information security study: wave 17 reference technology ...technologies, including mobile device...

Information Security Study: Wave 17

Reference Technology Roadmap Comparing all 42 technologies tracked in the study, this high-level reference contains the Technology Heat Index, the Adoption Index, leading vendor tables, overall technology roadmap and spending charts. It also indicates what is included in the more detailed reports based on each technology segment covered in the study.

WWW.451RESEARCH.COM NEW YORK · BOSTON · WASHINGTON DC · SAN FRANCISCO · SEATTLE · DENVER · LONDON · SAO PAULO · DUBAI · SINGAPORE

© 2014 451 Research, LLC. www.451research.com

About TheInfoPro’s Information Security Study

TheInfoPro’s Information Security Study takes an in-depth look at key industry trends and tracks the performance of individual vendors. Now in its twelfth year, this study was finalized in September 2014 and is based on 217 interviews.

TheInfoPro’s methodology uses extensive interviews with a proprietary network of IT professionals and key decision-makers at large and midsize enterprises. Each interview explores several fundamental areas, including the implementation and spending plans for technologies, evaluations of vendors observed from business and product perspectives, macro IT influences transforming the sector, and factors affecting decision processes. Results are collated into comprehensive research reports providing business intelligence in the form of technological roadmaps, budget trends and vendor spending plans and performance ratings.

Examples of Vendors Covered in the Study

Aruba Networks Blue Coat Systems Check Point Cisco Dell EMC (RSA) Fortinet

FireEye Guidance Software Hewlett-Packard Intel (McAfee) Juniper Networks Microsoft

Palo Alto Networks Qualys Rapid7 Sophos Symantec Websense

About the Author This report was written by Daniel Kennedy, Research Director for Enterprise Networking and Information Security. Daniel Kennedy is an experienced information security professional. Prior to joining 451 Research, he was a partner in the information security consultancy Praetorian Security LLC, where he directed strategy on risk assessment and security certification. Before that, he was Global Head of Information Security for D.B. Zwirn & Co., as well as Vice President of Application Security and Development Manager at Pershing LLC, a division of the Bank of New York. Kennedy has written for both Forbes online and Ziff Davis, has provided commentary to numerous news outlets, including The New York Times and The Wall Street Journal, and his personal blog, Praetorian Prefect, which was recognized as one of the top five technical blogs in information security by the RSA 2010 Conference. Kennedy holds a master of science degree in information systems from Stevens Institute of Technology, a master of science in information assurance from Norwich University, and a bachelor of science in information management and technology from Syracuse University. He is certified as a CEH (Certified Ethical Hacker) from the EC-Council, is a CISSP, and has a NASD Series 7 license.


Guide to Information Security Study Reports A wave of research produces a series of reports that are published approximately in this order:

Source: Information Security – Wave 17 |

2015 INFORMATION SECURITY OUTLOOK Information security professionals describe how 2015 looks for budgets, projects and pain points with time series charts to give perspective to the coming year.

INFORMATION SECURITY METRICS Benchmarking organization efficiency, this report contains metrics about staffing, organization structure, the existence of written policies, compliance and internal security.

REFERENCE TECHNOLOGY ROADMAP Allowing comparison of all 42 technologies tracked in the study, this high-level reference contains the Technology Heat Index, the Adoption Index, leading vendor tables, overall technology roadmap and spending charts. It also indicates what is included in the more detailed reports based on each technology segment covered in the study.

APPLICATION SECURITY TECHNOLOGY ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers these four technologies: Web application firewalls, Web application scanning, code/binary analysis and database security.

INFRASTRUCTURE SECURITY TECHNOLOGY ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 14 technologies, including endpoint and network data-loss prevention (DLP), encryption and tokenization.

NETWORK SECURITY TECHNOLOGY ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 11 technologies, including firewalls, NIPS, NAC, UTM, anti-spam and anti-DDoS.

SECURITY MANAGEMENT TECHNOLOGY ROADMAP

Capturing IT professionals’ adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 13 technologies, including mobile device management, SIEM, IT GRC, identity federation, threat intelligence and computer forensics.

VENDOR VULNERABILITY AND SPENDING This report allows you to compare IT professionals’ spending intentions and loyalty ratings for more than 12 vendors.

VENDOR MARKET WINDOWS AND RATINGS

TheInfoPro’s unique Market Window uses IT professionals’ ratings of vendors on 14 separate criteria to calculate scores for Vendor Promise and Vendor Fulfillment, allowing comparison of vendors’ effectiveness at strategy, marketing, delivery and execution.

