tierfilemarkets.com
filemarkets.com 时间:2021-03-21 阅读:()
October2015,IDC#259667MarketShareWorldwideSpecializedThreatAnalysisandProtectionMarketShares,2014:RapidlyEvolvingSecurityDefensesRobertWesterveltPeteLindstromRobAyoubElizabethCorrIDCMARKETSHAREFIGUREFIGURE1WorldwideSpecializedThreatAnalysisandProtection2014ShareSnapshotNote:2014Share(%),Growth(%),andRevenue($M)Source:IDC,20152015IDC#2596672EXECUTIVESUMMARYThespecializedthreatanalysisandprotection(STAP)marketcontinuedtogaintractionin2014withwidespreadadoptionofSaaSandon-premisessandboxesandarenewedfocusonemergingendpointsecuritytechnologies.
Organizationsarealsoincreasinglyevaluatingnetworkinspectionsolutionsdesignedtodetectattackermovementtosensitiveresources.
SignificantSTAPtrendsare:Vendorsconvertingproofofconcepts(POCs).
SecurityvendorsconvertedasignificantnumberofSTAPproofofconceptsin2014.
IDCestimatesthatthemarketin2014hadrevenueof$930million.
Itisforecasttogrowtoover$3billionby2019,withatotalmarketCAGRof27.
6%.
Identifyingattackermovement.
High-profileattacks,databreaches,andcriticalvulnerabilitiesin2013and2014droveinterestinNetFlowandotherproductsdesignedtodetectlateralmovementwithinacorporatenetwork.
FireEye,Lancope,IBM,andBit9-CarbonBlackwerethetop4securityvendorssellingSTAPsolutionsin2014.
Callingforincidentresponse(IR)support.
EarlyadoptersofSTAPsolutionssoughtincidentresponseexpertise,increasingdemandfordigitalforensicsspecialists,databreachsupport,andotherprofessionalservices.
Vendorsrespondedbyaddingorbolsteringtheirservicesofferingsin2014.
IDCbelievesthatemergingendpointsolutionsdesignedtodetectadvancedthreatswillgainmomentum.
Vendorsarecombiningmonitoringwithbehavioralanalyticswithothernon-signature-baseddetectioncapabilitiestoidentifyzerodays.
ThereissomeevidencethatendcustomersarebeginningtoshedstandardantivirusinfavorofsomeendpointSTAPsolutions.
TheSTAPmarketwillcontinuetoevolvewithestablishedsecurityvendorsaddingSTAPfeaturestotheirportfolioorganicallyoracquiringemergingSTAPsolutions.
In2014,PaloAltoNetworksacquiredIsraelistart-upCyveraforanestimated$200millionand,laterintheyear,introducedTraps,aSTAPendpointproductthatintegrateswithitsWildFirefilesandboxingservice.
CiscoSystemsacquiredThreatGRID,addingsuspiciousfileanalysissandboxingcapabilitiestoitsportfolio.
FireEyefurtherbuiltoutitsportfoliowiththeacquisitionofnPulseTechnologiestosupportforensicsandthreatremediationactivities.
ThisIDCstudyexaminesthecompetitivemarketforthisspecializedsecuritytechnology.
Itaimstoidentifythemarketleadersandsignificanttrendsthatwillimpactthebroadermarketforsecurityproductsandservices.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware.
"Thespecializedthreatanalysisandprotectionmarketisrapidlyevolving,withestablishedvendorsaddingSTAPofferingsthatcompeteagainstagrowingcadreofsecuritystart-ups.
Theinnovativesecuritytechnologiesinthismarketmodernizemanyoftheoutdatedapproachesthatattackersareeasilybypassingtoday.
OrganizationsareshowingsignificantinterestandadoptionofSTAPproductstoaddressthegrowingneedforadvancedthreatdetection.
"—RobertWestervelt,researchmanager,SecurityProducts,IDC2015IDC#2596673ADVICEFORTECHNOLOGYSUPPLIERSThespecializedthreatanalysisandprotectionmarketcontinuestobechallengingforvendors,buyers,andsaleschannelresellers.
