© 2013 451 Research, LLC. www.451research.com
Information Security: Wave 16
Reference Technology
Roadmap
Allowing comparison of all 48 technologies tracked in the study, this high-level reference contains the
Technology Heat Index, the Adoption Index, leading vendor tables, overall technology roadmap and
spending charts. It also indicates what is included in the more detailed reports based on each technology
segment covered in the study.
WWW.451RESEARCH.COM
© 2013 451 Research, LLC. www.451research.com
About TheInfoPro’s Information Security Study
TheInfoPro’s Information Security Study takes an in-depth look at key industry trends and tracks the performance
of individual vendors. Now in its eleventh year, this study was finalized in December 2013 and is based on 207
interviews.
TheInfoPro’s methodology uses extensive interviews with a proprietary network of IT professionals and key
decision-makers at large and midsize enterprises. Each interview explores several fundamental areas, including
the implementation and spending plans for technologies, evaluations of vendors observed from business and
product perspectives, macro IT influences transforming the sector, and factors affecting decision processes.
Results are collated into comprehensive research reports providing business intelligence in the form of
technological roadmaps, budget trends and vendor spending plans and performance ratings.
Examples of Vendors Covered in the Study
Aruba Networks
Blue Coat Systems
Check Point
Cisco
Dell
EMC (RSA)
FireEye
Fortinet
Guidance Software
Hewlett-Packard
Imperva
Juniper Networks
McAfee
Microsoft
Palo Alto Networks
Qualys
Sophos
Sourcefire
Symantec
Websense
About the Author
This report was written by Daniel Kennedy, Research Director for Networking and Information Security.
Daniel Kennedy is an experienced information security professional. Prior to joining 451 Research, he was a partner in the information security consultancy Praetorian Security LLC, where he directed strategy on risk assessment and security certification. Before that, he was Global Head of Information Security for D.B. Zwirn & Co., as well as Vice President of Application Security and Development Manager at Pershing LLC, a division of the Bank of New York.
Kennedy has written for both Forbes online and Ziff Davis, has provided commentary to numerous news outlets, including The New York Times and The Wall Street Journal, and his personal blog, Praetorian Prefect, which was recognized as one of the top five technical blogs in information security by the RSA 2010 Conference.
Kennedy holds a master of science degree in information systems from Stevens Institute of Technology, a master of science in information assurance from Norwich University, and a bachelor of science in information management and technology from Syracuse University. He is certified as a CEH (Certified Ethical Hacker) from the EC-Council, is a CISSP, and has a NASD Series 7 license.
© 2013 451 Research, LLC. www.451research.com
Guide to Information Security Study Reports
A wave of research produces a series of reports that are published approximately in this order:
Source: Information Security – Wave 16 |
2014 INFORMATION SECURITY
OUTLOOK
IT professionals describe how 2014 looks for budgets, projects and pain points with time series charts to give perspective to the coming year.
INFORMATION SECURITY METRICS
Benchmarking organization efficiency, this report contains metrics about staffing, organization structure, the existence of written policies, compliance and internal security.REFERENCE TECHNOLOGY ROADMAP
Allowing comparison of all 48 technologies tracked in the study, this high-level reference contains the Technology Heat Index, the Adoption Index, leading vendor tables, overall technology roadmap and spending charts. It also indicates what is included in the more detailed reports based on each technology segment covered in the study.
APPLICATION SECURITY TECHNOLOGY
ROADMAP
Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers five technologies including: Web application firewalls, application security testing and database security.
INFRASTRUCTURE SECURITY
TECHNOLOGY ROADMAP
Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 17 technologies including: endpoint and network data-loss prevention (DLP), mobile device security and tokenization.
NETWORK SECURITY TECHNOLOGY
ROADMAP
Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 12 technologies including: firewalls, NIPS, NAC, UTM, anti-spam and SSL VPNs.
SECURITY MANAGEMENT
TECHNOLOGY ROADMAP
Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 14 technologies including: Mobile device management, SIEM, event log management, IT GRC, threat intelligence and computer forensics.
VENDOR VULNERABILITY AND
SPENDING
This report allows you to compare IT professionals’ spending intentions and loyalty ratings for 16 vendors.VENDOR MARKET WINDOWS AND
RATINGS
TheInfoPro’s unique Market Window uses IT professionals’ ratings of vendors on 14 separate criteria to calculate scores for Vendor Promise and Vendor Fulfillment, allowing comparison of vendors’ effectiveness at strategy, marketing, delivery and execution.
CUSTOMER ASSESSMENTS FOR
INDIVIDUAL VENDORS
Summarizing IT professionals’ assessments for each of 16 vendors, this report profiles individual vendors based on spending, vulnerability, and ratings on 14 categories. Time series are included.