CUSTOMER ASSESSMENTS FOR INDIVIDUAL VENDORS

Summarizing IT professionals’ assessments for vendors, this report profiles individual vendors based on spending, vulnerability and ratings on 14 categories. Time series are included.

NARRATIVES Compiling open-ended commentary from in-depth interviews with IT professionals, you hear the direct ‘voice of the customer’ discussing technology, the industry and the future of this sector.

MARKET DYNAMICS Designed for IT professionals, this report captures highlights from the complete study, and provides business intelligence in the form of technological roadmaps, budget trends, voice-of-the-customer narratives and vendor spending plans and performance ratings.


Table of Contents


About TheInfoPro’s Information Security Study 2

Principal Findings 5

Implementation Plans 6

Technology Heat Index and Leading Vendors 9

Appendixes

Demographics, Methodology, Sample Variation 17

How to Interpret the Data 19


Principal Findings

• Firewall-management-related initiatives topped the project list for security managers in 2014, and thus it is little surprise that the network firewalls also captured the greatest percentage of those increasing spending in 2014 compared to 2013. Application-aware or next-generation firewalls also captured increased spending for 29% of security managers.

• Intrusion management and event log management rounded out the top three projects in terms of percentage of security managers increasing spending between 2013 and now.

• Looking forward to 2015, network firewalls again are at the top of the technology list when it comes to the percentage of security managers increasing spending, 31%. It is tied with mobile device management (MDM), where 31% of security managers also report plans for increased spending.

• Application-aware or next-generation firewalls round out the top three technologies capturing increased spending in 2015. It is similarly atop the 2014 proprietary Technology Heat Index, a measure of the immediacy of user needs around all tracked security technologies. Palo Alto Networks is the lead in-plan vendor.

• Network access control (NAC) is number two on the same Heat Index, buoyed by the increase in mobility, guest networks, and non-corporate devices connecting to the company network. Cisco is the lead in-plan vendor for NAC.

• Endpoint data-loss prevention (DLP) rounds out the top three on the Heat Index. Symantec was the lead in-plan vendor in 2013, but gave way to Websense in 2014.

• Similarly, the lead in-plan vendor for mobile device management (MDM) in 2013, MobileIron, gave way to VMware in 2014, fresh off its acquisition of AirWatch.



Information Security Technology Roadmap

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Tools for Security Public CloudInformation/Digital Rights Mgmt

TokenizationTools for Securing Virtualization Infra

Code or Binary AnalysisUnified Threat Management

Network Data-loss Prevention SolutionsFile Integrity MonitoringNetwork Access Control

Endpoint Data-loss Prevention SolutionsIT GRC

Database SecurityWeb Application Firewall

Managed Security Service ProviderThreat Intelligence

Advanced Anti-malware ResponseAnti-DDoS

Application-aware/Next-gen FirewallSecure Instant Messaging

HIDS/HIPSComputer Forensics

Web Application ScanningSSO, Identity as a Service, Identity Fed

Security Information Event ManagementCertificate/Key Management

IT Sec Training/Edu/AwarenessMobile Device Management

Email and Messaging ArchivingAuthorization and Access Control

Secure File TransferEvent Log Management System

Multifactor AuthenticationEncryption

Penetration TestingWeb Content Filtering

Vulnerability/Risk Assessment/ScanningSSL VPNs

NIDS/NIPSPatch Management

Anti-spam/Email SecurityNetwork Firewalls

Antivirus/Endpoint Security

In Use Now In Pilot/Evaluation (Budget Has Already Been Allocated)Near-term Plan (In Next 6 Months) Long-term Plan (6-18 Months)Past Long-term Plan (Later Than 18 Months Out) Not in PlanDon't Know

