TheInfoPro

2012 Information Security Forecasts – Who Will be the Winners & Losers?
Wednesday, December 14, 2011 2:00 PM – 2:45 PM EST

Replay Link: 2012 Information Security Forecasts

Some of the key trends we will be discussing from our Information Security study are:

Information Security spend is strong with many diverse drivers:

• Directionally for 2012, Information Security Professionals are not planning a slowdown. Thirty-seven percent are planning an increase in spend, with 16% planning a decrease.
• Thirty-nine percent are spending more in 2011 vs. 2010, and only 15% are spending less – showing the resiliency of the market in challenging economic times.
• In the one-on-one interviews, decision-makers detailed compliance, mobile devices and preventing data loss as the drivers for spending increases.

Data Leakage Prevention (DLP) and Application-Aware Firewalls are products on
the move:

• Data Leakage Prevention (DLP) resides in the top spot of TheInfoPro’s proprietary Information Security Technology Heat Index™, which gauges immediacy of planned implementation for 40 technologies, as the G2000 look to protect custodial and intellectual property data from leaking out of their environment.
• The traditional antivirus vendors, Symantec (SYMC) and Intel’s (INTC) McAfee, look to benefit with rollouts of both endpoint and network DLP on tap.
• Application-Aware Firewalls make a nice jump in the Heat Index, with Palo Alto and Check Point (CHKP) benefiting from the 28% of in-plan implementations.
• Palo Alto will be a vendor to watch as it is beginning to replace some of the major incumbent providers with its application-visibility-based approach.

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky

Written by Daniel Kennedy, Research Director for Information Security

Far and away, the choice of both large and midsize enterprises for the most exciting vendor this wave in terms of products and services was next generation firewall maker Palo Alto Networks. The application-aware firewall or next generation firewall, a fusion of the capabilities of stateful and application firewalls, is generating a good buzz amongst respondents: “Palo Alto’s probably the most innovative I’ve dealt with, specifically their application discovery or app[lication] identity.”

The second most exciting vendor in aggregate (full sample) is FireEye with its advanced malware detection solutions, buoyed strongly by responses amongst midsize enterprises. Rounding out the list of exciting vendors are industry stalwarts EMC (RSA), Symantec, and Intel (McAfee).

Originally published as a ThursdayTIP to the respondent network of TheInfoPro. Would you like to receive all of the ThursdayTIP reports when they are fist released? Sign up here for TheInfoPro’s respondent network.

The application-aware firewalls also lead the network security pack with a heat score of 62, and a 28% in use figure that could jump 33% based if pilots and near-term plans come to fruition. Of the respondents with application-aware firewalls on their roadmaps, 39% of respondents see their organizations spending more in 2012, with Palo Alto Networks seeing the lion’s share of the benefit. If the company can convert on long-term implementation plans by respondents’ enterprises, it could carve out a healthy niche of a firewall market currently dominated by Cisco and Check Point in our studies.

Anti-botnet solutions have had a warmer reception amongst the midsize enterprises, while 14% have a solution in place, another 14% have an implementation in their plans down the road, with FireEye looking to benefit. Still, the technology appears not ready for prime time, with 73% of midsized enterprises reporting no plans for integrating these products.

What do respondents have to say on the top two exciting vendors?

• “Palo Alto – I like their mobile solutions.”
• “We’ve looked at FireEye and haven’t formed any opinion about whether to move forward.”
• “Palo Alto – next generation, not tied to traditional monitoring, but threat ID allows you to make rules more granular.”
• “We are very impressed with FireEye’s approach. In that space, other vendors will catch up.”
• “[Palo Alto does] a single pass instead of Fortinet’s multiple proxy, which hammers the resources and doesn’t give enough granularity in reporting. It’s a more cohesive design.”
• “FireEye’s virtual machine-based detection system for malware. It anticipates malware and tells you what may likely be malware before you can get signatures out.”

