vulnerability management - how market trends and changing threats will shape the future of the...
TRANSCRIPT
Vulnerability Management: How Market Trends and
Changing Threats will Shape the Future of the Market
Chris Rodriguez
Industry Analyst, Network Security
December 9, 2010
Today’s Presenters
Chris Rodriguez, Industry Analyst, Network
Security
Frost & Sullivan
Jake Wengroff, Global Director, Corporate Communications
Frost & Sullivan
2
Frost & Sullivan
� Why So Much Interest? - Growth and Revenue Projections of the
Vulnerability Management Market
� Market Definitions and Segmentation
� How Did We Get Here? - Evolution of the Vulnerability Management
Market
� Growth by Sub-Market
� Why So Much Interest? - Growth and Revenue Projections of the
Vulnerability Management Market
� Market Definitions and Segmentation
� How Did We Get Here? - Evolution of the Vulnerability Management
Market
� Growth by Sub-Market
Focus Points
3
� Growth by Sub-Market
� Sub-Market Life Cycle Analysis
� Market Trends including Drivers and Restraints
� What’s next? Charting the Course of the Vulnerability Management
Market
� Key Market Participants
� Questions and Answers
� Growth by Sub-Market
� Sub-Market Life Cycle Analysis
� Market Trends including Drivers and Restraints
� What’s next? Charting the Course of the Vulnerability Management
Market
� Key Market Participants
� Questions and Answers
Growth and Revenue Projections of the Vulnerability Management Market
1,200.0
1,400.0
1,600.0
Reven
ues (
$ M
illi
on
)
10.0
12.0
14.0
16.0
Reven
ue G
row
th R
ate
(%
)
Revenues ($ Million) Revenue Growth Rate (%)
Total Vulnerability Management Products Market: Revenue Forecasts (World), 2006-2016
4
200.0
400.0
600.0
800.0
1,000.0
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Reven
ues (
$ M
illi
on
)
0.0
2.0
4.0
6.0
8.0
10.0
Reven
ue G
row
th R
ate
(%
)
Note: All figures are rounded; the base year is 2009. Source: Frost & Sullivan
The vulnerability management market will achieve its highest growth rates in 2011.
Market Definitions and Segmentation
Total Vulnerability Management Products Market: Market Segmentation (World)
Vulnerability ManagementVulnerability Management
5
Source: Frost & Sullivan
Vulnerability AssessmentVulnerability Assessment
Patch Management
Patch Management
Application Security
Application Security
Vulnerability IntelligenceVulnerability Intelligence
Market Definitions and Segmentation
Vulnerability Assessment Sub-Market: Market Definitions (World)
Vulnerability Vulnerability
Vulnerability ManagementVulnerability Management
Patch Patch Application Application Vulnerability Vulnerability
6
Vulnerability AssessmentVulnerability Assessment
Patch Management
Patch Management
Application Security
Application Security
Vulnerability IntelligenceVulnerability Intelligence
• Network-based scans • Uncover and prioritize vulnerable endpoints• Product functionality expanding • Vendors integrating:
• database/application scanning• penetration testing• configuration management
• Network-based scans • Uncover and prioritize vulnerable endpoints• Product functionality expanding • Vendors integrating:
• database/application scanning• penetration testing• configuration management
Source: Frost & Sullivan
Market Definitions and Segmentation
Application Security Sub-Market: Market Definitions (World)
Vulnerability ManagementVulnerability Management
7
Vulnerability AssessmentVulnerability Assessment
Patch Management
Patch Management
Application Security
Application Security
Vulnerability IntelligenceVulnerability Intelligence
• Web application scanning• Security-based static source code analysis• Dynamic testing and/or static testing
• Web application scanning• Security-based static source code analysis• Dynamic testing and/or static testing
Source: Frost & Sullivan
Market Definitions and Segmentation
Patch Management Sub-Market: Market Definitions (World)
Vulnerability ManagementVulnerability Management
8
Vulnerability AssessmentVulnerability Assessment
Patch Management
Patch Management
Application Security
Application Security
Vulnerability IntelligenceVulnerability Intelligence
• Fix systems found to be vulnerable• Acquire and install missing patches and updates• Patching required for IT operations and security
purposes
• Fix systems found to be vulnerable• Acquire and install missing patches and updates• Patching required for IT operations and security