Q. What is your status of implementation for this technology? n=212 to 214. Source: Information Security – Wave 17 |


2014 vs. 2013 Spending Change for Information Security Technologies

3% 1%

2% 1%

3% 1%

1% 3%

2% 7%

1% 1%

1% 3%

1% 3%

3% 1%

1% 1%

3% 7%

1% 2%

2% 7%

2% 2%

1% 2%

1% 4%

2% 2%

4% 2%

5% 7%

17% 10%

41% 27%

18% 29%

43% 25%

22% 47%

28% 72%

41% 70%

31% 28%

32% 77%

17% 54%

66% 26%

52% 24%

29% 64%

54% 28%

63% 53%

56% 44%

26% 48% 45%

54% 41%

44% 30%

46% 52%

50%

4% 5%

6% 6% 7% 7%

8% 8%

10% 11% 11% 12% 12% 13% 13% 13% 13% 13% 13% 13% 13% 14% 14% 14% 14% 15%

16% 16%

19% 19% 19%

20% 21% 21%

22% 25%

28% 29% 29% 30%

33% 37%

Information/Digital Rights MgmtTools for Security Public Cloud

Secure Instant MessagingFile Integrity Monitoring

TokenizationDatabase Security

HIDS/HIPSTools for Securing Virtualization Infra

Unified Threat ManagementWeb Application Scanning

Threat IntelligencePatch ManagementComputer Forensics

Anti-spam/Email SecurityWeb Application Firewall

Anti-DDoSEndpoint Data-loss Prevention Solutions

Antivirus/Endpoint SecurityCode or Binary Analysis

Email and Messaging ArchivingPenetration Testing

Network Data-loss Prevention SolutionsCertificate/Key Management

IT GRCManaged Security Service Provider

SSL VPNsSecure File Transfer

Advanced Anti-malware ResponseVulnerability/Risk Assessment/Scanning

Multifactor AuthenticationEncryption

IT Sec Training/Edu/AwarenessNetwork Access Control

Authorization and Access ControlSSO, Identity as a Service, Identity Fed

Web Content FilteringSecurity Information Event Management

Mobile Device ManagementApplication-aware/Next-gen Firewall

Event Log Management SystemNIDS/NIPS

Network Firewalls

Less Spending About the Same More Spending

Q. How will your spending on this technology change in 2014 as compared to 2013? n=209 to 214. Data from respondents not using the technology or that don't know about spending are hidden. Source: Information Security – Wave 17 |


2015 vs. 2014 Spending Change for Information Security Technologies

1% 2%

2% 2%

3% 6%

1% 8%

5% 2%

1% 4%

1% 4%

3% 2%

1% 1%

3% 2%

6% 2%

3% 4%

1% 1%

1% 1%

3% 8%

3%

5% 10%

4% 8%

3% 12%

43% 25%

14% 18%

42% 28%

74% 73%

4% 25%

66% 54%

45% 18%

77% 28%

19% 24%

31% 52%

41% 19%

53% 64%

60% 26%

64% 25%

20% 58%

47% 25%

48% 48%

23% 44%

47% 53%

40% 28%

41% 48%

4% 6% 6% 7% 7%

9% 9% 9%

10% 11% 11% 11% 11% 11% 11% 12% 12% 12% 12% 12% 13% 13% 14% 15% 15% 15% 15% 16%

17% 18% 18%

20% 21% 22%

23% 24%

25% 27% 27% 27%

31% 31%

Secure Instant MessagingFile Integrity Monitoring

Information/Digital Rights MgmtTokenization

HIDS/HIPSThreat Intelligence

Patch ManagementAnti-spam/Email Security

Tools for Security Public CloudDatabase Security

SSL VPNsEmail and Messaging Archiving

Web Application ScanningCode or Binary Analysis

Antivirus/Endpoint SecurityAnti-DDoS

Unified Threat ManagementIT GRC

Advanced Anti-malware ResponseCertificate/Key Management

Computer ForensicsTools for Securing Virtualization Infra

Secure File TransferPenetration Testing

Web Content FilteringWeb Application Firewall

Vulnerability/Risk Assessment/ScanningManaged Security Service Provider

Network Data-loss Prevention SolutionsEncryption

IT Sec Training/Edu/AwarenessEndpoint Data-loss Prevention Solutions

Authorization and Access ControlMultifactor Authentication

Network Access ControlSSO, Identity as a Service, Identity Fed

Event Log Management SystemNIDS/NIPS

Security Information Event ManagementApplication-aware/Next-gen Firewall

Mobile Device ManagementNetwork Firewalls

Less Spending About the Same More Spending

Q. How will your spending on this technology change in 2015 as compared to 2014? n=209 to 214. Data from respondents not using the technology or that don't know about spending are hidden. Source: Information Security – Wave 17 |


