Reference Technology Roadmap

(1)

Information Security Study: Wave 17

Reference Technology

Roadmap

Comparing all 42 technologies tracked in the study, this high-level reference contains the Technology

Heat Index, the Adoption Index, leading vendor tables, overall technology roadmap and spending charts.

It also indicates what is included in the more detailed reports based on each technology segment

covered in the study.

WWW.451RESEARCH.COM

(2)

About TheInfoPro’s Information Security Study

TheInfoPro’s Information Security Study takes an in-depth look at key industry trends and tracks the performance

of individual vendors. Now in its twelfth year, this study was finalized in September 2014 and is based on 217

interviews.

TheInfoPro’s methodology uses extensive interviews with a proprietary network of IT professionals and key

decision-makers at large and midsize enterprises. Each interview explores several fundamental areas, including

the implementation and spending plans for technologies, evaluations of vendors observed from business and

product perspectives, macro IT influences transforming the sector, and factors affecting decision processes.

Results are collated into comprehensive research reports providing business intelligence in the form of

technological roadmaps, budget trends and vendor spending plans and performance ratings.

Examples of Vendors Covered in the Study

Aruba Networks

Blue Coat Systems

Check Point

Cisco

Dell

EMC (RSA)

Fortinet

FireEye

Guidance Software

Hewlett-Packard

Intel (McAfee)

Juniper Networks

Microsoft

Palo Alto Networks

Qualys

Rapid7

Sophos

Symantec

Websense

About the Author

This report was written by Daniel Kennedy, Research Director for Enterprise Networking and Information Security.

Daniel Kennedy is an experienced information security professional. Prior to joining 451 Research, he was a partner in the information security consultancy Praetorian Security LLC, where he directed strategy on risk assessment and security certification. Before that, he was Global Head of Information Security for D.B. Zwirn & Co., as well as Vice President of Application Security and Development Manager at Pershing LLC, a division of the Bank of New York.

Kennedy has written for both Forbes online and Ziff Davis, has provided commentary to numerous news outlets, including The New York Times and The Wall Street Journal, and his personal blog, Praetorian Prefect, which was recognized as one of the top five technical blogs in information security by the RSA 2010 Conference.

Kennedy holds a master of science degree in information systems from Stevens Institute of Technology, a master of science in information assurance from Norwich University, and a bachelor of science in information management and technology from Syracuse University. He is certified as a CEH (Certified Ethical Hacker) from the EC-Council, is a CISSP, and has a NASD Series 7 license.

(3)

Guide to Information Security Study Reports

A wave of research produces a series of reports that are published approximately in this order:

Source: Information Security – Wave 17 |

2015 INFORMATION SECURITY OUTLOOK

Information security professionals describe how 2015 looks for budgets, projects and pain points with time series charts to give _{perspective to the coming year.}

INFORMATION SECURITY METRICS

Benchmarking organization efficiency, this report contains metrics about staffing, organization structure, the existence of written _{policies, compliance and internal security.}

REFERENCE TECHNOLOGY ROADMAP

Allowing comparison of all 42 technologies tracked in the study, this high-level reference contains the Technology Heat Index, the Adoption Index, leading vendor tables, overall technology roadmap and spending charts. It also indicates what is included in the more detailed reports based on each technology segment covered in the study.

APPLICATION SECURITY TECHNOLOGY

ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers these four technologies: Web application firewalls, Web application scanning, code/binary analysis and database security.

INFRASTRUCTURE SECURITY

TECHNOLOGY ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 14 technologies, including endpoint and network data-loss prevention (DLP), encryption and tokenization.

NETWORK SECURITY TECHNOLOGY

ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 11 technologies, including firewalls, NIPS, NAC, UTM, anti-spam and anti-DDoS.

SECURITY MANAGEMENT TECHNOLOGY

ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 13 technologies, including mobile device management, SIEM, IT GRC, identity federation, threat intelligence and computer forensics.

VENDOR VULNERABILITY AND SPENDING

This report allows you to compare IT professionals’ spending intentions and loyalty ratings for more than 12 vendors.

VENDOR MARKET WINDOWS AND

RATINGS

TheInfoPro’s unique Market Window uses IT professionals’ ratings of vendors on 14 separate criteria to calculate scores for Vendor Promise and Vendor Fulfillment, allowing comparison of vendors’ effectiveness at strategy, marketing, delivery and execution.