NARRATIVES
Compiling open-ended commentary from in-depth interviews with IT professionals, you hear the direct ‘voice of the customer’ discussing technology, their industry and the future of this sector.MARKET DYNAMICS
Designed for IT professionals, this report captures highlights from the complete study, and provides business intelligence in the form of technological roadmaps, budget trends and voice-of-the-customer narratives.© 2013 451 Research, LLC. www.451research.com
Table of Contents
About TheInfoPro Information Security Study
2
Principal Findings
5
Implementation Plans
6
Spending Plans
7
Technology Heat Index and Leading Vendors
9
Appendixes
Methodology, Sample Variation, Demographics
17
How to Interpret the Data
18
© 2013 451 Research, LLC. www.451research.com
Principal Findings
• Mobile device management (MDM) had the strongest spending intentions in 2013; 41% of respondents said their enterprises
increased spending as a management response to employees’ ‘bringing your own devices’ (BYOD) to work. Spending on MDM is
expected to improve in 2014, with 46% of respondents planning to increase spending.
• Cloud-specific security solutions are implemented in less than 15% of enterprises now, but expect that to change, potentially
doubling in penetration over the next 18 months. Forty-three percent (43%) of security managers say securing the hybrid cloud
is a priority.
• Firewalls, both standard stateful ones and newer ‘application-aware’ products, both had healthy spending allocations in 2013,
placing second and third respectively in the list of technologies the greatest percentage of security managers increased spending
on.
• Next year, security information and event management (SIEM) climbs to second place behind only MDM in spending, as security
managers continue their renewed focus on proactive monitoring and reaction to security incidents in addition to preventative
controls.
• According to TheInfoPro’s proprietary Heat Index, a measure of the immediacy of user needs around a security technology,
endpoint data-loss prevention (DLP) takes the pole position. Compliance concerns around both customer custodial information
and firm intellectual property continue to drive DLP adoption, currently led by endpoint security titans Symantec and Intel’s
McAfee.
• The aforementioned phenomenon of employees connecting personal devices to the company network, BYOD, sees MDM climb
to third in the Heat Index and has also driven network access control (NAC) from a more stagnant technology to sixth place.
© 2013 451 Research, LLC. www.451research.com
Information Security Technology Roadmap
Q. What is your status of implementation for this technology? n=198-205. Source: Information Security – Wave 16 |
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 55% 60% 65% 70% 75% 80% 85% 90% 95% 100%
Cloud Security Information or Digital Rights Management Tokenization Unified Threat Management (UTM) Mobile Device Security (Not MDM) Network Data-loss Prevention Solutions Virtualization Security Network Access Control (NAC) Multifactor Authentication for Web-based Applications File Integrity Monitoring Advanced Anti-malware Response Application Security Testing – External Interface Fuzzing or Testing Vulnerability Assessment Threat Intelligence
Database Security Endpoint Data-loss Prevention SolutionsIT GRC (Governance, Risk, Compliance) Managed Security Service Provider (MSSP) Application Security Testing – Code or Binary Analysis-based Vulnerability Assessment Anti-botnet
Web Application Firewall (WAF)Secure Instant Messaging Application-aware Firewall IT Security Training/Education/AwarenessPolicy and Configuration Management Key Management and/or Public Key Infrastructure Host Intrusion Detection and/or Prevention (HIDS/HIPS)Single Sign-on Identity ManagementComputer Forensics Mobile Device Management Hard Drive Encryption Email/Messaging Archiving/Compliance Security Information Event Management (SIEM)Secure File Transfer Email Encryption Two-factor (Strong) Authentication for Infrastructure (e.g., VPN, Remote Access)Event Log Management System Laptop Encryption Anti-spyware Web Content Filtering Penetration Testing Vulnerability/Risk Assessment/Scanning (of Infrastructure) Network Intrusion Detection and/or Prevention (NIDS/NIPS)SSL VPNs Patch Management Anti-spam/Email SecurityNetwork Firewalls Anti-virus
In Use Now (Not Including Pilots) In Pilot/Evaluation (Budget Has Already Been Allocated) In Near-term Plan (In Next 6 Months) In Long-term Plan (6-18 Months) Past Long-term Plan (Later Than 18 Months Out) Not in Plan
© 2013 451 Research, LLC. www.451research.com
2013 vs. 2012 Spending Change for Information Security Technologies