Information Security Technologies: Heat Index® vs. Adoption Index

n=212 to 215. Source: Information Security – Wave 17 |

Heat Rank Technology Heat

Score Adoption

Score Heat Rank Technology Heat

Score Adoption

Score

1 Application–aware/Next–generation Firewall 100 40 21 IT Security Training/Education/Awareness 30 64

2 Network Access Control 99 26 21 Code or Binary Analysis 30 20

3 Endpoint Data–loss Prevention Solutions 86 26 24 Web Application Scanning 27 48

4 Mobile Device Management 80 69 24 Network Intrusion Detection and/or Prevention 27 92

5 Network Data–loss Prevention Solutions 78 22 26 Database Security 25 25

6 Multifactor Authentication 70 67 26 Tools for Security Public Cloud 25 0

7 Web Application Firewall 64 25 28 Information or Digital Rights Management 22 6

8 Security Information Event Management 63 64 29 Web Content Filtering 20 79

9 Single Sign–on, Identity as a Service and/or Identity Federation 62 60 29 Vulnerability/Risk Assessment/Scanning 20 82

10 Event Log Management System 61 74 31 File Integrity Monitoring 19 19

11 Advanced Anti–malware Response 57 30 32 Host Intrusion Detection and/or Prevention 18 39

12 Managed Security Service Provider 56 26 32 Computer Forensics 18 48

13 Authorization and Access Control 44 69 34 Network Firewalls 16 100

14 Tools for Securing Virtualization Infrastructure 43 14 35 Patch Management 14 86

15 Secure File Transfer 40 60 35 Penetration Testing 14 81

16 Threat Intelligence 38 29 37 Tokenization 12 10

17 IT GRC 35 25 38 Encryption 11 79

18 Anti–DDoS 32 27 39 SSL VPNs 9 84

19 Certificate/Key Management 31 58 39 Secure Instant Messaging 9 36

19 Email and Messaging Archiving 31 60 41 Anti–spam/Email Security 4 89

21 Unified Threat Management 30 19 42 Antivirus/Endpoint Security 0 97

Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. Technology Adoption Index: measures aggregate investment in a technology based on several factors including: usage or planned usage, changes in planned spending, and an organization’s budget for the relevant IT sector. A high score means the technology is already experiencing healthy adoption.


Information Security Technologies: Heat Index® Ranking and Leading Vendors (1 of 2)


Heat Rank

Heat Score Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use

1 100 Application–aware/Next–generation Firewall Palo Alto Ntwks! Check Point Palo Alto Ntwks! Check Point

2 99 Network Access Control Cisco! ForeScout Cisco! Juniper

3 86 Endpoint Data–loss Prevention Solutions Websense Symantec Symantec Intel

4 80 Mobile Device Management VMware! Microsoft VMware MobileIron

5 78 Network Data–loss Prevention Solutions Websense Symantec Symantec! EMC

6 70 Multifactor Authentication EMC! Duo Security EMC! Microsoft

7 64 Web Application Firewall Palo Alto Ntwks F5 Ntwks F5 Ntwks Imperva

8 63 Security Information Event Management Splunk LogRhythm HP IBM

9 62 Single Sign–on, Identity as a Service and/or Identity Federation Okta Oracle Microsoft! Oracle

10 61 Event Log Management System Splunk! Open Source Splunk HP

11 57 Advanced Anti–malware Response FireEye! Bit9 FireEye Intel

12 56 Managed Security Service Provider Verizon HP; IBM Dell Symantec

13 44 Authorization and Access Control EMC Cisco; SailPoint Microsoft! Oracle

14 43 Tools for Securing Virtualization Infrastructure VMware Symantec VMware! Intel

15 40 Secure File Transfer IBM; WatchDox Box; Citrix; Microsoft IBM Accellion; Homegrown; Ipswitch

16 38 Threat Intelligence FireEye! HP; IBM; iSIGHT; NTT; Palo Alto Ntwks; Symantec

Symantec Dell

17 35 IT GRC EMC LockPath EMC! Homegrown

18 32 Anti–DDoS Akamai Prolexic Akamai AT&T; Prolexic

19 31 Certificate/Key Management Microsoft! Venafi Microsoft! Symantec; Verisign, Inc.

19 31 Email and Messaging Archiving Microsoft Symantec Microsoft Symantec

21 30 Unified Threat Management Cisco Palo Alto Ntwks Palo Alto Ntwks Intel

Technology Heat Index®: measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. A ‘!’ vendor has at least twice the number of selections as the closest competitor. A “!” vendor has at least twice the number of responses as the closest competitor.