ThecompetitivemarketcontinuestoevolvewithSTAPsecurityproductsoftenoverlappingavarietyofadjacentsecuritytechnologyareas.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware,sophisticatedattacktechniques,andotheractivityassociatedwithadvancedpersistentthreats.
Theproductsmustnotbesignaturebased.
BuyersareseekingtobolstertheirexistingsecurityinfrastructurebymakinganinvestmentinproductsdesignedtodetectadvancedthreatsfromeachofthethreeSTAPsubmarkets:endpoint,boundary,andinternalnetworkanalysis.
Somevendorsolutionsprovidefunctionalityfromeachofthesubmarkets,integratingemulationproductsdesignedtoanalyzesuspiciousfileswithbehavioralanalysistoidentifyfunctioncallsandsuspiciousfileactivityontheendpoint,andnetworkanalysistodetectattackerreconnaissanceactivityandlateralmovementwithinthenetwork.
EndpointSTAPproductsusebehavioralanalysisofmemoryandapplicationoperations.
Itprimarilyconsistsofanagentorsensorondevicesthatmonitorsystemprocessesandfilesforsignsofanomalousbehaviororattempttopreventsuspiciousfilesfromexecuting.
IDCanticipatesfutureconsolidationoftheendpointSTAPsubmarket,withtraditionalendpointsecurityvendorsaddingSTAPendpointcapabilitiestotheirplatforms.
BoundarySTAPproductsconsistmainlyofvirtualsandboxing/emulationandbehavioralanalysistechnologies.
Thesesafezonesareusedtodetonateandmonitorthebehaviorofsuspiciousfiles,whicharedesignedtoevadesignature-baseddefenses.
BuyershaveincreasinglypurchasedSaaS-basedsandboxingservices,buton-premisesandhybriddeploymentsarealsocommonwithenterprisecustomers.
InternalnetworkanalysisSTAPproductsmonitornetworkflowtodetectindicationsofattackerreconnaissanceactivity,malwaremovement,andbotnetormalwarecommandandcontrolactivity.
Productsshouldbeequippedtohelpresponderspinpointendpointinfectionsandinterruptcommandandcontrolcommunicationprovidecontexttoincidentresponders.
ThestrongestSTAPsolutionsappeartocomefromvendorsthathavecreatedstrongtechnologypartnerships,andIDChasdeterminedthatasecurityvendor'stechnologypartnerecosystemisbeingexaminedthoroughlyinproductevaluations.
Toremaincompetitive,securityvendorsshouldalsoconsiderthefollowingrecommendations:Strikekeydifferentiators:ProductevaluationsarebecomingasignificantchallengeforbuyersplanningtoadoptSTAPtechnology.
ChannelresellersarealsostrainedwhenattemptingtodetermineifaSTAPproductcanfitintheirportfoliowithoutconflictingwithtop-tiertechnologypartners.
Makeclearalldifferentiatingmanagementfeaturesandcapabilitiesagainstcompetitivesolutions.
Expanddeploymentoptions:Akeybuyingrequirementistheabilitytointegrateproductswithexistingsecurityinfrastructure.
ThisrequirementmayresultintheneedforfullSaaS,on-premises,oramixtureofSaaSandon-premisessolutions.
Whileusabilityandeffortlessdeploymentareadvantageous,buyersarealsochoosingSTAPsolutionswithflexibledeploymentmodels.
2015IDC#2596674Createservicesofferings:Ananalysisofearlyadopterbuyingbehaviorsfoundthatvendorservicesofferingsarenotaprimarybuyingrequirement;however,asecondinquirywithcustomersidentifiedasignificantneedforfollow-upservicesengagements.
Theservicesrequirementwaspromptedbyalackofroutinemaintenance,deficientincidentresponseprocesses,andpoorlyconfigureddeployments.
Developriskscoringmodels:BuyingtrendssuggesttheadditionofaconfigurableriskscoringmethodologytoassistrespondersinprioritizingalertscapturestheattentionofC-suiteexecutivesduringsalesengagements.
Despitethegrowingnumberofrisk-basedscoringcapabilitiesincorporatedintosecurityproducts,STAPvendorscanuseriskscoringasaproductdifferentiator.
Itcouldalsofosterthecomfortlevelrequiredtopromptorganizationstoembraceautomatedresponseandremediationfeatures.