Q. How will your spending on this technology change in 2013 as compared to 2012? n=45-201. Data from respondents not using the technology or that don't know about
spending are hidden. Source: Information Security – Wave 16 |
3% 4% 3% 2% 3% 2% 1% 1% 3% 2% 2% 1% 1% 1% 1% 1% 1% 1% 3% 1% 4% 3% 1% 1% 3% 2% 1% 3% 3% 2% 4% 2% 1% 3% 2% 5% 1% 89% 84% 87% 86% 85% 86% 83% 82% 84% 82% 73% 83% 82% 81% 79% 75% 77% 80% 80% 72% 73% 76% 74% 71% 74% 70% 72% 56% 73% 73% 72% 70% 64% 71% 71% 69% 66% 65% 65% 65% 62% 57% 62% 63% 59% 60% 54% 53% 7% 9% 9% 10% 11% 11% 12% 12% 12% 13% 13% 14% 14% 14% 14% 16% 16% 17% 17% 18% 19% 20% 20% 20% 21% 21% 21% 22% 22% 23% 24% 24% 24% 25% 25% 26% 26% 27% 29% 29% 30% 30% 31% 32% 32% 34% 39% 41%
Host Intrusion Detection and/or Prevention (HIDS/HIPS)Hard Drive Encryption Anti-spyware Anti-spam/Email SecurityFile Integrity Monitoring Anti-virus Penetration TestingThreat Intelligence Laptop Encryption Patch Management Information or Digital Rights ManagementEmail Encryption Email/Messaging Archiving/Compliance Key Management and/or Public Key InfrastructureSecure File Transfer Database Security Multifactor Authentication for Web-based Applications Vulnerability/Risk Assessment/Scanning (of Infrastructure)Secure Instant Messaging Single Sign-on Application Security Testing – External Interface Fuzzing or Policy and Configuration Management Two-factor (Strong) Authentication for Infrastructure (e.g.,Virtualization Security
Advanced Anti-malware ResponseComputer Forensics Web Content FilteringCloud Security SSL VPNs Anti-botnet Web Application Firewall (WAF) Application Security Testing – Code or Binary Analysis-based Mobile Device Security (Not MDM)
Unified Threat Management (UTM)Tokenization Endpoint Data-loss Prevention SolutionsNetwork Access Control (NAC) IT Security Training/Education/Awareness Managed Security Service Provider (MSSP)Event Log Management System Network Intrusion Detection and/or Prevention (NIDS/NIPS)IT GRC (Governance, Risk, Compliance) Identity Management Security Information Event Management (SIEM)Network Data-loss Prevention Solutions Application-aware FirewallNetwork Firewalls Mobile Device Management
© 2013 451 Research, LLC. www.451research.com
2014 vs. 2013 Spending Change for Information Security Technologies
Q. How will your spending on this technology change in 2014 as compared to 2013? n=45-201. Data from respondents not using the technology or that don't know about
spending are hidden. Source: Information Security – Wave 16 |
5% 4% 3% 4% 4% 4% 5% 6% 3% 3% 2% 2% 4% 9% 4% 3% 3% 11% 1% 9% 2% 5% 5% 4% 1% 4% 13% 1% 2% 3% 5% 8% 2% 3% 6% 10% 8% 10% 5% 8% 2% 2% 7% 4% 83% 83% 82% 84% 82% 83% 80% 78% 76% 71% 79% 76% 74% 69% 72% 73% 70% 71% 65% 71% 66% 64% 63% 64% 68% 58% 63% 62% 53% 66% 63% 60% 51% 49% 58% 52% 54% 51% 51% 54% 46% 50% 48% 53% 48% 32% 44% 42% 7% 10% 10% 10% 11% 11% 13% 14% 15% 16% 17% 18% 19% 20% 20% 21% 21% 21% 22% 23% 23% 24% 26% 26% 26% 27% 28% 29% 29% 30% 31% 32% 33% 34% 34% 35% 36% 36% 37% 37% 39% 40% 40% 42% 42% 44% 46% 46%
Anti-spam/Email SecurityPatch Management Penetration TestingAnti-spyware Hard Drive EncryptionLaptop Encryption Anti-virus Host Intrusion Detection and/or Prevention (HIDS/HIPS)Secure File Transfer Computer Forensics Email/Messaging Archiving/Compliance Vulnerability/Risk Assessment/Scanning (of Infrastructure)File Integrity Monitoring SSL VPNs Secure Instant MessagingEmail Encryption Application Security Testing – External Interface Fuzzing or Key Management and/or Public Key Infrastructure
Web Content FilteringThreat Intelligence Two-factor (Strong) Authentication for Infrastructure (e.g.,Single Sign-on IT Security Training/Education/AwarenessAnti-botnet Multifactor Authentication for Web-based ApplicationsInformation or Digital Rights Management Database Security Advanced Anti-malware Response Managed Security Service Provider (MSSP)Policy and Configuration Management Tokenization Web Application Firewall (WAF) IT GRC (Governance, Risk, Compliance) Network Data-loss Prevention Solutions Application Security Testing – Code or Binary Analysis-based Mobile Device Security (Not MDM) Network Intrusion Detection and/or Prevention (NIDS/NIPS)Network Firewalls
Event Log Management SystemVirtualization Security Application-aware FirewallIdentity Management Unified Threat Management (UTM) Endpoint Data-loss Prevention SolutionsNetwork Access Control (NAC) Cloud Security Security Information Event Management (SIEM)Mobile Device Management
© 2013 451 Research, LLC. www.451research.com
Information Security Technologies: Heat Index
®
vs. Adoption Index
n=207. Source: Information Security – Wave 16 |
Heat
Rank Technology Heat Score
Adoption Score
Heat