Information Security Technologies: Heat Index® Ranking and Leading Vendors (2 of 2)


Heat Rank

Heat Score Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use

21 30 IT Security Training/Education/Awareness Cisco; FishNet; PhishMe;

SANS Inst; Security Awareness; TSTC

Homegrown Homegrown! SANS Inst

21 30 Code or Binary Analysis Veracode HP HP Veracode

24 27 Web Application Scanning WhiteHat Sec! Open Source; Qualys; Rapid7 Qualys HP

24 27 Network Intrusion Detection and/or Prevention Palo Alto Ntwks Cisco Cisco! Palo Alto Ntwks

26 25 Database Security Imperva! Intel Oracle Imperva

26 25 Tools for Security Public Cloud CipherCloud! Okta Microsoft CloudLock; Homegrown; Skyhigh Ntwks

28 22 Information or Digital Rights Management Microsoft! Adobe; EMC; GigaTrust Microsoft! Adobe

29 20 Web Content Filtering Palo Alto Ntwks! Cisco; F5 Ntwks; Intel; Websense

Websense Blue Coat

29 20 Vulnerability/Risk Assessment/Scanning Qualys Rapid7 Qualys! Rapid7

31 19 File Integrity Monitoring Tripwire! Intel; Symantec Tripwire! Microsoft

32 18 Host Intrusion Detection and/or Prevention Intel! Open Source; Symantec Intel!; Symantec Tripwire

32 18 Computer Forensics Guidance Sftw! Bit9; FireEye Guidance Sftw! AccessData

34 16 Network Firewalls Palo Alto Ntwks! – Cisco Check Point

35 14 Patch Management Secunia; TCS Microsoft Microsoft! IBM

35 14 Penetration Testing Dell! Homegrown Homegrown; PWC; Rapid7 Deloitte; Protiviti

37 12 Tokenization Symantec VeriFone Homegrown! CyberSource; Liaison Tech; Paymetric; Protegrity

38 11 Encryption Microsoft! EMC Microsoft Symantec

39 9 SSL VPNs Cisco! Sophos Cisco Juniper

39 9 Secure Instant Messaging Microsoft! Avaya Microsoft! IBM

41 4 Anti–spam/Email Security Symantec! – Microsoft Cisco

42 0 Antivirus/Endpoint Security – – Symantec Intel



Information Security Technologies: Heat Index® Ranking and Leading In-use Vendors – Time Series (1 of 2)

2H '13, n=198 to 205; 2H '14, n=212 to 215. Source: Information Security – Wave 17 |

Heat Rank Technology 2H '13

Lead In-use Vendor 2H '14


2nd In-use Vendor 2H '14

2nd In-use Vendor

1 Application–aware/Next–generation Firewall Palo Alto Ntwks Palo Alto Ntwks! Imperva Check Point

2 Network Access Control Cisco! Cisco! ForeScout Juniper

3 Endpoint Data–loss Prevention Solutions Symantec! Symantec McAfee Intel

4 Mobile Device Management Good Tech VMware MobileIron MobileIron

5 Network Data–loss Prevention Solutions Symantec! Symantec! EMC; Websense EMC

6 Multifactor Authentication EMC! EMC! Microsoft Microsoft

7 Web Application Firewall F5 Ntwks F5 Ntwks Imperva Imperva

8 Security Information Event Management HP HP IBM IBM

9 Single Sign–on, Identity as a Service and/or Identity Federation Microsoft Microsoft! Oracle Oracle

10 Event Log Management System Splunk Splunk HP HP

11 Advanced Anti–malware Response FireEye FireEye Symantec Intel

12 Managed Security Service Provider Symantec Dell Dell Symantec

13 Authorization and Access Control – Microsoft! – Oracle

14 Tools for Securing Virtualization Infrastructure VMware! VMware! Microsoft Intel

15 Secure File Transfer Homegrown IBM IBM Accellion; Homegrown; Ipswitch

16 Threat Intelligence Symantec Symantec IBM Dell

17 IT GRC EMC! EMC! Homegrown Homegrown

18 Anti–DDoS – Akamai – AT&T; Prolexic

19 Certificate/Key Management Microsoft! Microsoft! Symantec Symantec; Verisign, Inc.

19 Email and Messaging Archiving Symantec Microsoft Microsoft Symantec

21 Unified Threat Management Fortinet; Palo Alto Ntwks Palo Alto Ntwks Check Point Intel



Information Security Technologies: Heat Index® Ranking and Leading In-use Vendors – Time Series (2 of 2)