CUSTOMER ASSESSMENTS FOR

INDIVIDUAL VENDORS

Summarizing IT professionals’ assessments for vendors, this report profiles individual vendors based on spending, vulnerability and ratings on 14 categories. Time series are included.

NARRATIVES

Compiling open-ended commentary from in-depth interviews with IT professionals, you hear the direct ‘voice of the customer’ _{discussing technology, the industry and the future of this sector.}

MARKET DYNAMICS

Designed for IT professionals, this report captures highlights from the complete study, and provides business intelligence in the form of technological roadmaps, budget trends, voice-of-the-customer narratives and vendor spending plans and performance ratings.

(4)

Table of Contents

Source: Information Security – Wave 17 |

About TheInfoPro’s Information Security Study

2

Principal Findings

5

Implementation Plans

6

Technology Heat Index and Leading Vendors

9

Appendixes

Demographics, Methodology, Sample Variation

17

(5)

Principal Findings

•

Firewall-management-related initiatives topped the project list for security managers in 2014, and thus it is

little surprise that the network firewalls also captured the greatest percentage of those increasing spending in

2014 compared to 2013. Application-aware or next-generation firewalls also captured increased spending for

29% of security managers.

•

Intrusion management and event log management rounded out the top three projects in terms of percentage

of security managers increasing spending between 2013 and now.

•

Looking forward to 2015, network firewalls again are at the top of the technology list when it comes to the

percentage of security managers increasing spending, 31%. It is tied with mobile device management (MDM),

where 31% of security managers also report plans for increased spending.

•

Application-aware or next-generation firewalls round out the top three technologies capturing increased

spending in 2015. It is similarly atop the 2014 proprietary Technology Heat Index, a measure of the

immediacy of user needs around all tracked security technologies. Palo Alto Networks is the lead in-plan

vendor.

•

Network access control (NAC) is number two on the same Heat Index, buoyed by the increase in mobility,

guest networks, and non-corporate devices connecting to the company network. Cisco is the lead in-plan

vendor for NAC.

•

Endpoint data-loss prevention (DLP) rounds out the top three on the Heat Index. Symantec was the lead

in-plan vendor in 2013, but gave way to Websense in 2014.

•

Similarly, the lead in-plan vendor for mobile device management (MDM) in 2013, MobileIron, gave way to

VMware in 2014, fresh off its acquisition of AirWatch.

(6)

Information Security Technology Roadmap

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Tools for Security Public Cloud Information/Digital Rights MgmtTokenization Tools for Securing Virtualization InfraCode or Binary Analysis Unified Threat Management Network Data-loss Prevention SolutionsFile Integrity Monitoring Network Access Control Endpoint Data-loss Prevention SolutionsIT GRC Database Security Web Application Firewall Managed Security Service ProviderThreat Intelligence Advanced Anti-malware ResponseAnti-DDoS Application-aware/Next-gen FirewallSecure Instant Messaging HIDS/HIPS Computer Forensics Web Application Scanning SSO, Identity as a Service, Identity Fed Security Information Event ManagementCertificate/Key Management IT Sec Training/Edu/AwarenessMobile Device Management Email and Messaging Archiving Authorization and Access ControlSecure File Transfer Event Log Management SystemMultifactor Authentication Encryption Penetration Testing Web Content Filtering Vulnerability/Risk Assessment/ScanningSSL VPNs NIDS/NIPS Patch Management Anti-spam/Email SecurityNetwork Firewalls Antivirus/Endpoint Security

In Use Now In Pilot/Evaluation (Budget Has Already Been Allocated)

Near-term Plan (In Next 6 Months) Long-term Plan (6-18 Months)

Past Long-term Plan (Later Than 18 Months Out) Not in Plan Don't Know

(7)

2014 vs. 2013 Spending Change for Information Security Technologies

3% 1% 2% 1% 3% 1% 1% 3% 2% 7% 1% 1% 1% 3% 1% 3% 3% 1% 1% 1% 3% 7% 1% 2% 2% 7% 2% 2% 1% 2% 1% 4% 2% 2% 4% 2% 5% 7% 17% 10% 41% 27% 18% 29% 43% 25% 22% 47% 28% 72% 41% 70% 31% 28% 32% 77% 17% 54% 66% 26% 52% 24% 29% 64% 54% 28% 63% 53% 56% 44% 26% 48% 45% 54% 41% 44% 30% 46% 52% 50% 4% 5% 6% 6% 7% 7% 8% 8% 10% 11% 11% 12% 12% 13% 13% 13% 13% 13% 13% 13% 13% 14% 14% 14% 14% 15% 16% 16% 19% 19% 19% 20% 21% 21% 22% 25% 28% 29% 29% 30% 33% 37%

