information or Digital Rights Management Microsoft! WatchDox Microsoft! EMC

26 28 Laptop Encryption Microsoft! Dell Microsoft McAfee

26 28 Tokenization Agilysys SafeNet; Protegrity SafeNet; Homegrown;

EMC Paymetric; Oracle;

Microsoft; CyberSource

28 27 Email/Messaging Archiving/Compliance Google! HP Symantec Microsoft

29 25 Multifactor Authentication for Web-based

Applications Symantec; EMC - EMC! Microsoft

30 24 Hard Drive Encryption Microsoft! McAfee Microsoft! McAfee

31 24 Key Management and/or Public Key Infrastructure Microsoft Venafi Microsoft! Symantec

32 23 Database Security Imperva IBM Oracle Imperva

33 23 Single Sign-on Okta; Microsoft Ping Identity Microsoft Oracle

34 22 Network Firewalls - - Cisco Check Point

35 20 Web Content Filtering Websense! Blue Coat Websense Blue Coat

36 19 Application Security Testing – External Interface

Fuzzing or Testing Vulnerability Assessment WhiteHat Sec Veracode IBM! WhiteHat Sec

37 18 File Integrity Monitoring Tripwire Symantec Tripwire! Symantec; Open Source

38 15 Vulnerability/Risk Assessment/Scanning (of

Infrastructure) Tenable; McAfee Core Security Qualys! Open Source

38 15 Secure File Transfer Box! Google; AppSense;

Accellion Homegrown IBM

38 15 SSL VPNs Juniper Networks! Citrix; Cisco Cisco Juniper Networks

41 14 Penetration Testing - - Homegrown Trustwave

41 14 Computer Forensics Guidance Sftw! Symantec; AccessData Guidance Sftw! AccessData

41 14 Secure Instant Messaging Microsoft Google Microsoft! IBM

44 8 Anti-spyware - - Symantec McAfee

44 8 Host Intrusion Detection and/or Prevention

(HIDS/HIPS) McAfee! Trend Micro Symantec; McAfee! IBM

46 6 Patch Management Microsoft! - Microsoft! Symantec

47 4 Anti-virus Trend Micro Symantec McAfee

48 0 Anti-spam/Email Security - - Cisco Symantec



Information Security Technologies: Heat Index® Ranking and Leading In-use Vendors – Time Series (1 of 2)

2H ’12, n=200; 2H ’13, n=207. Source: Information Security – Wave 16 |

Heat Rank Technology 2H ’12

Lead In-use Vendor 2H ’13


2nd In-use Vendor 2H ’13

2nd In-use Vendor

1 Endpoint Data-loss Prevention Solutions Symantec! Symantec! McAfee McAfee

2 Application-aware Firewall Palo Alto Ntwks Palo Alto Ntwks Imperva Imperva

3 Mobile Device Management Good Tech Good Tech MobileIron MobileIron

4 Security Information Event Management (SIEM) HP! HP IBM IBM

5 Identity Management Microsoft Microsoft Oracle Oracle

6 Network Access Control (NAC) Cisco! Cisco! Juniper ForeScout

7 Event Log Management System HP Splunk Splunk HP

8 Network Data-loss Prevention Solutions Symantec! Symantec! McAfee Websense; EMC

9 Unified Threat Management (UTM) Check Point Palo Alto Ntwks; Fortinet Fortinet; McAfee; Palo Alto Check Point

10 Application Security Testing – Code or Binary

Analysis-based Vulnerability Assessment HP IBM IBM HP

11 IT GRC (Governance, Risk, Compliance) EMC! EMC! Homegrown Homegrown

12 Policy and Configuration Management Microsoft Microsoft! Tripwire Tripwire

13 Two-factor (Strong) Authentication for

Infrastructure (e.g., VPN, Remote Access) EMC! EMC! Cisco SafeNet

13 IT Security Training/Education/Awareness Homegrown! Homegrown! SANS Inst SANS Inst

15 Advanced Anti-malware Response FireEye FireEye McAfee Symantec

15 Network Intrusion Detection and/or Prevention

(NIDS/NIPS) Cisco; HP Cisco! Sourcefire McAfee; HP

17 Virtualization Security - VMware! - Microsoft

18 Email Encryption Cisco Microsoft Microsoft Cisco

19 Web Application Firewall (WAF) Imperva F5 Ntwks F5 Ntwks Imperva

20 Mobile Device Security (Not MDM) Good Tech; RIM MobileIron MobileIron Good Tech

20 Anti-botnet FireEye FireEye McAfee; Symantec Symantec

20 Threat Intelligence Symantec! Symantec IBM IBM

23 Cloud Security - Amazon Web Svcs - Oracle; Homegrown

23 Managed Security Service Provider (MSSP) Dell Symantec Symantec Dell



Information Security Technologies: Heat Index® Ranking and Leading In-use Vendors – Time Series (2 of 2)