MARKETSHARETheworldwideSTAPsecuritymarketroseto$930millionin2014,anincreaseof126.
3%from2013.
FireEyeremainstheSTAPmarketleader,with37.
9%shareofthemarketin2014.
Itsawitsshareofthemarketdecline5.
2%basedonadditionalmarketentrantsandwidespreadavailabilityofcompetingsandboxingsolutions.
AnotablecompetitorisPaloAltoNetworksandtherapidadoptionofitssubscription-basedWildFiresandboxingservicein2014.
Table1displays2011–2019worldwiderevenueandmarketsharefortheSTAPsecuritymarket.
Tables2–4display2014revenueandmarketsharesforthetopvendorsineachsubmarket.
STAPboundaryisthelargestmarketsegment,withFireEyecontinuingtobethesoledominatingvendor.
Sandboxingtechnologieshavequicklycometomarketfromnetworksecuritycompetitorsandsecuritystart-ups.
BoundarySTAPincludesproductsfromCheckPoint,Cyphort,iBoss,Fortinet,IntelSecurity,Proofpoint,Symantec,andothers.
Italsoincludesashareofsandboxingcomponentsthatexistwithinstandalonevendoradvancedthreatdefensesolutions(seeTable3).
STAPendpointisthefastest-growingmarketsegmentandonethatisquicklyevolvingasendpointsecurityvendors,includingSymantecandIntelSecurity,addendpointadvancedthreatdetectioncapabilitiestotheirplatformstomeettheirestablishedcustomerrequirements.
Lancopehasgainedsignificantadoptionofitsadvancedthreatdetectionsolution,leveragingitscloserelationshipwithCiscoSystems.
RSAandBlueCoatareeachtransformingtheirnetworkpacketcapturingappliances,whichhadbeenfocusedfordigitalforensicsinvestigations,intobreachdetectionandanalysisplatforms(seeTable4).
2015IDC#2596675TABLE1WorldwideSpecializedThreatAnalysisandProtectionRevenuebySegment,2011–2019($M)2011201220132014201520162017201820192014–2019CAGR(%)Boundary80.
6150.
5309.
0709.
81,119.
71,444.
31,653.
41,845.
32,001.
623.
0Endpoint9.
016.
039.
0101.
8212.
7353.
2494.
4618.
0716.
947.
8Internalnetworkanalysis21.
035.
063.
0118.
4202.
5287.
6342.
2386.
7421.
528.
9Total110.
6201.
5411.
0930.
01,535.
02,085.
02,490.
02,850.
03,140.
027.
6Source:IDC,2015TABLE2WorldwideSpecializedThreatAnalysisandProtectionRevenueofBoundarySegmentbyVendor,2014Revenue($M)FireEye353AhnLab25TrendMicro25Cisco25Fidelis23Websense23IBM20Lastline20PaloAltoNetworks17Other178.
8Source:IDC,20152015IDC#2596676TABLE3WorldwideSpecializedThreatAnalysisandProtectionRevenueofEndpointSegmentbyVendor,2014Revenue($M)Bit9-CB38.
0Cylance13.
0Bromium13.
0CrowdStrike12.
0Invincea12.
0Other13.
8Source:IDC,2015TABLE4WorldwideSpecializedThreatAnalysisandProtectionRevenueofInternalNetworkAnalysisSegmentbyVendor,2014Revenue($M)Lancope50.
0IBM15.
0Damballa15.
0BlueCoat13.
0RSA13.
0Other12.
4Source:IDC,20152015IDC#2596677WHOSHAPEDTHEYEARBit9acquiredCarbonBlackatthebeginningof2014andwasabletohighlighttheeffectivenessofitsmodernwhitelistingapproachwithCarbonBlack'sendpointforensicscapabilities.
CarbonBlackhadbeentremendouslysuccessfulwithitsapproachpriortotheacquisitiongainingadoptionwithSOCpersonnelandincidentresponseteamsforitsabilitytotakeacompleteinventoryofeveryfileonanendpointsystemandmonitorforsystemchanges.
Theacquisitionshiftedattentiononwaysorganizationscanmodernizetheirendpointsecuritysolutions.