Information/Digital Rights MgmtTools for Security Public Cloud Secure Instant MessagingFile Integrity Monitoring Tokenization Database SecurityHIDS/HIPS Tools for Securing Virtualization InfraUnified Threat Management Web Application ScanningThreat Intelligence Patch Management Computer Forensics Anti-spam/Email SecurityWeb Application Firewall Anti-DDoS Endpoint Data-loss Prevention SolutionsAntivirus/Endpoint Security Code or Binary Analysis Email and Messaging ArchivingPenetration Testing Network Data-loss Prevention SolutionsCertificate/Key Management IT GRC Managed Security Service ProviderSSL VPNs Secure File Transfer Advanced Anti-malware Response Vulnerability/Risk Assessment/ScanningMultifactor Authentication Encryption IT Sec Training/Edu/AwarenessNetwork Access Control Authorization and Access Control SSO, Identity as a Service, Identity FedWeb Content Filtering Security Information Event ManagementMobile Device Management Application-aware/Next-gen FirewallEvent Log Management System NIDS/NIPS Network Firewalls

Less Spending About the Same More Spending

Q. How will your spending on this technology change in 2014 as compared to 2013? n=209 to 214. Data from respondents not using the technology or that don't know about

(8)

2015 vs. 2014 Spending Change for Information Security Technologies

1% 2% 2% 2% 3% 6% 1% 8% 5% 2% 1% 4% 1% 4% 3% 2% 1% 1% 3% 2% 6% 2% 3% 4% 1% 1% 1% 1% 3% 8% 3% 5% 10% 4% 8% 3% 12% 43% 25% 14% 18% 42% 28% 74% 73% 4% 25% 66% 54% 45% 18% 77% 28% 19% 24% 31% 52% 41% 19% 53% 64% 60% 26% 64% 25% 20% 58% 47% 25% 48% 48% 23% 44% 47% 53% 40% 28% 41% 48% 4% 6% 6% 7% 7% 9% 9% 9% 10% 11% 11% 11% 11% 11% 11% 12% 12% 12% 12% 12% 13% 13% 14% 15% 15% 15% 15% 16% 17% 18% 18% 20% 21% 22% 23% 24% 25% 27% 27% 27% 31% 31%

Secure Instant MessagingFile Integrity Monitoring Information/Digital Rights MgmtTokenization HIDS/HIPS Threat Intelligence Patch Management Anti-spam/Email Security Tools for Security Public CloudDatabase Security SSL VPNs Email and Messaging ArchivingWeb Application Scanning Code or Binary Analysis Antivirus/Endpoint SecurityAnti-DDoS Unified Threat ManagementIT GRC Advanced Anti-malware ResponseCertificate/Key Management Computer Forensics Tools for Securing Virtualization InfraSecure File Transfer Penetration Testing Web Content Filtering Web Application Firewall Vulnerability/Risk Assessment/ScanningManaged Security Service Provider Network Data-loss Prevention SolutionsEncryption IT Sec Training/Edu/Awareness Endpoint Data-loss Prevention SolutionsAuthorization and Access Control Multifactor AuthenticationNetwork Access Control SSO, Identity as a Service, Identity FedEvent Log Management System NIDS/NIPS Security Information Event ManagementApplication-aware/Next-gen Firewall Mobile Device ManagementNetwork Firewalls

Less Spending About the Same More Spending

Q. How will your spending on this technology change in 2015 as compared to 2014? n=209 to 214. Data from respondents not using the technology or that don't know about

(9)

Information Security Technologies: Heat Index

®

vs. Adoption Index

n=212 to 215. _{Source: Information Security – Wave 17 |}

Heat

Rank Technology Score Heat Adoption Score Rank Heat Technology Score Heat Adoption Score

1 Application–aware/Next–generation Firewall 100 40 21 IT Security Training/Education/Awareness 30 64

2 Network Access Control 99 26 21 Code or Binary Analysis 30 20

3 Endpoint Data–loss Prevention Solutions 86 26 24 Web Application Scanning 27 48 4 Mobile Device Management 80 69 24 Network Intrusion Detection and/or Prevention 27 92