2nd In-use Vendor 2H ’13

2nd In-use Vendor

25 Information or Digital Rights Management Microsoft! Microsoft! Homegrown EMC

26 Laptop Encryption Microsoft Microsoft McAfee McAfee

26 Tokenization Homegrown SafeNet; Homegrown; EMC EMC Paymetric; Oracle;

Microsoft; CyberSource

28 Email/Messaging Archiving/Compliance Symantec Symantec Microsoft Microsoft

29 Multifactor Authentication for Web-based

Applications EMC! EMC! SafeNet Microsoft

30 Hard Drive Encryption Microsoft Microsoft! McAfee McAfee

31 Key Management and/or Public Key Infrastructure Microsoft Microsoft! Symantec Symantec

32 Database Security Oracle Oracle Imperva Imperva

33 Single Sign-on Microsoft Microsoft Homegrown Oracle

34 Network Firewalls - Cisco - Check Point

35 Web Content Filtering - Websense - Blue Coat

36 Application Security Testing – External Interface

Fuzzing or Testing Vulnerability Assessment IBM IBM! HP WhiteHat Sec

37 File Integrity Monitoring Tripwire Tripwire! Open Source Symantec; Open Source

38 Vulnerability/Risk Assessment/Scanning (of

Infrastructure) Qualys Qualys! Open Source Open Source

38 Secure File Transfer - Homegrown - IBM

38 SSL VPNs - Cisco - Juniper Networks

41 Penetration Testing Homegrown Homegrown IBM Trustwave

41 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData AccessData

41 Secure Instant Messaging Microsoft! Microsoft! Cisco IBM

44 Anti-spyware Symantec Symantec McAfee McAfee

44 Host Intrusion Detection and/or Prevention

(HIDS/HIPS) McAfee Symantec; McAfee! Symantec IBM

46 Patch Management Microsoft! Microsoft! Emerson Symantec

47 Anti-virus - Symantec - McAfee

48 Anti-spam/Email Security - Cisco - Symantec



Information Security Technologies: Heat Index® Ranking and Leading In-plan Vendors – Time Series (1 of 2)



Lead In-plan Vendor 2H ’13


2nd In-plan Vendor 2H ’13

2nd In-plan Vendor

1 Endpoint Data-loss Prevention Solutions Symantec! Symantec! McAfee McAfee

2 Application-aware Firewall Palo Alto Ntwks! Palo Alto Ntwks F5 Ntwks Check Point

3 Mobile Device Management Good Tech MobileIron! MobileIron Good Tech

4 Security Information Event Management (SIEM) HP LogRhythm IBM IBM

5 Identity Management Microsoft Oracle! Oracle EMC; CA Tech

6 Network Access Control (NAC) Cisco! Cisco! Juniper Aruba Ntwks

7 Event Log Management System HP LogRhythm! IBM McAfee

8 Network Data-loss Prevention Solutions Symantec! Symantec McAfee McAfee

9 Unified Threat Management (UTM) Palo Alto Ntwks Fortinet Check Point Palo Alto Ntwks; Check Point

10 Application Security Testing – Code or Binary

Analysis-based Vulnerability Assessment HP!; IBM!;

Qualys! Veracode ESET WhiteHat Sec

11 IT GRC (Governance, Risk, Compliance) EMC! EMC! Symantec IBM

12 Policy and Configuration Management Microsoft Microsoft! Qualys Symantec; Open Source;

FireMon

13 Two-factor (Strong) Authentication for

Infrastructure (e.g., VPN, Remote Access) EMC EMC! PhoneFactor Symantec

13 IT Security Training/Education/Awareness Wombat SANS Inst! SANS Inst Wombat

15 Advanced Anti-malware Response FireEye FireEye! EMC Check Point; Palo Alto Ntwks

15 Network Intrusion Detection and/or Prevention

(NIDS/NIPS) Cisco Palo Alto Ntwks Open Source Check Point

17 Virtualization Security - VMware - Check Point

18 Email Encryption Google Microsoft Microsoft Symantec

19 Web Application Firewall (WAF) F5 Ntwks! F5 Ntwks! Imperva Check Point

20 Mobile Device Security (Not MDM) Good Tech MobileIron MobileIron AirWatch

20 Anti-botnet FireEye Check Point Palo Alto Ntwks Palo Alto Ntwks

20 Threat Intelligence Symantec! CrowdStrike Symantec! Symantec

23 Cloud Security - CipherCloud! - Ping Identity

23 Managed Security Service Provider (MSSP) Verizon! Dell AT&T; Dell AT&T



Information Security Technologies: Heat Index® Ranking and Leading In-plan Vendors – Time Series (2 of 2)