Rank Technology Heat Score
Adoption Score
1 Endpoint Data-loss Prevention Solutions 100 28 25 Information or Digital Rights Management 32 0
2 Application-aware Firewall 97 28 26 Laptop Encryption 28 67
3 Mobile Device Management 95 52 26 Tokenization 28 2
4 Security Information Event Management (SIEM) 87 57 28 Email/Messaging Archiving/Compliance 27 47 5 Identity Management 85 48 29 Multifactor Authentication for Web-based Applications 25 18
6 Network Access Control (NAC) 78 13 30 Hard Drive Encryption 24 42
7 Event Log Management System 76 63 31 Key Management and/or Public Key Infrastructure 24 37 8 Network Data-loss Prevention Solutions 73 13 32 Database Security 23 24
9 Unified Threat Management (UTM) 72 2 33 Single Sign-on 23 39
10 Application Security Testing – Code or Binary Analysis-based
Vulnerability Assessment 70 26 34 Network Firewalls 22 100
11 IT GRC (Governance, Risk, Compliance) 60 22 35 Web Content Filtering 20 67 12 Policy and Configuration Management 54 35 36 Application Security Testing – External Interface Fuzzing or
Testing Vulnerability Assessment 19 22 13 Two-factor (Strong) Authentication for Infrastructure (e.g.,
VPN, Remote Access) 51 53 37 File Integrity Monitoring 18 18 13 IT Security Training/Education/Awareness 51 25 38 Vulnerability/Risk Assessment/Scanning (of Infrastructure) 15 80 15 Advanced Anti-malware Response 50 17 38 Secure File Transfer 15 46 15 Network Intrusion Detection and/or Prevention (NIDS/NIPS) 50 86 38 SSL VPNs 15 79
17 Virtualization Security 48 12 41 Penetration Testing 14 69
18 Email Encryption 46 53 41 Computer Forensics 14 38
19 Web Application Firewall (WAF) 44 26 41 Secure Instant Messaging 14 24
20 Mobile Device Security (Not MDM) 43 8 44 Anti-spyware 8 68
20 Anti-botnet 43 24 44 Host Intrusion Detection and/or Prevention (HIDS/HIPS) 8 36
20 Threat Intelligence 43 19 46 Patch Management 6 82
23 Cloud Security 41 1 47 Anti-virus 4 90
23 Managed Security Service Provider (MSSP) 41 20 48 Anti-spam/Email Security 0 82
Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT
sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth.
Technology Adoption Index: measures aggregate investment in a technology based on several factors including: usage or planned usage, changes in planned spending, and an organization’s budget for
© 2013 451 Research, LLC. www.451research.com
Information Security Technologies: Heat Index
®
Ranking and Leading
Vendors (1 of 2)
n=207. Source: Information Security – Wave 16 |
Heat
Rank Score Heat Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use
1 100 Endpoint Data-loss Prevention Solutions Symantec! McAfee Symantec! McAfee
2 97 Application-aware Firewall Palo Alto Ntwks Check Point Palo Alto Ntwks Imperva
3 95 Mobile Device Management MobileIron! Good Tech Good Tech MobileIron
4 87 Security Information Event Management (SIEM) LogRhythm IBM HP IBM
5 85 Identity Management Oracle! EMC; CA Tech Microsoft Oracle
6 78 Network Access Control (NAC) Cisco! Aruba Ntwks Cisco! ForeScout
7 76 Event Log Management System LogRhythm! McAfee Splunk HP
8 73 Network Data-loss Prevention Solutions Symantec McAfee Symantec! Websense; EMC
9 72 Unified Threat Management (UTM) Fortinet Palo Alto Ntwks; Check
Point Palo Alto Ntwks; Fortinet Check Point 10 70 Application Security Testing – Code or Binary
Analysis-based Vulnerability Assessment Veracode WhiteHat Sec IBM HP
11 60 IT GRC (Governance, Risk, Compliance) EMC! IBM EMC! Homegrown
12 54 Policy and Configuration Management Microsoft! Symantec; Open Source;
FireMon Microsoft! Tripwire
13 51 Two-factor (Strong) Authentication for
Infrastructure (e.g., VPN, Remote Access) EMC! Symantec EMC! SafeNet
13 51 IT Security Training/Education/Awareness SANS Inst! Wombat Homegrown! SANS Inst
15 50 Advanced Anti-malware Response FireEye! Check Point; Palo Alto
Ntwks FireEye Symantec
15 50 Network Intrusion Detection and/or Prevention
(NIDS/NIPS) Palo Alto Ntwks Check Point Cisco! McAfee; HP
17 48 Virtualization Security VMware Check Point VMware! Microsoft
18 46 Email Encryption Microsoft Symantec Microsoft Cisco
19 44 Web Application Firewall (WAF) F5 Ntwks! Check Point F5 Ntwks Imperva
20 43 Mobile Device Security (Not MDM) MobileIron AirWatch MobileIron Good Tech
20 43 Anti-botnet Check Point Palo Alto Ntwks FireEye Symantec
20 43 Threat Intelligence CrowdStrike Symantec Symantec IBM
23 41 Cloud Security CipherCloud! Ping Identity Amazon Web Svcs Oracle; Homegrown
23 41 Managed Security Service Provider (MSSP) Dell AT&T Symantec Dell
Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT
sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. A ‘!’ vendor has at least twice the number of selections as the closest competitor.