5 Network Data–loss Prevention Solutions 78 22 26 Database Security 25 25

6 Multifactor Authentication 70 67 26 Tools for Security Public Cloud 25 0

7 Web Application Firewall 64 25 28 Information or Digital Rights Management 22 6

8 Security Information Event Management 63 64 29 Web Content Filtering 20 79

9 Single Sign–on, Identity as a Service and/or _{Identity Federation} 62 60 29 Vulnerability/Risk Assessment/Scanning 20 82

10 Event Log Management System 61 74 31 File Integrity Monitoring 19 19

11 Advanced Anti–malware Response 57 30 32 Host Intrusion Detection and/or Prevention 18 39

12 Managed Security Service Provider 56 26 32 Computer Forensics 18 48

13 Authorization and Access Control 44 69 34 Network Firewalls 16 100

14 Tools for Securing Virtualization Infrastructure 43 14 35 Patch Management 14 86

15 Secure File Transfer 40 60 35 Penetration Testing 14 81

16 Threat Intelligence 38 29 37 Tokenization 12 10

17 IT GRC 35 25 38 Encryption 11 79

18 Anti–DDoS 32 27 39 SSL VPNs 9 84

19 Certificate/Key Management 31 58 39 Secure Instant Messaging 9 36

19 Email and Messaging Archiving 31 60 41 Anti–spam/Email Security 4 89

21 Unified Threat Management 30 19 42 Antivirus/Endpoint Security 0 97

Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth.

Technology Adoption Index: measures aggregate investment in a technology based on several factors including: usage or planned usage, changes in planned spending, and an organization’s budget for the relevant IT sector. A high score means the technology is already experiencing healthy adoption.

(10)

Information Security Technologies: Heat Index

®

Ranking and Leading

Vendors (1 of 2)

Heat

Rank Score Heat Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use

1 100 Application–aware/Next–generation Firewall Palo Alto Ntwks! Check Point Palo Alto Ntwks! Check Point

2 99 Network Access Control Cisco! ForeScout Cisco! Juniper

3 86 Endpoint Data–loss Prevention Solutions Websense Symantec Symantec Intel

4 80 Mobile Device Management VMware! Microsoft VMware MobileIron

5 78 Network Data–loss Prevention Solutions Websense Symantec Symantec! EMC

6 70 Multifactor Authentication EMC! Duo Security EMC! Microsoft

7 64 Web Application Firewall Palo Alto Ntwks F5 Ntwks F5 Ntwks Imperva

8 63 Security Information Event Management Splunk LogRhythm HP IBM

9 62 Single Sign–on, Identity as a Service and/or Identity _Federation Okta Oracle Microsoft! Oracle

10 61 Event Log Management System Splunk! Open Source Splunk HP

11 57 Advanced Anti–malware Response FireEye! Bit9 FireEye Intel

12 56 Managed Security Service Provider Verizon HP; IBM Dell Symantec

13 44 Authorization and Access Control EMC Cisco; SailPoint Microsoft! Oracle 14 43 Tools for Securing Virtualization Infrastructure VMware Symantec VMware! Intel

15 40 Secure File Transfer IBM; WatchDox Box; Citrix; Microsoft IBM Accellion; Homegrown; _Ipswitch 16 38 Threat Intelligence FireEye! HP; IBM; iSIGHT; NTT; Palo _{Alto Ntwks; Symantec} Symantec Dell

17 35 IT GRC EMC LockPath EMC! Homegrown

18 32 Anti–DDoS Akamai Prolexic Akamai AT&T; Prolexic

19 31 Certificate/Key Management Microsoft! Venafi Microsoft! Symantec; Verisign, Inc.

19 31 Email and Messaging Archiving Microsoft Symantec Microsoft Symantec

21 30 Unified Threat Management Cisco Palo Alto Ntwks Palo Alto Ntwks Intel

Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. A ‘!’ vendor has at least twice the number of selections as the closest competitor.