2nd In-plan Vendor 2H ’13

2nd In-plan Vendor

25 Information or Digital Rights Management Microsoft! Microsoft! CloudLock WatchDox

26 Laptop Encryption Microsoft Microsoft! Symantec Dell

26 Tokenization FireEye Agilysys Ingenico SafeNet; Protegrity

28 Email/Messaging Archiving/Compliance Symantec! Google! Microsoft; EMC HP

29 Multifactor Authentication for Web-based Applications EMC! Symantec; EMC Zoho; Swivel; Ping Identity;

Novell; Experian -

30 Hard Drive Encryption Microsoft Microsoft! Symantec McAfee

31 Key Management and/or Public Key Infrastructure Homegrown; IBM; Microsoft Microsoft Protegrity; Symantec; Venafi Venafi

32 Database Security Imperva Imperva IBM IBM

33 Single Sign-on Microsoft Okta; Microsoft Open Source Ping Identity

34 Network Firewalls - - - -

35 Web Content Filtering - Websense! - Blue Coat

36 Application Security Testing – External Interface Fuzzing or

Testing Vulnerability Assessment Qualys! WhiteHat Sec ESET Veracode

37 File Integrity Monitoring McAfee; Dell Tripwire Varonis Symantec

38 Vulnerability/Risk Assessment/Scanning (of Infrastructure) Accuvant; Dell; MANDIANT;

McAfee; Qualys; Rapid7; Symantec

Tenable; McAfee HID Global Core Security

38 Secure File Transfer - Box! - Google; AppSense; Accellion

38 SSL VPNs - Juniper Networks! - Citrix; Cisco

41 Penetration Testing Accuvant; MANDIANT; Open

Source; Qualys - HID Global -

41 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData Symantec; AccessData

41 Secure Instant Messaging Microsoft Microsoft - Google

44 Anti-spyware Sophos! - ESET; Palo Alto; Symantec -

44 Host Intrusion Detection and/or Prevention (HIDS/HIPS) Symantec McAfee! McAfee Trend Micro

46 Patch Management Microsoft; Symantec Microsoft! BMC Software -

47 Anti-virus - Trend Micro - -

48 Anti-spam/Email Security - - - -


Appendixes


< 100 1%

100-999 7%

1,000-4,999 20%

5,000-10,000 17%

> 10,000 55%

< $500K 19%

$500K-$999K 9%

$1M-$1.9M 13%

$2M-$3.9M 18%

$4M-$6.9M 14%

$7M-$9.9M 4%

$10M-$19.9M 13%

$20M-$30M 4%

> $30M 6%

< $499.99M 16%

$500M-$999.99M 7%

$1B-$4.99B 29%

$5B-$9.99B 15%

$10B-$19.99B 13%

$20B-$29.99B 7%

$30B-$40B 4%

> $40B 9%

Financial Services 24%

Healthcare/Pharmaceuticals 11%

Consumer Goods/Retail

11% Industrial/Manufacturi

ng 9%

Other 8%

Services: Business/Accounting/E

ngineerin 8%

Education 7%

Telecom/Technology 7%

Materials/Chemicals 6%

Energy/Utilities 5%

Transportation 3% Public Sector

1%

Demographics

Top Left Chart: n=207; Top Right Chart, n=207; Bottom Left Chart, n=207; Bottom Right Chart, n=141.

Employee Size

Industry Verticals Enterprise Revenue

Information Security Budget Level



Methodology and Sample Variation

METHODOLOGY

The Information Security Study relies on a proprietary network of IT professionals and is based on in-depth interviews with 207 information security professionals conducted from April 2013 through October 2013. TheInfoPro’s interviewers are current and former IT managers and executives. They ask open-ended questions that enable TheInfoPro to gain an excellent understanding of the issues and decision-making process related to strategic planning, technology benchmarking, and vendor selection and negotiation.

The Commentator Network has a variety of industry types and levels of technology adoption. TheInfoPro screens potential commentators to ensure that they can discuss in detail their enterprises’ technology roadmap and relationships with pertinent vendors. To participate, a commentator had to work for a large or midsize enterprise. For the purposes of this study, large enterprises have more than $1bn of revenue and midsize enterprises have annual revenue of $100m to $999m.

SAMPLE SIZE VARIATION

Because the interviews are designed to be flexible to the needs and knowledge of the commentator, not every interviewee is asked every question. As a result, many charts have a sample size varying from the total number of interviews.

RECENT CHANGES TO THE STUDY

Many respondents have detailed knowledge of all technology areas, but some do not. Beginning this year we are reporting percentages based upon the full survey sample of respondents, and showing the percentage of respondents who indicated that they did not have detailed status knowledge for certain technologies.