purposes
Source: Frost & Sullivan
Market Definitions and Segmentation
Vulnerability Intelligence Sub-Market: Market Definitions (World)
Vulnerability ManagementVulnerability Management
9
Vulnerability AssessmentVulnerability Assessment
Patch Management
Patch Management
Application Security
Application Security
Vulnerability IntelligenceVulnerability Intelligence
• Regularly updated subscription-based service• Feeds actionable and original vulnerability
reports• *Not yet included as a separate market segment
• Regularly updated subscription-based service• Feeds actionable and original vulnerability
reports• *Not yet included as a separate market segment
Source: Frost & Sullivan
Evolution of the Vulnerability Management Market
New regulations such as FISMA require regular
vulnerability assessments
PCI DSS now demands use
of web application
security solutions
Vulnerability management finds
new points of integration, such
as with UTM
Total Vulnerability Management Products Market: Market Timeline (World), 2000-2010
Commercial penetration testing
software developed
Increased industry focus on
vulnerability intelligence
Increased focus on
securing end-points
10
2000 2002 2004 2006 2008 2010
The success of Internet Security Systems’ Internet Scanner prompts new competition
Configuration management now
integrated with vulnerability
management products
Companies founded to solve
the web application scanning challenge
Source code analysis
recognized as an important security
function
Source: Frost & Sullivan
Growth by Sub-Market
Total Vulnerability Management Products Market: Sub-Market Size by Revenues (World), 2006-2016
The vulnerability management products market was valued at $698.0 million in 2009, and was divided among the following market segments as shown here.
1,200.0
1,400.0
1,600.0
Re
ve
nu
es
($
Millio
n)
Vulnerability Assessment Application Security Patch Management
11
Source: Frost & Sullivan
0.0
200.0
400.0
600.0
800.0
1,000.0
1,200.0
Re
ve
nu
es
($
Millio
n)
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Sub-Market Life Cycle Analysis
Total Vulnerability Management Products Market: Sub-Market Life Cycle Analysis (World), 2009
Patch Management
Mark
et
Valu
e
Application Security
Vulnerability assessment has long been known as the critical first step in the security and risk management process.
Commercial, automated penetration testing is
Vulnerability Assessment
12
Source: Frost & Sullivan
Mid GrowthDevelopment High Growth
Penetration Testing
Late Growth
Time
Customer awareness of the threat posed by insecure applications has improved and this market has strong potential for further growth.
Patching has long been a necessary function for IT management, but has been hindered primarily by free solutions.
penetration testing is gaining legitimacy and has tremendous potential for future growth.
Market Drivers
Evolving Technology
Increases Attack VectorUnmanageable
Number of Vulnerabilities and
Patches
Total Vulnerability Management Products Market: Market Drivers (World), 2009
13
Vendors Gain Traction by
Reducing Capital Expenditures
Increased Customer Awareness of Security
Issues and Threats
New and Existing Regulatory Compliance
Requirements
Integrated and Flexible Product Lines Improve Business Case
Source: Frost & Sullivan
Market Driver: New and Existing Regulatory Compliance Requirements
Payment Card Industry Data Security Standard HIPAA/HITECH
National Institute of Standards and Technology California Security Breach Information Act
14
Gramm-Leach-Bliley Act Federal Information Security Management Act
North American Electric Reliability Corporation European Legislation
Market Driver: Integrated and Flexible Product Lines Improve Business Case
Evolving Technology
Increases Attack VectorUnmanageable
Number of Vulnerabilities and
Patches
Total Vulnerability Management Products Market: Market Drivers (World), 2009
15
Vendors Gain Traction by
Reducing Capital Expenditures
Increased Customer Awareness of Security
Issues and Threats
New and Existing Regulatory Compliance
Requirements
Integrated and Flexible Product Lines Improve Business Case
Source: Frost & Sullivan
Market Driver: Increased Customer Awareness of Security Issues and Threats
StuxnetStuxnet
Timeline of Major Malware Outbreaks (World), 2000-2010
KoobfaceKoobfaceSQL
Slammer/Welchia/ Sobig/Blaster worm
SQL Slammer/Welchia/ Sobig/Blaster worm