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky

Written by Daniel Kennedy, Research Director for Information Security

On Oct. 4, IBM announced the acquisition of security information and event management (SIEM) provider Q1 Labs for approximately $575 million, according to The 451 Group’s M&A KnowledgeBase. This is at least the third SIEM solution IBM will have established under its umbrella, but potentially also the most expansive solution when it comes to capturing the emerging combination of log management, network monitoring and security monitoring solution space. With this acquisition, IBM plans to create a new Security Systems division led by Q1’s current CEO, Brendan Hannigan.

Originally published as a ThursdayTIP to the respondent network of TheInfoPro. Would you like to receive all of the ThursdayTIP reports when they are fist released? Sign up here for TheInfoPro’s respondent network.

This move follows Hewlett-Packard’s acquisiton of ArcSight nearly a year ago, and precedes further consolidation in the space; NitroSecurity was also announced as being brought into Intel’s McAfee last week. With this shakeup, IBM is poised to occupy the fourth spot in SIEM market share, according to the results of respondent interviews for the Wave 14 Information Security Study. HP’s acquisiton of ArcSight makes it the de facto leader of the space, with 6% of in plan implementations also going its way. EMC’s enVision product (RSA) and Symantec round out the top of the pack.

SIEM enterprise market share, 14th security study.

The most recent information security study shows SIEM installations at a fairly mature 53% in use in enterprise environments, with 6% of respondents seeing new implementations in their short-term plans and 18% having SIEM installations on the radar in their longer-term project planning. Thirty-three percent (33%) of respondents see increased spending in 2012 on SIEM solutions, with 60% projecting a flat spend into next year.

What do respondents think of the product IBM has acquired? The trend in responses bends positive:

• “Q1 Labs’ product is very innovative.”
• “[We’ll look at] enVision, Q1 Labs, Symantec.” (In response to a question about spending plans for 2012 for SIEM solutions.)
• “We are in woeful need of consolidation. We are evaluating whether to continue on with enVision or use something new. We did a POC with Q1 Labs, or [we may] go to SecureWorks as a third party.”
• “Just had this discussion; there are others, like Q1 Labs and EMC enVision.” (In response to a question about switching off another SIEM vendor’s product.)
• “The company [Q1 Labs] is innovative. They remain fresh in terms of feature set. They are a small company, and they are subject to being swallowed up! They need to keep the system ‘capable’ at all times, especially keeping up with the patches.”

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky

Written by Daniel Kennedy, Research Director for Information Security

It has been eight years since a well-known technology research company declared intrusion detection/prevention systems (IDS/IPS), those sentinels at the edge of the network that scream out alerts every time they think they see bad traffic masquerading as allowed flow through the firewall, a market failure. Scoring 10th (IPS) and 16th (IDS) on the Heat Index (a relative measure of user demand) for the Wave 14 Security Study, and sitting at a healthy 70% implemented in enterprise environments, the death of IDS has been greatly exaggerated.

Originally published as a ThursdayTIP to the respondent network of TheInfoPro. Would you like to receive all of the ThursdayTIP reports when they are fist released? Sign up here for TheInfoPro’s respondent network.

Market share, intrusion detection systems.

Intrusion detection systems stand at 70% in use with 15% of respondents reporting implementations in their plans. Intrusion prevention systems are at 60% implemented, with 13% stating that implementations are in their plans. Spending holds steady, with 71% maintaining their spending level and 17% anticipating a greater level of 2011 spending. The sweet spot in pricing and implementation falls under $100,000, with 30% spending between $100,000 and $500,000 on their implementations.

Two of the problems identified nearly a decade ago, cost and throughput, continue to be an issue according to user narratives:

• “IDS/IPS in-line – the price point to have a certain level of performance is very high.”
• “Opex this year as we move from NIPS to NIDS – it’s a bandwidth issue. We’re increasing bandwidth pipes, and IPS is less effective and creates problems. Moving to IDS and go on alerts vs. blocking.”

The original postulate that many of the functions of the IDS would be subsumed into other edge equipment including the firewall also still holds water for some IT managers:

• “I’m not spending anything directly on IPS/IDS – it’s in the firewall.”