2nd In-use Vendor 2H '14

2nd In-use Vendor

21 IT Security Training/Education/Awareness Homegrown! Homegrown! SANS Inst SANS Inst

21 Code or Binary Analysis IBM HP HP Veracode

24 Web Application Scanning – Qualys – HP

24 Network Intrusion Detection and/or Prevention Cisco! Cisco! HP; McAfee Palo Alto Ntwks

26 Database Security Oracle Oracle Imperva Imperva

26 Tools for Security Public Cloud AWS Microsoft Homegrown; Oracle; CloudLock; Homegrown; Skyhigh Ntwks

28 Information or Digital Rights Management Microsoft! Microsoft! EMC Adobe

29 Web Content Filtering Websense Websense Blue Coat Blue Coat

29 Vulnerability/Risk Assessment/Scanning Qualys! Qualys! Open Source Rapid7

31 File Integrity Monitoring Tripwire! Tripwire! Open Source; Symantec Microsoft

32 Host Intrusion Detection and/or Prevention McAfee!; Symantec Intel!; Symantec IBM Tripwire

32 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData AccessData

34 Network Firewalls Cisco Cisco Check Point Check Point

35 Patch Management Microsoft! Microsoft! Symantec IBM

35 Penetration Testing Homegrown Homegrown; PWC; Rapid7 Trustwave Deloitte; Protiviti

37 Tokenization EMC; Homegrown; SafeNet Homegrown! CyberSource; Microsoft; Oracle; Paymetric

CyberSource; Liaison Tech; Paymetric; Protegrity

38 Encryption – Microsoft – Symantec

39 SSL VPNs Cisco Cisco Juniper Juniper

39 Secure Instant Messaging Microsoft! Microsoft! IBM IBM

41 Anti–spam/Email Security Cisco Microsoft Symantec Cisco

42 Antivirus/Endpoint Security Symantec Symantec McAfee Intel



Information Security Technologies: Heat Index® Ranking and Leading In-plan Vendors – Time Series (1 of 2)



Lead In-plan Vendor 2H '14


2nd In-plan Vendor 2H '14

2nd In-plan Vendor

1 Application–aware/Next–generation Firewall Palo Alto Ntwks Palo Alto Ntwks! Check Point Check Point

2 Network Access Control Cisco! Cisco! Aruba Ntwks ForeScout

3 Endpoint Data–loss Prevention Solutions Symantec! Websense McAfee Symantec

4 Mobile Device Management MobileIron! VMware! Good Tech Microsoft

5 Network Data–loss Prevention Solutions Symantec Websense McAfee Symantec

6 Multifactor Authentication EMC; Symantec EMC! – Duo Security

7 Web Application Firewall F5 Ntwks! Palo Alto Ntwks Check Point F5 Ntwks

8 Security Information Event Management LogRhythm Splunk IBM LogRhythm

9 Single Sign–on, Identity as a Service and/or Identity Federation Microsoft; Okta Okta Ping Identity Oracle

10 Event Log Management System LogRhythm! Splunk! McAfee Open Source

11 Advanced Anti–malware Response FireEye! FireEye! Check Point; Palo Alto Ntwks Bit9

12 Managed Security Service Provider Dell Verizon AT&T HP; IBM

13 Authorization and Access Control – EMC – Cisco; SailPoint

14 Tools for Securing Virtualization Infrastructure VMware VMware Check Point Symantec

15 Secure File Transfer Box! IBM; WatchDox Accellion; AppSense; Google Box; Citrix; Microsoft

16 Threat Intelligence CrowdStrike FireEye! Symantec HP; IBM; iSIGHT; NTT; Palo Alto Ntwks; Symantec

17 IT GRC EMC! EMC IBM LockPath

18 Anti–DDoS – Akamai – Prolexic

19 Certificate/Key Management Microsoft Microsoft! Venafi Venafi

19 Email and Messaging Archiving Google! Microsoft HP Symantec

21 Unified Threat Management Fortinet Cisco Check Point; Palo Alto Ntwks Palo Alto Ntwks



Information Security Technologies: Heat Index® Ranking and Leading In-plan Vendors – Time Series (2 of 2)