FireEyegainedattentionwiththelaunchofitsEndpointSecurity(HXSeries)appliancein2014.
ThisproductusesMandiant'sproprietarytechnologyforincidentresponderstomonitorendpointsforthreatindicatorsandalertthesecurityoperationscenterteamaboutpossiblecompromisedendpoints.
EngineersareworkingonembeddingMandiant'sMIRfunctionalityintotheHXSeries,enablingresponderstorapidlyinvestigatepotentialthreats.
TheappliancecanbepurchasedseparatelyorbeintegratedwiththeFireEyeNXSeriesappliances.
PaloAltoNetworksacquiredMortaandCyverain2014toaddendpointvisibilitytoitsportfolio.
TheresultingendpointSTAPproductcalledTrapsisdesignedtoblockattackerexploitationtechniques.
TrapsintegrateswithWildFire,PaloAlto'sSaaS-basedsandboxingservice.
CiscoSystemsacquiredThreatGRID,addingasandboxforcloud-basedsuspiciousfileanalysis.
ThecompanyalsoshowedprogressinextendingtheAdvancedMalwareProtectioncomponentofitsSourcefireacquisitionasanadd-ontoitsASAUTMappliances.
LancopeleverageditsexistingpartnershipwithCiscoSystemstogaintractionintheSTAPmarketwithitsStealthWatchSystemforadvancedthreatdetection.
Lancopecompetesagainstothervendorsintheinternalnetworkanalysissubmarket,whichisdesignedtoidentifylateralmovementwithintrackingnetworkreconnaissance,internalmalwarepropagation,commandandcontroltraffic,anddataexfiltration.
ANoteonSymantecandIntelSecurityIntelSecurityismakinggainswithitsAdvancedThreatDefenseoffering,whichconsistsofastandaloneappliance,designedtointegratewithotherproductsinitsportfolio.
IntelSecurityusesalocalblacklisttodetectknownmalwareandavirtualsandboxenvironmentforsuspiciousfileanalysis.
ItconnectstoIntelSecurity'scloud-basedGlobalThreatIntelligenceforfurtherprotection.
Symantecannouncedthatitwouldsplitintoseparatesecurityandinformationmanagementbusinessesin2014.
ThecompanyalsoannouncedplanstoinvestinitsportfolioofsecurityproductsandentertheSTAPmarketwithanAdvancedThreatProtectionproductthatintegratesitsexistingemail,networking,andendpointsolutionswithfileinspectiontechnologycalledSymantecCynic,acloud-basedsandboxenvironmentforfileinspection.
SymantecalsoleveragesatechnologyitcallsSynapsetocorrelateeventinformationbetweenthenetwork,endpoints,andemailtoprovidecontexttoalertsforincidentresponders.
MARKETCONTEXTTheSTAPmarketgainedconsiderabletractionin2014asendusersincreasedsecurityspendingtostemtheever-increasingnumberofdatabreaches.
TheTargetbreachinparticularraisedthestakesforsecurityaccountabilityastheCEOwasforcedtoresigninpartasaresultofthemassivedata2015IDC#2596678breach.
STAPproductsarerepresentingthefirstsignificantshiftinthesecuritystackinsometime,andIDCpredictsthatorganizationswillcontinuetodeploytheseproductseitherthroughon-premisesdevices,throughendpointclients,orviathecloud.
ThethreeSTAPsubsegmentsthatIDCistracking—boundary,internalnetwork,andendpoint—havestrongenterpriseinterestandadoption.
However,thesereasonsvarybasedoneachsegment:Boundary.
TheinterestinboundarydeviceshasbeenpromptedprimarilybythesuccessofFireEyeandotherstodeliversandboxingandotheridentificationtechniquesonthenetwork.
Manysecurityadministratorsareverycomfortablewithaddingsecuritydevicestothenetworkandasaresultthesedevicesfiteasilyintotheday-to-daysecurityoperationsfunction.
Internalnetwork.
InternalnetworkSTAPproductsareprimarilyfocusedonbotnetdetectionanddeterminingifmalwarehasinfectedthenetwork.
Insteadoftryingtoevaluatethetrafficflowingthroughthenetworkboundaries,internalnetworkSTAPproductsrelyonuserbehavior,flowtraffic,andDNStraffictodeterminewhetherthereismaliciousbehavioronthenetwork.