© 2013 451 Research, LLC. www.451research.com
Information Security Technologies: Heat Index
®
Ranking and Leading
Vendors (2 of 2)
n=207. Source: Information Security – Wave 16 |
Heat
Rank Score Heat Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use
25 32 Information or Digital Rights Management Microsoft! WatchDox Microsoft! EMC
26 28 Laptop Encryption Microsoft! Dell Microsoft McAfee
26 28 Tokenization Agilysys SafeNet; Protegrity SafeNet; Homegrown;
EMC
Paymetric; Oracle; Microsoft; CyberSource
28 27 Email/Messaging Archiving/Compliance Google! HP Symantec Microsoft
29 25 Multifactor Authentication for Web-based
Applications Symantec; EMC - EMC! Microsoft
30 24 Hard Drive Encryption Microsoft! McAfee Microsoft! McAfee
31 24 Key Management and/or Public Key Infrastructure Microsoft Venafi Microsoft! Symantec
32 23 Database Security Imperva IBM Oracle Imperva
33 23 Single Sign-on Okta; Microsoft Ping Identity Microsoft Oracle
34 22 Network Firewalls - - Cisco Check Point
35 20 Web Content Filtering Websense! Blue Coat Websense Blue Coat
36 19 Application Security Testing – External Interface
Fuzzing or Testing Vulnerability Assessment WhiteHat Sec Veracode IBM! WhiteHat Sec
37 18 File Integrity Monitoring Tripwire Symantec Tripwire! Symantec; Open Source
38 15 Vulnerability/Risk Assessment/Scanning (of
Infrastructure) Tenable; McAfee Core Security Qualys! Open Source
38 15 Secure File Transfer Box! Google; AppSense;
Accellion Homegrown IBM
38 15 SSL VPNs Juniper Networks! Citrix; Cisco Cisco Juniper Networks
41 14 Penetration Testing - - Homegrown Trustwave
41 14 Computer Forensics Guidance Sftw! Symantec; AccessData Guidance Sftw! AccessData
41 14 Secure Instant Messaging Microsoft Google Microsoft! IBM
44 8 Anti-spyware - - Symantec McAfee
44 8 Host Intrusion Detection and/or Prevention
(HIDS/HIPS) McAfee! Trend Micro Symantec; McAfee! IBM
46 6 Patch Management Microsoft! - Microsoft! Symantec
47 4 Anti-virus Trend Micro Symantec McAfee
48 0 Anti-spam/Email Security - - Cisco Symantec
Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT
sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. A ‘!’ vendor has at least twice the number of selections as the closest competitor.
© 2013 451 Research, LLC. www.451research.com
Information Security Technologies: Heat Index
®
Ranking and Leading
In-use Vendors – Time Series (1 of 2)
2H ’12, n=200; 2H ’13, n=207. Source: Information Security – Wave 16 |
Heat
Rank Technology Lead In-use Vendor 2H ’12 Lead In-use Vendor 2H ’13 2nd In-use Vendor 2H ’12 2nd In-use Vendor 2H ’13
1 Endpoint Data-loss Prevention Solutions Symantec! Symantec! McAfee McAfee
2 Application-aware Firewall Palo Alto Ntwks Palo Alto Ntwks Imperva Imperva
3 Mobile Device Management Good Tech Good Tech MobileIron MobileIron
4 Security Information Event Management (SIEM) HP! HP IBM IBM
5 Identity Management Microsoft Microsoft Oracle Oracle
6 Network Access Control (NAC) Cisco! Cisco! Juniper ForeScout
7 Event Log Management System HP Splunk Splunk HP
8 Network Data-loss Prevention Solutions Symantec! Symantec! McAfee Websense; EMC
9 Unified Threat Management (UTM) Check Point Palo Alto Ntwks; Fortinet Fortinet; McAfee; Palo Alto Check Point 10 Application Security Testing – Code or Binary
Analysis-based Vulnerability Assessment HP IBM IBM HP
11 IT GRC (Governance, Risk, Compliance) EMC! EMC! Homegrown Homegrown
12 Policy and Configuration Management Microsoft Microsoft! Tripwire Tripwire
13 Two-factor (Strong) Authentication for
Infrastructure (e.g., VPN, Remote Access) EMC! EMC! Cisco SafeNet
13 IT Security Training/Education/Awareness Homegrown! Homegrown! SANS Inst SANS Inst
15 Advanced Anti-malware Response FireEye FireEye McAfee Symantec
15 Network Intrusion Detection and/or Prevention
(NIDS/NIPS) Cisco; HP Cisco! Sourcefire McAfee; HP
17 Virtualization Security - VMware! - Microsoft
18 Email Encryption Cisco Microsoft Microsoft Cisco
19 Web Application Firewall (WAF) Imperva F5 Ntwks F5 Ntwks Imperva
20 Mobile Device Security (Not MDM) Good Tech; RIM MobileIron MobileIron Good Tech
20 Anti-botnet FireEye FireEye McAfee; Symantec Symantec
20 Threat Intelligence Symantec! Symantec IBM IBM
23 Cloud Security - Amazon Web Svcs - Oracle; Homegrown
23 Managed Security Service Provider (MSSP) Dell Symantec Symantec Dell
Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT
sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. A ‘!’ vendor has at least twice the number of selections as the closest competitor.