2nd In-plan Vendor 2H '14

2nd In-plan Vendor

21 IT Security Training/Education/Awareness SANS Inst! Cisco; FishNet; PhishMe;

SANS Inst; Security Awareness; TSTC

Wombat Homegrown

21 Code or Binary Analysis Veracode Veracode WhiteHat Sec HP

24 Web Application Scanning – WhiteHat Sec! – Open Source; Qualys; Rapid7

24 Network Intrusion Detection and/or Prevention Palo Alto Ntwks Palo Alto Ntwks Check Point Cisco

26 Database Security Imperva Imperva! IBM Intel

26 Tools for Security Public Cloud CipherCloud! CipherCloud! Ping Identity Okta

28 Information or Digital Rights Management Microsoft! Microsoft! WatchDox Adobe; EMC; GigaTrust

29 Web Content Filtering Websense! Palo Alto Ntwks! Blue Coat Cisco; F5 Ntwks; Intel; Websense

29 Vulnerability/Risk Assessment/Scanning McAfee; Tenable Qualys Core Security Rapid7

31 File Integrity Monitoring Tripwire Tripwire! Symantec Intel; Symantec

32 Host Intrusion Detection and/or Prevention McAfee! Intel! Trend Micro Open Source; Symantec

32 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData; Symantec Bit9; FireEye

34 Network Firewalls – Palo Alto Ntwks! – –

35 Patch Management Microsoft! Secunia; TCS – Microsoft

35 Penetration Testing – Dell! – Homegrown

37 Tokenization Agilysys Symantec Protegrity; SafeNet VeriFone

38 Encryption – Microsoft! – EMC

39 SSL VPNs Juniper! Cisco! Cisco; Citrix Sophos

39 Secure Instant Messaging Microsoft Microsoft! Google Avaya

41 Anti–spam/Email Security – Symantec! – –

42 Antivirus/Endpoint Security Trend Micro – – –


Appendixes


100-999 8%

1,000-4,999 29%

5,000-10,000 15%

> 10,000 48%

< $500K 20%

$500K-$999K 11%

$1M-$3.99M 31%

$4M-$6.99M 9%

$7M-$9.99M 12%

$10M-$19.99M 6%

$20M-$29.99M 3%

> $30M 8%

< $499.99M 19%

$500M-$999.99M 8%

$1B-$4.99B 33%

$5B-$9.99B 13%

$10B-$19.99B 13%

$20B-$29.99B 3%

$30B-$40B 2%

> $40B 9%

Financial Services 25%

Consumer Goods/Retail

12%

Healthcare/ Pharmaceuticals

10% Education

8%

Telecom/Technology 8%

Services: Business/Accounting/

Engineering 7%

Materials/Chemicals 6%

Industrial/ Manufacturing

5%

Energy/Utilities 4%

Transportation 3%

Public Sector 3%

Other 9%

Demographics

Top Left Chart, n=215; Top Right Chart, n=215; Bottom Left Chart, n=215; Bottom Right Chart, n=145.

Employee Size

Industry Verticals Enterprise Revenue

Information Security Budget Level



Methodology and Sample Variation METHODOLOGY

The Information Security Study relies on a proprietary network of IT professionals and is based on in-depth interviews with 217 security professionals conducted from February 2014 through July 2014. TheInfoPro’s interviewers are current and former IT managers and executives. They ask open-ended questions that enable TheInfoPro to gain an excellent understanding of the issues and decision-making process related to strategic planning, technology benchmarking, and vendor selection and negotiation.

The Commentator Network has a variety of industry types and levels of technology adoption. TheInfoPro screens potential commentators to ensure that they can discuss in detail their enterprises’ technology roadmap and relationships with pertinent vendors. To participate, a commentator had to work for a large or midsize enterprise. For the purposes of this study, large enterprises have more than $1bn of revenue and midsize enterprises have annual revenue of $100m to $999m.

SAMPLE SIZE VARIATION

Because the interviews are designed to be flexible to the needs and knowledge of the commentator, not every interviewee is asked every question. As a result, many charts have a sample size varying from the total number of interviews.

RECENT CHANGES TO THE STUDY

Many respondents have detailed knowledge of all technology areas, but some do not. Beginning this year we are reporting percentages based upon the full survey sample of respondents, and showing the percentage of respondents who indicated that they did not have detailed status knowledge for certain technologies.

TheInfoPro’s Technology Heat Index® and Adoption Index have been updated. The indexes were re-engineered to provide a stronger picture of user demand and investment in technologies. The calculations now account for planned changes in a technology’s spending and the relevant sector’s budgets.