OnekeyadvantagetoutedbyinternalnetworkSTAPproductsoverboundaryproductsisareductionintheamountoffalsepositives.
Endpoint.
EndpointSTAPproductsarebeingheraldedasthenextgenerationofendpointsecurity.
Asenterpriseshavebecomemoredisillusionedwithlegacyendpointsecurityproducts,theinterestinsolutionsthatarefasterandmoreaccuratehasincreased.
EndpointSTAPvendorsareapproachingendpointsecurityusingawidevarietyofmethodstoimprovethedetectionandpreventioncapabilitiesofmalwareontheendpoint.
OtherendpointSTAPproductsaremorefocusedonanalyticscollectionandvisibilityintotheendpointandthencoordinatethatdatawithnetwork-basedproducts.
IDCdoesnotbelievethatanysingleapproachorproductwillsolveanorganization'ssecuritychallenges,butbyusingacombinationofSTAPproductswithtraditionalsecurityproducts,thatmanyblindspotscanbeeliminated.
SignificantMarketDevelopmentsSecurityvendorFireEye'scontinuedsuccesshasresultedinaninfluxofadvancedthreatdefenseofferingsthatusevirtualsandboxestoanalyzesuspiciousfilesandidentifyadvancedthreats.
Thesolutions,whichfirstappealedtolargeenterprises,haveexperiencedgrowthbycapturingabroadersegmentofthemarket,whichquicklyembracedcloud-basedsandboxingservices.
Avarietyofpure-playvendorswithsandboxingofferingscontinuetomaketheboundarysubmarketextremelylargecomparedwithendpointandinternalnetworkanalysis.
Bit9'sacquisitionofCarbonBlackhashelpedfuelinterestinmodernizingendpointdefenses,whichhavebeenrelyingheavilyonsignature-basedtechnologytodetectmalware.
Newconceptsarebeingintroducedthatincorporateendpointagentorsensortechnologytoincreasevisibilityandgiveincidentrespondersmorecontextintoalertsandcontroloverinfectedsystems.
EndpointSTAPisrapidlyevolving.
Theattentiongiventopure-playvendorshaspromptedestablishedsecurityvendorstoaddsimilarspecializedthreatanalysisandprotectioncapabilities.
Therootofmanyoftheseemergingtechnologiesisinhost-basedintrusionpreventionanddigitalforensicscapabilitiesthatidentifythreatsinunderlyingsystemmemory,abnormalapplicationfunctioncalls,andothersignsofunusualsystembehavior.
IDCisawareofAccessData,FireEyeMIR,GuidanceSoftwareEncase,RSAECAT,andotherforensicstoolsthathelprespondersgainvisibilitywhileinvestigatingthescopeofaninfection.
IDC2015IDC#2596679analystsexaminetheseproductscloselytodeterminewhetherthereisreal-timemonitoringandalertingcapabilitiesandthecustomerrequirementsandusecasesthattheproductsfulfill.
METHODOLOGYThisIDCsoftwaremarketsizingandforecastispresentedintermsofpackagedsoftwareandappliancerevenue.
IDCusesthetermpackagedsoftwaretodistinguishcommerciallyavailablesoftwarefromcustomsoftware,nottoimplythatthesoftwaremustbeshrink-wrappedorotherwiseprovidedviaphysicalmedia.
Packagedsoftwareisprogramsorcodesetsofanytypecommerciallyavailablethroughsale,lease,orrental,orasaservice.
Packagedsoftwarerevenuetypicallyincludesfeesforinitialandcontinuedright-to-usepackagedsoftwarelicenses.
Thesefeesmayinclude,aspartofthelicensecontract,accesstoproductsupportand/orotherservicesthatareinseparablefromtheright-to-uselicensefeestructure,orthissupportmaybepricedseparately.
Upgradesmaybeincludedinthecontinuingrightofuseormaybepricedseparately.
AllofthesearecountedbyIDCaspackagedsoftwarerevenue.
Appliancesaredefinedasacombinationofhardware,operatingenvironment,andapplicationsoftwarewheretheyareprovidedasasingleproduct.