© 2013 451 Research, LLC. www.451research.com
Information Security Technologies: Heat Index
®
Ranking and Leading
In-use Vendors – Time Series (2 of 2)
2H ’12, n=200; 2H ’13, n=207. Source: Information Security – Wave 16 |
Heat
Rank Technology Lead In-use Vendor 2H ’12 Lead In-use Vendor 2H ’13 2nd In-use Vendor 2H ’12 2nd In-use Vendor 2H ’13
25 Information or Digital Rights Management Microsoft! Microsoft! Homegrown EMC
26 Laptop Encryption Microsoft Microsoft McAfee McAfee
26 Tokenization Homegrown SafeNet; Homegrown; EMC EMC Paymetric; Oracle;
Microsoft; CyberSource
28 Email/Messaging Archiving/Compliance Symantec Symantec Microsoft Microsoft
29 Multifactor Authentication for Web-based
Applications EMC! EMC! SafeNet Microsoft
30 Hard Drive Encryption Microsoft Microsoft! McAfee McAfee
31 Key Management and/or Public Key Infrastructure Microsoft Microsoft! Symantec Symantec
32 Database Security Oracle Oracle Imperva Imperva
33 Single Sign-on Microsoft Microsoft Homegrown Oracle
34 Network Firewalls - Cisco - Check Point
35 Web Content Filtering - Websense - Blue Coat
36 Application Security Testing – External Interface
Fuzzing or Testing Vulnerability Assessment IBM IBM! HP WhiteHat Sec
37 File Integrity Monitoring Tripwire Tripwire! Open Source Symantec; Open Source
38 Vulnerability/Risk Assessment/Scanning (of
Infrastructure) Qualys Qualys! Open Source Open Source
38 Secure File Transfer - Homegrown - IBM
38 SSL VPNs - Cisco - Juniper Networks
41 Penetration Testing Homegrown Homegrown IBM Trustwave
41 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData AccessData
41 Secure Instant Messaging Microsoft! Microsoft! Cisco IBM
44 Anti-spyware Symantec Symantec McAfee McAfee
44 Host Intrusion Detection and/or Prevention
(HIDS/HIPS) McAfee Symantec; McAfee! Symantec IBM
46 Patch Management Microsoft! Microsoft! Emerson Symantec
47 Anti-virus - Symantec - McAfee
48 Anti-spam/Email Security - Cisco - Symantec
Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT
sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. A ‘!’ vendor has at least twice the number of selections as the closest competitor.
© 2013 451 Research, LLC. www.451research.com
Information Security Technologies: Heat Index
®
Ranking and Leading
In-plan Vendors – Time Series (1 of 2)
2H ’12, n=200; 2H ’13, n=207. Source: Information Security – Wave 16 |
Heat
Rank Technology Lead In-plan Vendor 2H ’12 Lead In-plan Vendor 2H ’13 2nd In-plan Vendor 2H ’12 2nd In-plan Vendor 2H ’13
1 Endpoint Data-loss Prevention Solutions Symantec! Symantec! McAfee McAfee
2 Application-aware Firewall Palo Alto Ntwks! Palo Alto Ntwks F5 Ntwks Check Point
3 Mobile Device Management Good Tech MobileIron! MobileIron Good Tech
4 Security Information Event Management (SIEM) HP LogRhythm IBM IBM
5 Identity Management Microsoft Oracle! Oracle EMC; CA Tech
6 Network Access Control (NAC) Cisco! Cisco! Juniper Aruba Ntwks
7 Event Log Management System HP LogRhythm! IBM McAfee
8 Network Data-loss Prevention Solutions Symantec! Symantec McAfee McAfee
9 Unified Threat Management (UTM) Palo Alto Ntwks Fortinet Check Point Palo Alto Ntwks; Check Point
10 Application Security Testing – Code or Binary Analysis-based Vulnerability Assessment
HP!; IBM!;
Qualys! Veracode ESET WhiteHat Sec
11 IT GRC (Governance, Risk, Compliance) EMC! EMC! Symantec IBM
12 Policy and Configuration Management Microsoft Microsoft! Qualys Symantec; Open Source;
FireMon 13 Two-factor (Strong) Authentication for
Infrastructure (e.g., VPN, Remote Access) EMC EMC! PhoneFactor Symantec
13 IT Security Training/Education/Awareness Wombat SANS Inst! SANS Inst Wombat
15 Advanced Anti-malware Response FireEye FireEye! EMC Check Point; Palo Alto Ntwks
15 Network Intrusion Detection and/or Prevention
(NIDS/NIPS) Cisco Palo Alto Ntwks Open Source Check Point
17 Virtualization Security - VMware - Check Point
18 Email Encryption Google Microsoft Microsoft Symantec
19 Web Application Firewall (WAF) F5 Ntwks! F5 Ntwks! Imperva Check Point
20 Mobile Device Security (Not MDM) Good Tech MobileIron MobileIron AirWatch
20 Anti-botnet FireEye Check Point Palo Alto Ntwks Palo Alto Ntwks
20 Threat Intelligence Symantec! CrowdStrike Symantec! Symantec
23 Cloud Security - CipherCloud! - Ping Identity
23 Managed Security Service Provider (MSSP) Verizon! Dell AT&T; Dell AT&T
Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT
sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. A ‘!’ vendor has at least twice the number of selections as the closest competitor.