(11)

Information Security Technologies: Heat Index

®

Ranking and Leading

Vendors (2 of 2)

Heat

Rank Score Heat Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use

21 30 IT Security Training/Education/Awareness Cisco; FishNet; PhishMe; SANS Inst; Security

Awareness; TSTC Homegrown Homegrown! SANS Inst

21 30 Code or Binary Analysis Veracode HP HP Veracode

24 27 Web Application Scanning WhiteHat Sec! Open Source; Qualys; _Rapid7 Qualys HP 24 27 Network Intrusion Detection and/or Prevention Palo Alto Ntwks Cisco Cisco! Palo Alto Ntwks

26 25 Database Security Imperva! Intel Oracle Imperva

26 25 Tools for Security Public Cloud CipherCloud! Okta Microsoft CloudLock; Homegrown; _{Skyhigh Ntwks} 28 22 Information or Digital Rights Management Microsoft! Adobe; EMC; GigaTrust Microsoft! Adobe 29 20 Web Content Filtering Palo Alto Ntwks! Cisco; F5 Ntwks; Intel; _Websense Websense Blue Coat 29 20 Vulnerability/Risk Assessment/Scanning Qualys Rapid7 Qualys! Rapid7 31 19 File Integrity Monitoring Tripwire! Intel; Symantec Tripwire! Microsoft 32 18 Host Intrusion Detection and/or Prevention Intel! Open Source; Symantec Intel!; Symantec Tripwire 32 18 Computer Forensics Guidance Sftw! Bit9; FireEye Guidance Sftw! AccessData

34 16 Network Firewalls Palo Alto Ntwks! – Cisco Check Point

35 14 Patch Management Secunia; TCS Microsoft Microsoft! IBM

35 14 Penetration Testing Dell! Homegrown Homegrown; PWC; Rapid7 Deloitte; Protiviti 37 12 Tokenization Symantec VeriFone Homegrown! CyberSource; Liaison Tech; _{Paymetric; Protegrity}

38 11 Encryption Microsoft! EMC Microsoft Symantec

39 9 SSL VPNs Cisco! Sophos Cisco Juniper

39 9 Secure Instant Messaging Microsoft! Avaya Microsoft! IBM

41 4 Anti–spam/Email Security Symantec! – Microsoft Cisco

42 0 Antivirus/Endpoint Security – – Symantec Intel

(12)

Information Security Technologies: Heat Index

®

Ranking and Leading

In-use Vendors – Time Series (1 of 2)

2H '13, n=198 to 205; 2H '14, n=212 to 215. _{Source: Information Security – Wave 17 |}

Heat

Rank Technology Lead In-use Vendor 2H '13 Lead In-use Vendor 2H '14 2nd In-use Vendor 2H '13 2nd In-use Vendor 2H '14

1 Application–aware/Next–generation Firewall Palo Alto Ntwks Palo Alto Ntwks! Imperva Check Point

2 Network Access Control Cisco! Cisco! ForeScout Juniper

3 Endpoint Data–loss Prevention Solutions Symantec! Symantec McAfee Intel

4 Mobile Device Management Good Tech VMware MobileIron MobileIron

5 Network Data–loss Prevention Solutions Symantec! Symantec! EMC; Websense EMC

6 Multifactor Authentication EMC! EMC! Microsoft Microsoft

7 Web Application Firewall F5 Ntwks F5 Ntwks Imperva Imperva

8 Security Information Event Management HP HP IBM IBM

9 Single Sign–on, Identity as a Service and/or Identity _Federation Microsoft Microsoft! Oracle Oracle

10 Event Log Management System Splunk Splunk HP HP

11 Advanced Anti–malware Response FireEye FireEye Symantec Intel

12 Managed Security Service Provider Symantec Dell Dell Symantec

13 Authorization and Access Control – Microsoft! – Oracle

14 Tools for Securing Virtualization Infrastructure VMware! VMware! Microsoft Intel

15 Secure File Transfer Homegrown IBM IBM Accellion; Homegrown; _Ipswitch

16 Threat Intelligence Symantec Symantec IBM Dell

17 IT GRC EMC! EMC! Homegrown Homegrown

18 Anti–DDoS – Akamai – AT&T; Prolexic

19 Certificate/Key Management Microsoft! Microsoft! Symantec Symantec; Verisign, Inc.

19 Email and Messaging Archiving Symantec Microsoft Microsoft Symantec

21 Unified Threat Management Fortinet; Palo Alto Ntwks Palo Alto Ntwks Check Point Intel

(13)

Information Security Technologies: Heat Index

®

Ranking and Leading

In-use Vendors – Time Series (2 of 2)

Heat

Rank Technology Lead In-use Vendor 2H '13 Lead In-use Vendor 2H '14 2nd In-use Vendor 2H '13 2nd In-use Vendor 2H '14