Packagedsoftwarerevenueexcludesservicerevenuederivedfromtraining,consulting,andsystemsintegrationthatisseparate(orunbundled)fromtheright-to-uselicensebutdoesincludetheimplicitvalueoftheproductincludedinaservicethatofferssoftwarefunctionalitybyadifferentpricingscheme.
Itisthetotalproductrevenuethatisfurtherallocatedtomarkets,geographicareas,andoperatingenvironments.
Themarketforecastandanalysismethodologyincorporatesinformationfromfivedifferentbutinterrelatedsources,asfollows:Reportedandobservedtrendsandfinancialactivity.
Thisstudyincorporatesreportedandobservedtrendsandfinancialactivityin2014asoftheendofSeptember2015.
IDC'sSoftwareCensusinterviews.
IDCinterviewsallsignificantmarketparticipantstodetermineproductrevenue,revenuedemographics,pricing,andotherrelevantinformation.
Productbriefings,pressreleases,andotherpubliclyavailableinformation.
IDC'ssoftwareanalystsaroundtheworldmeetwithhundredsofsoftwarevendorseachyear.
Thesebriefingsprovideanopportunitytoreviewcurrentandfuturebusinessandproductstrategies,revenue,shipments,customerbases,targetmarkets,andotherkeyproductandcompetitiveinformation.
Vendorfinancialstatementsandrelatedfilings.
Althoughmanysoftwarevendorsareprivatelyheldandchoosetolimitfinancialdisclosures,informationfrompubliclyheldcompaniesprovidesasignificantbenchmarkforassessinginformalmarketestimatesfromprivatecompanies.
IDCalsobuildsdetailedinformationrelatedtoprivatecompaniesthroughin-depthanalystrelationshipsandmaintainsanextensivelibraryoffinancialandcorporateinformationfocusedontheITindustry.
Wefurthermaintaindetailedrevenuebyproductareamodelsonmorethan1,000worldwidevendors.
IDCdemand-sideresearch.
Thisincludesthousandsofinterviewswithbusinessusersofsoftwaresolutionsannuallyandprovidesapowerfulfifthperspectiveforassessingcompetitiveperformanceandmarketdynamics.
IDC'suserstrategydatabasesofferacompellingandconsistenttime-seriesviewofindustrytrendsanddevelopments.
Directconversationswithtechnologybuyersprovideaninvaluablecomplementtothebroadersurvey-basedresults.
2015IDC#25966710Ultimately,thedatapresentedinthisstudyrepresentsIDC'sbestestimatesbasedonthesedatasourcesaswellasreportedandobservedactivitybyvendorsandfurthermodelingofdatathatwebelievetobetruetofillinanyinformationgaps.
ThedatainthisstudyisderivedfromallthesesourcesandenteredintoIDC'sSoftwareMarketForecasterdatabase,whichisthenupdatedonacontinuousbasisasnewinformationregardingsoftwarevendorrevenuebecomesavailable.
Note:Allnumbersinthisdocumentmaynotbeexactduetorounding.
MARKETDEFINITIONThespecializedthreatanalysisandprotectionmarketoverlapstheendpoint,messaging,network,andWebfunctionalmarkets.
Theproductshelpprotectenterprisesfromnewmalwareattacksthatcannotbedetectedbytraditionalsignature-basedtechniques.
TheSTAPproductsuseavarietyofnon-signature-basedprotectionmethodsincluding,butnotlimitedto,sandboxing,behavioralanalysis,fileintegritymonitoring,telemetricheuristics,containerization,netflowanalysis,andthreatintelligence,whichcandetectamalwareattackorcompromisebyidentifyingattackeractivityorsubtlesystemprocesschanges.
Someoftheproductsonlydetectandalert,whileothersmaycontainmalwaretopreventitfromcausingdamage.
Althoughthesefeaturesmayappearinotherproducts,thiscategoryisonlyfordedicatedSTAPsolutions.
TheSTAPmarketismadeupofdistinguishableproductsasopposedtoembeddedfeatureswithinaproduct.
Theabilitytofindandpreventadvancedmalwareultimatelyrequiresdedicatedactivities,andinthisway,itispossibletomeasuretheextentthatenterprisesareconsciouslytakingactionstodealwithadvancedmalware.