© 2013 451 Research, LLC. www.451research.com
Information Security Technologies: Heat Index
®
Ranking and Leading
In-plan Vendors – Time Series (2 of 2)
2H ’12, n=200; 2H ’13, n=207. Source: Information Security – Wave 16 |
Heat
Rank Technology Lead In-plan Vendor 2H ’12 Lead In-plan Vendor 2H ’13 2nd In-plan Vendor 2H ’12 2nd In-plan Vendor 2H ’13
25 Information or Digital Rights Management Microsoft! Microsoft! CloudLock WatchDox
26 Laptop Encryption Microsoft Microsoft! Symantec Dell
26 Tokenization FireEye Agilysys Ingenico SafeNet; Protegrity
28 Email/Messaging Archiving/Compliance Symantec! Google! Microsoft; EMC HP
29 Multifactor Authentication for Web-based Applications EMC! Symantec; EMC Zoho; Swivel; Ping Identity;
Novell; Experian -
30 Hard Drive Encryption Microsoft Microsoft! Symantec McAfee
31 Key Management and/or Public Key Infrastructure Homegrown; IBM; Microsoft Microsoft Protegrity; Symantec; Venafi Venafi
32 Database Security Imperva Imperva IBM IBM
33 Single Sign-on Microsoft Okta; Microsoft Open Source Ping Identity
34 Network Firewalls - - - -
35 Web Content Filtering - Websense! - Blue Coat
36 Application Security Testing – External Interface Fuzzing or
Testing Vulnerability Assessment Qualys! WhiteHat Sec ESET Veracode
37 File Integrity Monitoring McAfee; Dell Tripwire Varonis Symantec
38 Vulnerability/Risk Assessment/Scanning (of Infrastructure)
Accuvant; Dell; MANDIANT; McAfee; Qualys; Rapid7; Symantec
Tenable; McAfee HID Global Core Security
38 Secure File Transfer - Box! - Google; AppSense; Accellion
38 SSL VPNs - Juniper Networks! - Citrix; Cisco
41 Penetration Testing Accuvant; MANDIANT; Open
Source; Qualys - HID Global -
41 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData Symantec; AccessData
41 Secure Instant Messaging Microsoft Microsoft - Google
44 Anti-spyware Sophos! - ESET; Palo Alto; Symantec -
44 Host Intrusion Detection and/or Prevention (HIDS/HIPS) Symantec McAfee! McAfee Trend Micro
46 Patch Management Microsoft; Symantec Microsoft! BMC Software -
47 Anti-virus - Trend Micro - -
48 Anti-spam/Email Security - - - -
Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT
sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. A ‘!’ vendor has at least twice the number of selections as the closest competitor.
© 2013 451 Research, LLC. www.451research.com < 100 1% 100-999 7% 1,000-4,999 20% 5,000-10,000 17% > 10,000 55% < $500K 19% $500K-$999K 9% $1M-$1.9M 13% $2M-$3.9M 18% $4M-$6.9M 14% $7M-$9.9M 4% $10M-$19.9M 13% $20M-$30M 4% > $30M 6% < $499.99M 16% $500M-$999.99M 7% $1B-$4.99B 29% $5B-$9.99B 15% $10B-$19.99B 13% $20B-$29.99B 7% $30B-$40B 4% > $40B 9% Financial Services 24% Healthcare/Pharmaceu ticals 11% Consumer Goods/Retail 11% Industrial/Manufacturi ng 9% Other 8% Services: Business/Accounting/E ngineerin 8% Education 7% Telecom/Technology 7% Materials/Chemicals 6% Energy/Utilities 5% Transportation 3% Public Sector 1%
Demographics
Top Left Chart: n=207; Top Right Chart, n=207; Bottom Left Chart, n=207; Bottom Right Chart, n=141.
Employee Size
Industry Verticals
Enterprise Revenue
Information Security Budget Level
© 2013 451 Research, LLC. www.451research.com
Methodology and Sample Variation
METHODOLOGY
The Information Security Study relies on a proprietary network of IT professionals and is based on in-depth interviews with 207
information security professionals conducted from April 2013 through October 2013. TheInfoPro’s interviewers are current and
former IT managers and executives. They ask open-ended questions that enable TheInfoPro to gain an excellent understanding of
the issues and decision-making process related to strategic planning, technology benchmarking, and vendor selection and
negotiation.
The Commentator Network has a variety of industry types and levels of technology adoption. TheInfoPro screens potential
commentators to ensure that they can discuss in detail their enterprises’ technology roadmap and relationships with pertinent
vendors. To participate, a commentator had to work for a large or midsize enterprise. For the purposes of this study, large
enterprises have more than $1bn of revenue and midsize enterprises have annual revenue of $100m to $999m.