How to Interpret the Data DATA IN STANDARD BAR AND COLUMN CHARTS

Bar and column charts represent the percentage of commentators that gave a particular response. When relevant, “Don’t Know” responses are included on charts. If a stacked bar or column chart does not equal 100%, it is because “Don’t Know” or “Not Using” responses are hidden. For questions with multiple responses per interview, the totals for some charts may exceed 100%.

TECHNOLOGY ROADMAP AND INDEXES The Technology Roadmaps highlight the percentage of respondents with a technology ‘in use,’ the percentage that are likely to use the technology for the first time in the next two years, and those who have no plans. The size of the gap between 'in use' and 'not in plan' status indicates the potential opportunity for a technology in the next two years. For each roadmap technology, respondents are asked about their implementation status and plans, the vendors in use or consideration, and expectations for spending changes. This data is combined with spending and budget data to calculate the Heat and Adoption index values for each technology. The Technology Heat Index® measures user demand for a technology based on several factors, including usage or planned usage, changes in planned spending, an organization’s budget for the relevant IT sector, and future changes in the organization’s budget. A high score means a technology is expected to see significant growth. The Technology Adoption Index measures aggregate investment in a technology based on several factors, including usage or planned usage, changes in planned spending, and an organization’s budget for the relevant IT sector. A high score means the technology is already experiencing healthy adoption. Technologies with a high Heat Index score and a low Adoption Index score have the largest near-term market opportunity for vendors. Technologies with a high Heat Index score and a high Adoption Index score are experiencing near-term growth but have limited opportunities for new market entrants. A low Heat Index paired with a low Adoption Index indicates a technology with limited near-term growth potential.

CUSTOMER RATINGS Respondents rated vendors on 14 criteria using a 1-5 scale, with ‘1’ being poor and ‘5’ being excellent. The Market Window is TheInfoPro's unique methodology to visualize comparative vendor ratings on a single chart. It plots the Promise and Fulfillment Indexes to compare vendors’ effectiveness at marketing and execution. A vendor placing in the upper right quadrant is rated highly for both its promise and ability to execute – underpromising and overdelivering – relative to its peers. Conversely, a vendor in the lower left quadrant rates poorly on the same criteria. The Vendor Promise Index is designed as a measure of marketing effectiveness. It uses four of the 14 customer ratings criteria (competitive positioning, technical innovation, management’s strategic vision and brand/reputation), which are related to global concepts conveyed to potential customers prior to actual product/service delivery and use. The Vendor Fulfillment Index is designed as a measure of execution effectiveness. It uses four of the 14 customer ratings criteria (value for the money, product quality, delivery as promised and technical support quality), which are related to the physical product/service delivery and customer experience of using the product or service.



Each individual report summarizes interesting portions of TheInfoPro’s Wave 17 Information Security Study and does not comprehensively review the hundreds of pages of research that form the full study. For access to TheInfoPro’s reports and services, please contact [email protected]. Methodology questions may be addressed to [email protected].

451 Research is a preeminent information technology research and advisory company. With a core focus on technology innovation and market disruption, we provide essential insight for leaders of the digital economy. More than 100 analysts and consultants deliver that insight via syndicated research, advisory services and live events to over 1,000 client organizations in North America, Europe and around the world. Founded in 2000 and headquartered in New York, 451 Research is a division of The 451 Group.

TheInfoPro, a service of 451 Research, is widely regarded as ‘The Voice of the Customer,’ providing independent, ‘real world’ intelligence on key IT sectors including Servers and Virtualization, Information Security, Networking, Storage and Cloud Computing. Using one-on-one interviews conducted within a proprietary network composed of the world’s largest buyers and users of IT, TheInfoPro provides data and insights that are used for strategic planning, technology benchmarking, competitive analysis, and vendor selection and negotiation.

Reproduction and distribution of this publication, in whole or in part, in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss legal issues related to the information technology business, 451 Research does not provide legal advice or

services and their research should not be construed or used as such. 451 Research shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended

results. The opinions expressed herein are subject to change without notice.

TheInfoPro™ and logo are registered trademarks and property of 451 Research, LLC. © 2014 451 Research, LLC and/or its Affiliates. All Rights Reserved.

WWW.451RESEARCH.COM 20 West 37th Street, 3rd Floor, New York, NY 10018 P 212.672.0010 F 212.688.6598

information security study: wave 17 reference technology ...technologies, including mobile device...

Documents