TheInfoPro’s Technology Heat Index® and Adoption Index have been updated. The indexes were re-engineered to provide a stronger picture of user demand and investment in technologies. The calculations now account for planned changes in a technology’s spending and the relevant sector’s budgets.



How to Interpret the Data

DATA IN STANDARD BAR AND COLUMN CHARTS

Bar and column charts represent the percentage of commentators that gave a particular response. When relevant, “Don’t Know” responses are included on charts. If a stacked bar or column chart does not equal 100%, it is because “Don’t Know” or “Not Using” responses are hidden. For questions with multiple responses per interview, the totals for some charts may exceed 100%.

TECHNOLOGY ROADMAP AND INDEXES

The Technology Roadmaps highlight the percentage of respondents with a technology ‘in use,’ the percentage that are likely to use the technology for the first time in the next two years, and those who have no plans. The size of the gap between 'in use' and 'not in plan' status indicates the potential opportunity for a technology in the next two years. For each roadmap technology, respondents are asked about their implementation status and plans, the vendors in use or consideration, and expectations for spending changes. This data is combined with spending and budget data to calculate the Heat and Adoption index values for each technology.

The Technology Heat Index® measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth.

The Technology Adoption Index measures aggregate investment in a technology based on several factors including: usage or planned usage, changes in planned spending, and an organization’s budget for the relevant IT sector. A high score means the technology is already experiencing healthy adoption.

Technologies with a high Heat Index score and a low Adoption Index score have the largest near-term market opportunity for vendors. Technologies with a high Heat Index score and a high Adoption Index score are experiencing near-term growth but have limited opportunities for new market entrants. A low Heat Index paired with a low Adoption Index indicates a technology with limited near-term growth potential.

CUSTOMER RATINGS

Respondents rated vendors on 14 criteria using a 1-5 scale, with ‘1’ being poor and ‘5’ being excellent.

The Market Window is TheInfoPro's unique methodology to visualize comparative vendor ratings on a single chart. It plots the Promise and Fulfillment Indexes to compare vendors’ effectiveness at marketing and execution. A vendor placing in the upper right quadrant is rated highly for both its promise and ability to execute – underpromising and overdelivering – relative to its peers. Conversely, a vendor in the lower left quadrant rates poorly on the same criteria.

The Vendor Promise Index is designed as a measure of marketing effectiveness. It uses four of the 14 customer ratings criteria (competitive positioning, technical innovation, management’s strategic vision and brand/reputation), which are related to global concepts conveyed to potential customers prior to actual product/service delivery and use.

The Vendor Fulfillment Index is designed as a measure of execution effectiveness. It uses four of the 14 customer ratings criteria (value for the money, product quality, delivery as promised and technical support quality), which are related to the physical product/service delivery and customer experience of using the product or service.



Each individual report summarizes interesting portions of TheInfoPro’s Wave 16 Information Security Study and does not comprehensively review the hundreds of pages of research that form the full study. For access to TheInfoPro’s reports and services, please contact [email protected]. Methodology questions may be addressed to [email protected].

451 Research, a division of The 451 Group, is focused on the business of enterprise IT innovation. The company’s analysts provide critical and timely insight into the competitive dynamics of innovation in emerging technology segments. Business value is delivered via daily concise and insightful published research, periodic deeper-dive reports, data tools, market-sizing research, analyst advisory, and conferences and events. Clients of the company – at vendor, investor, service-provider and end-user organizations – rely on 451 Research’s insight to support both strategic and tactical decision-making.

TheInfoPro, a service of 451 Research, is widely regarded as ‘The Voice of the Customer,’ providing independent, ‘real world’ intelligence on key IT sectors including Servers and Virtualization, Information Security, Networking, Storage and Cloud Computing. Using one-on-one interviews conducted within a proprietary network composed of the world’s largest buyers and users of IT, TheInfoPro provides data and insights that are used for strategic planning, technology benchmarking, competitive analysis, and vendor selection and negotiation.

Reproduction and distribution of this publication, in whole or in part, in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss legal issues related to the information technology business, 451 Research does not provide legal advice or

services and their research should not be construed or used as such. 451 Research shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended

results. The opinions expressed herein are subject to change without notice.

TheInfoPro™ and logo are registered trademarks and property of 451 Research, LLC. © 2013 451 Research, LLC and/or its Affiliates. All Rights Reserved.

WWW.451RESEARCH.COM 20 West 37th Street, 3rd Floor, New York, NY 10018 P 212.672.0010 F 212.688.6598

information security: wave 16 reference technology · pdf fileinformation security: wave 16...

Documents