21 IT Security Training/Education/Awareness Homegrown! Homegrown! SANS Inst SANS Inst

21 Code or Binary Analysis IBM HP HP Veracode

24 Web Application Scanning – Qualys – HP

24 Network Intrusion Detection and/or Prevention Cisco! Cisco! HP; McAfee Palo Alto Ntwks

26 Database Security Oracle Oracle Imperva Imperva

26 Tools for Security Public Cloud AWS Microsoft Homegrown; Oracle; CloudLock; Homegrown; _{Skyhigh Ntwks}

28 Information or Digital Rights Management Microsoft! Microsoft! EMC Adobe

29 Web Content Filtering Websense Websense Blue Coat Blue Coat

29 Vulnerability/Risk Assessment/Scanning Qualys! Qualys! Open Source Rapid7 31 File Integrity Monitoring Tripwire! Tripwire! Open Source; Symantec Microsoft 32 Host Intrusion Detection and/or Prevention McAfee!; Symantec Intel!; Symantec IBM Tripwire

32 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData AccessData

34 Network Firewalls Cisco Cisco Check Point Check Point

35 Patch Management Microsoft! Microsoft! Symantec IBM

35 Penetration Testing Homegrown Homegrown; PWC; Rapid7 Trustwave Deloitte; Protiviti 37 Tokenization EMC; Homegrown; SafeNet Homegrown! CyberSource; Microsoft; _{Oracle; Paymetric} CyberSource; Liaison Tech; _{Paymetric; Protegrity}

38 Encryption – Microsoft – Symantec

39 SSL VPNs Cisco Cisco Juniper Juniper

39 Secure Instant Messaging Microsoft! Microsoft! IBM IBM

41 Anti–spam/Email Security Cisco Microsoft Symantec Cisco

42 Antivirus/Endpoint Security Symantec Symantec McAfee Intel

(14)

Information Security Technologies: Heat Index

®

Ranking and Leading

In-plan Vendors – Time Series (1 of 2)

Heat

Rank Technology Lead In-plan Vendor 2H '13 Lead In-plan Vendor 2H '14 2nd In-plan Vendor 2H '13 2nd In-plan Vendor 2H '14

1 Application–aware/Next–generation Firewall Palo Alto Ntwks Palo Alto Ntwks! Check Point Check Point

2 Network Access Control Cisco! Cisco! Aruba Ntwks ForeScout

3 Endpoint Data–loss Prevention Solutions Symantec! Websense McAfee Symantec

4 Mobile Device Management MobileIron! VMware! Good Tech Microsoft

5 Network Data–loss Prevention Solutions Symantec Websense McAfee Symantec

6 Multifactor Authentication EMC; Symantec EMC! – Duo Security

7 Web Application Firewall F5 Ntwks! Palo Alto Ntwks Check Point F5 Ntwks

8 Security Information Event Management LogRhythm Splunk IBM LogRhythm

9 Single Sign–on, Identity as a Service and/or Identity _Federation Microsoft; Okta Okta Ping Identity Oracle

10 Event Log Management System LogRhythm! Splunk! McAfee Open Source

11 Advanced Anti–malware Response FireEye! FireEye! Check Point; Palo Alto Ntwks Bit9

12 Managed Security Service Provider Dell Verizon AT&T HP; IBM

13 Authorization and Access Control – EMC – Cisco; SailPoint

14 Tools for Securing Virtualization Infrastructure VMware VMware Check Point Symantec 15 Secure File Transfer Box! IBM; WatchDox Accellion; AppSense; Google Box; Citrix; Microsoft 16 Threat Intelligence CrowdStrike FireEye! Symantec HP; IBM; iSIGHT; NTT; Palo _{Alto Ntwks; Symantec}

17 IT GRC EMC! EMC IBM LockPath

18 Anti–DDoS – Akamai – Prolexic

19 Certificate/Key Management Microsoft Microsoft! Venafi Venafi

19 Email and Messaging Archiving Google! Microsoft HP Symantec

21 Unified Threat Management Fortinet Cisco Check Point; Palo Alto Ntwks Palo Alto Ntwks

(15)

Information Security Technologies: Heat Index

®

Ranking and Leading

In-plan Vendors – Time Series (2 of 2)

Heat

Rank Technology Lead In-plan Vendor 2H '13 Lead In-plan Vendor 2H '14 2nd In-plan Vendor 2H '13 2nd In-plan Vendor 2H '14