And a number of firms have moved to managed services offerings:

• “We have a package deal with IBM for security – vulnerability management, NIDS/NIPS, etc. – and that’s about $3 million a year.”

All that said, the product vertical is still going strong in enterprises, with winners and losers being enumerated as we continue to study the results of the Wave 14 Security Study:

• “Since TippingPoint was acquired by 3Com, then HP, there have been some support issues.”
• “I like the Sourcefire IDS.”
• “I really like Sourcefire! They have an event classification within an IDS product. Compared to their competitors, they use open source rules. TippingPoint or Cisco, you can’t do that. Sourcefire has a great management console as well. I can’t think of any weakness since they fixed the backup issues.”

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky

Written by Daniel Kennedy, Research Director for Information Security

Originally published as a ThursdayTIP to the respondent network of TheInfoPro. Would you like to receive all of the ThursdayTIPs the minute they are released on a complimentary basis? Then join TheInfoPro’s respondent network.

In June, the Federal Financial Institutions Examination Council (FFIEC), an interagency government body that prescribes standards for the examination of financial institutions, released a supplement to the 2005 guidance “Authentication in an Internet Banking Environment.” The guidance reiterates the expectation that high-risk transactions, including access to customer information for the movement of funds between parties, must be protected by a “layered approach to security.” This layered approach may include dual-factor authorization through different access devices, as well as out-of-band verification (for example, a code sent to a smart phone) conducted for each transaction. The guidance spurs a renewed focus on dual-factor authentication. Will the EMC/RSA solution continue to dominate enterprise deployments in the results of the Wave 14 Security Study?

Two-factor, or dual-factor, authentication is a term used to describe when two factors are used to determine that a user or entity is who they claim to be, before providing access to protected resources. There are three categories of authentication factor: what you know, what you are, and what you possess. For example, the most common type of authentication involves passwords – something you know. An RSA SecurID (the most common type of two-factor authentication in our study, as demonstrated by the chart below) is an example of something you have or possess. Biometrics – for example, a fingerprint scanner – authenticate based on something you are.

Top Vendors In Use for Two-Factor Authentication

End users have been historically familar with dual-factor authentication through its common use in remote-access virtual private networks solutions for gaining access to corporate networks from home or on the road. Certain financial sites, notably E-Trade in 2005, began offering RSA SecurID tokens to account holders whose accounts met a certain threshhold of assets. Following the FFIEC’s original guidance, a number of financial institutions began looking at two-factor authentication to protect access to financial applications. The space has undergone steady growth, as the chart demonstrates, moving from 63% to 71% in use, with a steady stream of new respondents noting implementations in plan. The financial sweet spot for implementations rests largely under $500,000.

• Thirty-nine percent (39%) of respondents predict growth in the use of tokens in their environment; 37% see no change in 2011, and 23% predict a decline in token usage. This is a delta of 13 percentage points of growth from the previous study.
• When asked whether they would consider an alternative to tokens, 16% of respondents said not at all, and 31% said they were extremely likely to consider an alternative.
• Twenty-two percent (22%) said they were somewhat likely to adopt an alternative, and another 22% said they were very likely to move in a new direction from tokens.

Gauging the user sentiment behind these responses, two narrative themes emerge: one a short-term reaction to the RSA SecurID breach, the second a general issue with the cost behind the lead solution:

• “Two-factor authentication with appliance provided by SecureOp. We removed RSA tokens that were at end of life. We went to SecureOp instead.”
• “[StrongAuth is a] good, aggressive alternative to the de factor leader, RSA for two-factor.”
• “IdentityGuard may trail RSA, but the solution works just fine for us. They’re cheap compared to RSA, but token-based two-factor is still too expensive.”

Before you count out the current leader, though, consider this common thought, well voiced by one respondent:

“RSA has a great reputation, and everyone knows how to use it. They really dominate the competition just based on brand recognition.”

Possibly Related Posts:

• Unified Communications Solutions
• Heat Index Reveals Hot Infosec Technologies
• The Ascent of 10GigE
• Storage Vendors See Mixed Q4
• High-risk Staff? Executives and IT Are Equally Risky