SAMPLE SIZE VARIATION
Because the interviews are designed to be flexible to the needs and knowledge of the commentator, not every interviewee is asked
every question. As a result, many charts have a sample size varying from the total number of interviews.
RECENT CHANGES TO THE STUDY
Many respondents have detailed knowledge of all technology areas, but some do not. Beginning this year we are reporting
percentages based upon the full survey sample of respondents, and showing the percentage of respondents who indicated that they
did not have detailed status knowledge for certain technologies.
TheInfoPro’s Technology Heat Index® and Adoption Index have been updated. The indexes were re-engineered to provide a stronger
picture of user demand and investment in technologies. The calculations now account for planned changes in a technology’s
spending and the relevant sector’s budgets.
© 2013 451 Research, LLC. www.451research.com
How to Interpret the Data
DATA IN STANDARD BAR AND COLUMN CHARTS
Bar and column charts represent the percentage of commentators that gave a particular response. When relevant, “Don’t Know” responses are included
on charts. If a stacked bar or column chart does not equal 100%, it is because “Don’t Know” or “Not Using” responses are hidden. For questions with
multiple responses per interview, the totals for some charts may exceed 100%.
TECHNOLOGY ROADMAP AND INDEXES
The Technology Roadmaps highlight the percentage of respondents with a technology ‘in use,’ the percentage that are likely to use the technology for
the first time in the next two years, and those who have no plans. The size of the gap between 'in use' and 'not in plan' status indicates the potential
opportunity for a technology in the next two years. For each roadmap technology, respondents are asked about their implementation status and plans,
the vendors in use or consideration, and expectations for spending changes. This data is combined with spending and budget data to calculate the Heat
and Adoption index values for each technology.
The Technology Heat Index® measures user demand for a technology based on several factors including: usage or planned usage, changes in planned
spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is
expected to see significant growth.
The Technology Adoption Index measures aggregate investment in a technology based on several factors including: usage or planned usage, changes in
planned spending, and an organization’s budget for the relevant IT sector. A high score means the technology is already experiencing healthy adoption.
Technologies with a high Heat Index score and a low Adoption Index score have the largest near-term market opportunity for vendors. Technologies with
a high Heat Index score and a high Adoption Index score are experiencing near-term growth but have limited opportunities for new market entrants. A
low Heat Index paired with a low Adoption Index indicates a technology with limited near-term growth potential.
CUSTOMER RATINGS
Respondents rated vendors on 14 criteria using a 1-5 scale, with ‘1’ being poor and ‘5’ being excellent.
The Market Window is TheInfoPro's unique methodology to visualize comparative vendor ratings on a single chart. It plots the Promise and Fulfillment
Indexes to compare vendors’ effectiveness at marketing and execution. A vendor placing in the upper right quadrant is rated highly for both its promise
and ability to execute – underpromising and overdelivering – relative to its peers. Conversely, a vendor in the lower left quadrant rates poorly on the
same criteria.
The Vendor Promise Index is designed as a measure of marketing effectiveness. It uses four of the 14 customer ratings criteria (competitive positioning,
technical innovation, management’s strategic vision and brand/reputation), which are related to global concepts conveyed to potential customers prior to
actual product/service delivery and use.
The Vendor Fulfillment Index is designed as a measure of execution effectiveness. It uses four of the 14 customer ratings criteria (value for the money,
product quality, delivery as promised and technical support quality), which are related to the physical product/service delivery and customer experience
of using the product or service.
© 2013 451 Research, LLC. www.451research.com
Each individual report summarizes interesting portions of TheInfoPro’s Wave 16 Information
Security Study and does not comprehensively review the hundreds of pages of research that
form the full study. For access to TheInfoPro’s reports and services, please contact
sales@451research.com. Methodology questions may be addressed to
client.services@451research.com.
451 Research, a division of The 451 Group, is focused on the business of enterprise IT
innovation. The company’s analysts provide critical and timely insight into the competitive
dynamics of innovation in emerging technology segments. Business value is delivered via daily
concise and insightful published research, periodic deeper-dive reports, data tools,
market-sizing research, analyst advisory, and conferences and events. Clients of the company – at
vendor, investor, service-provider and end-user organizations – rely on 451 Research’s insight
to support both strategic and tactical decision-making.
TheInfoPro, a service of 451 Research, is widely regarded as ‘The Voice of the Customer,’
providing independent, ‘real world’ intelligence on key IT sectors including Servers and
Virtualization, Information Security, Networking, Storage and Cloud Computing. Using
one-on-one interviews conducted within a proprietary network composed of the world’s largest buyers
and users of IT, TheInfoPro provides data and insights that are used for strategic planning,
technology benchmarking, competitive analysis, and vendor selection and negotiation.
Reproduction and distribution of this publication, in whole or in part, in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss legal issues related to the information technology business, 451 Research does not provide legal advice or
services and their research should not be construed or used as such. 451 Research shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended
results. The opinions expressed herein are subject to change without notice. TheInfoPro™ and logo are registered trademarks and property of 451 Research, LLC.
© 2013 451 Research, LLC and/or its Affiliates. All Rights Reserved.