21 IT Security Training/Education/Awareness SANS Inst! Cisco; FishNet; PhishMe; SANS Inst; Security

Awareness; TSTC Wombat Homegrown

21 Code or Binary Analysis Veracode Veracode WhiteHat Sec HP

24 Web Application Scanning – WhiteHat Sec! – Open Source; Qualys; Rapid7

24 Network Intrusion Detection and/or Prevention Palo Alto Ntwks Palo Alto Ntwks Check Point Cisco

26 Database Security Imperva Imperva! IBM Intel

26 Tools for Security Public Cloud CipherCloud! CipherCloud! Ping Identity Okta

28 Information or Digital Rights Management Microsoft! Microsoft! WatchDox Adobe; EMC; GigaTrust 29 Web Content Filtering Websense! Palo Alto Ntwks! Blue Coat Cisco; F5 Ntwks; Intel; _Websense 29 Vulnerability/Risk Assessment/Scanning McAfee; Tenable Qualys Core Security Rapid7

31 File Integrity Monitoring Tripwire Tripwire! Symantec Intel; Symantec

32 Host Intrusion Detection and/or Prevention McAfee! Intel! Trend Micro Open Source; Symantec 32 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData; Symantec Bit9; FireEye

34 Network Firewalls – Palo Alto Ntwks! – –

35 Patch Management Microsoft! Secunia; TCS – Microsoft

35 Penetration Testing – Dell! – Homegrown

37 Tokenization Agilysys Symantec Protegrity; SafeNet VeriFone

38 Encryption – Microsoft! – EMC

39 SSL VPNs Juniper! Cisco! Cisco; Citrix Sophos

39 Secure Instant Messaging Microsoft Microsoft! Google Avaya

41 Anti–spam/Email Security – Symantec! – –

42 Antivirus/Endpoint Security Trend Micro – – –

(16)

(17)

© 2014 451 Research, LLC. www.451research.com 100-999 8% 1,000-4,999 29% 5,000-10,000 15% > 10,000 48% < $500K 20% $500K-$999K 11% $1M-$3.99M 31% $4M-$6.99M 9% $7M-$9.99M 12% $10M-$19.99M 6% $20M-$29.99M 3% > $30M 8% < $499.99M 19% $500M-$999.99M 8% $1B-$4.99B 33% $5B-$9.99B 13% $10B-$19.99B 13% $20B-$29.99B 3% $30B-$40B 2% > $40B 9% Financial Services 25% Consumer Goods/Retail 12% Healthcare/ Pharmaceuticals 10% Education 8% Telecom/Technology 8% Services: Business/Accounting/ Engineering 7% Materials/Chemicals 6% Industrial/ Manufacturing 5% Energy/Utilities 4% Transportation 3% Public Sector 3% Other 9%

Demographics

Top Left Chart, n=215; Top Right Chart, n=215; Bottom Left Chart, n=215; Bottom Right Chart, n=145.

Employee Size

Industry Verticals

Enterprise Revenue

Information Security Budget Level

(18)

Methodology and Sample Variation

METHODOLOGY

The Information Security Study relies on a proprietary network of IT professionals and is based on in-depth interviews with 217

security professionals conducted from February 2014 through July 2014. TheInfoPro’s interviewers are current and former IT

managers and executives. They ask open-ended questions that enable TheInfoPro to gain an excellent understanding of the issues

and decision-making process related to strategic planning, technology benchmarking, and vendor selection and negotiation.

The Commentator Network has a variety of industry types and levels of technology adoption. TheInfoPro screens potential

commentators to ensure that they can discuss in detail their enterprises’ technology roadmap and relationships with pertinent

vendors. To participate, a commentator had to work for a large or midsize enterprise. For the purposes of this study, large

enterprises have more than $1bn of revenue and midsize enterprises have annual revenue of $100m to $999m.

SAMPLE SIZE VARIATION

Because the interviews are designed to be flexible to the needs and knowledge of the commentator, not every interviewee is asked

every question. As a result, many charts have a sample size varying from the total number of interviews.

RECENT CHANGES TO THE STUDY

Many respondents have detailed knowledge of all technology areas, but some do not. Beginning this year we are reporting

percentages based upon the full survey sample of respondents, and showing the percentage of respondents who indicated that they

did not have detailed status knowledge for certain technologies.