ZlobZlobILOVEYOUILOVEYOU
16
2000 2002 2004 2006 2008 2010
ConfickerConfickerMyDoom/ Sasser
MyDoom/ Sasser
Code RedCode Red MocmexMocmex
Market Driver: Unmanageable Number of Vulnerabilities and Patches
Vulnerability Research Market: Number of Reported Vulnerabilities (World), 1995-2008
5,000
6,000
7,000
8,000
9,000
Vulnerabilities Reported
17
Source: Frost & Sullivan
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
0
1,000
2,000
3,000
4,000
Vulnerabilities Reported
Year
Market Driver: Evolving Technology Increases Attack Vector
Evolving Technology
Increases Attack VectorUnmanageable
Number of Vulnerabilities and
Patches
Total Vulnerability Management Products Market: Market Drivers (World), 2009
18
Vendors Gain Traction by
Reducing Capital Expenditures
Increased Customer Awareness of Security
Issues and Threats
New and Existing Regulatory Compliance
Requirements
Integrated and Flexible Product Lines Improve Business Case
Source: Frost & Sullivan
Market Restraints
Security Viewed as a Cost Item
Point Products Provide Best-of-
Breed Functionality
Regulatory Compliance Distracts from Security Goals
Separation of IT Operations and
Security Teams in the Enterprise
Total Vulnerability Management Products Market: Market Restraints (World), 2009
19
Source: Frost & Sullivan
Availability of Free and Open Source
SolutionsFear of Solutions that Introduce Further
Complexity
Expectations for the Vulnerability Management Market
Total Vulnerability Management Products Market: Forecasted Revenues (World), 2010-2016
800.0
1,000.0
1,200.0
1,400.0
Reven
ues (
$ M
illi
on
)
Static application security testing shifts to the QA/development teams. Dynamic testing integrated with vulnerability scanners.
Penetration testing
20
0.0
200.0
400.0
600.0
800.0
2010 2011 2012 2013 2014 2015 2016
Reven
ues (
$ M
illi
on
)
Distinct paths emerge for security and non-security related patch management solutions. Improved functionality in both areas drives growth.
increasingly integrated with vulnerability scanning technologies.
Vulnerability assessment integrates with endpoint security and UTM solutions.
Note: All figures are rounded; the base year is 2009. Source: Frost & Sullivan
Key Market Participants
• The vulnerability management market is led by companies such as Qualys, McAfee, and IBM.
• Vendors such as Secunia, Rapid7, and nCircle have been gaining in market share and help propel the market’s growth.
21
Conclusions
22
33
11
Advances in the Patch Management MarketAdvances in the Patch Management Market
Increased Focus on Web Applications and Penetration TestingIncreased Focus on Web Applications and Penetration Testing
Industry-wide Integration TrendIndustry-wide Integration Trend
22
33
44
Increased Focus on Web Applications and Penetration TestingIncreased Focus on Web Applications and Penetration Testing
Increased Focus on End-point SecurityIncreased Focus on End-point Security
55 Evolving Market with High Growth Potential Evolving Market with High Growth Potential
Questions?
23
Next Steps
� Request a proposal for or Growth Partnership Services or Growth Consulting Services to support you and your team to accelerate the growth of your company. ([email protected]) 1-877-GoFrost (1-877-463-7678)
� Join us at our annual Growth, Innovation, and Leadership 2011: A Frost & Sullivan Global Congress on Corporate Growth (www.gil-global.com)
24
� Register for the next Chairman’s Series on Growth(http://www.frost.com/growth)
� Register for Frost & Sullivan’s Growth Opportunity Newsletter and keepabreast of innovative growth opportunities(www.frost.com/news)
Your Feedback is Important to Us
Growth Forecasts?
Competitive Structure?
What would you like to see from Frost & Sullivan?
25
Emerging Trends?
Strategic Recommendations?
Other?
Please inform us by taking our survey.
Frost & Sullivan’s Growth Consulting can assist with your growth strategies
Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter
http://www.facebook.com/FrostandSullivan
http://www.linkedin.com/companies/4506
26
http://twitter.com/frost_sullivan
http://www.linkedin.com/companies/4506
http://www.slideshare.net/FrostandSullivan
For Additional Information
Jake Wengroff
Corporate Communications
ICT
(210) 247-3806
Craig Hays
Director of Sales
ICT
(210) 247-2460
27
Rob Ayoub
Global Program Director
ICT – Network Security
(210) 247-3808
Chris Rodriguez
Industry Analyst
ICT – Network Security
(210) 477-8423