TheInfoPro’s Technology Heat Index® and Adoption Index have been updated. The indexes were re-engineered to provide a stronger

picture of user demand and investment in technologies. The calculations now account for planned changes in a technology’s

spending and the relevant sector’s budgets.

(19)

How to Interpret the Data

DATA IN STANDARD BAR AND COLUMN CHARTS

Bar and column charts represent the percentage of commentators that gave a particular response. When relevant, “Don’t Know” responses are included

on charts. If a stacked bar or column chart does not equal 100%, it is because “Don’t Know” or “Not Using” responses are hidden. For questions with

multiple responses per interview, the totals for some charts may exceed 100%.

TECHNOLOGY ROADMAP AND INDEXES

The

Technology Roadmaps

highlight the percentage of respondents with a technology ‘in use,’ the percentage that are likely to use the technology for

the first time in the next two years, and those who have no plans. The size of the gap between 'in use' and 'not in plan' status indicates the potential

opportunity for a technology in the next two years. For each roadmap technology, respondents are asked about their implementation status and plans,

the vendors in use or consideration, and expectations for spending changes. This data is combined with spending and budget data to calculate the Heat

and Adoption index values for each technology.

The

Technology Heat Index®

measures user demand for a technology based on several factors, including usage or planned usage, changes in planned

spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is

expected to see significant growth.

The

Technology Adoption Index

measures aggregate investment in a technology based on several factors, including usage or planned usage, changes in

planned spending, and an organization’s budget for the relevant IT sector. A high score means the technology is already experiencing healthy adoption.

Technologies with a high Heat Index score and a low Adoption Index score have the largest near-term market opportunity for vendors. Technologies with

a high Heat Index score and a high Adoption Index score are experiencing near-term growth but have limited opportunities for new market entrants. A

low Heat Index paired with a low Adoption Index indicates a technology with limited near-term growth potential.

CUSTOMER RATINGS

Respondents rated vendors on 14 criteria using a 1-5 scale, with ‘1’ being poor and ‘5’ being excellent.

The

Market Window

is TheInfoPro's unique methodology to visualize comparative vendor ratings on a single chart. It plots

the Promise and Fulfillment

Indexes to compare vendors’ effectiveness at marketing and execution. A vendor placing in the upper right quadrant is rated highly for both its promise

and ability to execute – underpromising and overdelivering – relative to its peers. Conversely, a vendor in the lower left quadrant rates poorly on the

same criteria.

The

Vendor Promise Index

is designed as a measure of marketing effectiveness. It uses four of the 14 customer ratings criteria (competitive positioning,

technical innovation, management’s strategic vision and brand/reputation), which are related to global concepts conveyed to potential customers prior to

actual product/service delivery and use.

The

Vendor Fulfillment Index

is designed as a measure of execution effectiveness. It uses four of the 14 customer ratings criteria (value for the money,

product quality, delivery as promised and technical support quality), which are related to the physical product/service delivery and customer experience

of using the product or service.

(20)

Each individual report summarizes interesting portions of TheInfoPro’s Wave 17 Information

Security Study and does not comprehensively review the hundreds of pages of research that

form the full study. For access to TheInfoPro’s reports and services, please contact

sales@451research.com. Methodology questions may be addressed to

client.services@451research.com.

451 Research is a preeminent information technology research and advisory company. With a

core focus on technology innovation and market disruption, we provide essential insight for

leaders of the digital economy. More than 100 analysts and consultants deliver that insight via

syndicated research, advisory services and live events to over 1,000 client organizations in

North America, Europe and around the world. Founded in 2000 and headquartered in New

York, 451 Research is a division of The 451 Group.

TheInfoPro, a service of 451 Research, is widely regarded as ‘The Voice of the Customer,’

providing independent, ‘real world’ intelligence on key IT sectors including Servers and

Virtualization, Information Security, Networking, Storage and Cloud Computing. Using

one-on-one interviews conducted within a proprietary network composed of the world’s largest buyers

and users of IT, TheInfoPro provides data and insights that are used for strategic planning,

technology benchmarking, competitive analysis, and vendor selection and negotiation.

Reproduction and distribution of this publication, in whole or in part, in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss legal issues related to the information technology business, 451 Research does not provide legal advice or

services and their research should not be construed or used as such. 451 Research shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended

results. The opinions expressed herein are subject to change without notice. TheInfoPro™ and logo are registered trademarks and property of 451 Research, LLC.