TheSTAPmarketisacompetitivemarketthatoverlapsotherlogicalsecurityproductsmarkets(e.
g.
,IAM,network,endpoint,messaging,Web,SVM,and"other"securityproducts).
TheSTAPmarketmustbereportedseparatelyand,furthermore,notaddedtothesevenlogicalsecurityproductsmarkets,otherwisethetotalsecurityproductsmarketfigurewillbeincorrect.
RELATEDRESEARCHIDC'sForecastScenarioAssumptionsfortheICTMarketsandHistoricalMarketValuesandExchangeRates,Version3,2015(IDC#259115,September2015)WorldwideSpecializedThreatAnalysisandProtectionForecast,2015–2019:DefendingAgainsttheUnknown(IDC#256354,May2015)MarketAnalysisPerspective:WorldwideSecurityProducts,2014(IDC#252908,December2014)WorldwideITSecurityProducts2014–2018Forecastand2013VendorShares:ComprehensiveSecurityProductReview(IDC#253371,December2014)IDC'sWorldwideSecurityProductsTaxonomy,2014(IDC#250802,September2014)WorldwideSpecializedThreatAnalysisandProtection2013–2017Forecastand2012VendorShares(IDC#242346,August2013)AboutIDCInternationalDataCorporation(IDC)isthepremierglobalproviderofmarketintelligence,advisoryservices,andeventsfortheinformationtechnology,telecommunicationsandconsumertechnologymarkets.
IDChelpsITprofessionals,businessexecutives,andtheinvestmentcommunitymakefact-baseddecisionsontechnologypurchasesandbusinessstrategy.
Morethan1,100IDCanalystsprovideglobal,regional,andlocalexpertiseontechnologyandindustryopportunitiesandtrendsinover110countriesworldwide.
For50years,IDChasprovidedstrategicinsightstohelpourclientsachievetheirkeybusinessobjectives.
IDCisasubsidiaryofIDG,theworld'sleadingtechnologymedia,research,andeventscompany.
GlobalHeadquarters5SpeenStreetFramingham,MA01701USA508.
872.
8200Twitter:@IDCidc-insights-community.
comwww.
idc.
comCopyrightNoticeThisIDCresearchdocumentwaspublishedaspartofanIDCcontinuousintelligenceservice,providingwrittenresearch,analystinteractions,telebriefings,andconferences.
Visitwww.
idc.
comtolearnmoreaboutIDCsubscriptionandconsultingservices.
ToviewalistofIDCofficesworldwide,visitwww.
idc.
com/offices.
PleasecontacttheIDCHotlineat800.
343.
4952,ext.
7988(or+1.
508.
988.
7988)orsales@idc.
comforinformationonapplyingthepriceofthisdocumenttowardthepurchaseofanIDCserviceorforinformationonadditionalcopiesorWebrights.
[trademark]Copyright2015IDC.
Reproductionisforbiddenunlessauthorized.
Allrightsreserved.
Organizationsarealsoincreasinglyevaluatingnetworkinspectionsolutionsdesignedtodetectattackermovementtosensitiveresources.
SignificantSTAPtrendsare:Vendorsconvertingproofofconcepts(POCs).
SecurityvendorsconvertedasignificantnumberofSTAPproofofconceptsin2014.
IDCestimatesthatthemarketin2014hadrevenueof$930million.
Itisforecasttogrowtoover$3billionby2019,withatotalmarketCAGRof27.
6%.
Identifyingattackermovement.
High-profileattacks,databreaches,andcriticalvulnerabilitiesin2013and2014droveinterestinNetFlowandotherproductsdesignedtodetectlateralmovementwithinacorporatenetwork.
FireEye,Lancope,IBM,andBit9-CarbonBlackwerethetop4securityvendorssellingSTAPsolutionsin2014.
Callingforincidentresponse(IR)support.
EarlyadoptersofSTAPsolutionssoughtincidentresponseexpertise,increasingdemandfordigitalforensicsspecialists,databreachsupport,andotherprofessionalservices.
Vendorsrespondedbyaddingorbolsteringtheirservicesofferingsin2014.
IDCbelievesthatemergingendpointsolutionsdesignedtodetectadvancedthreatswillgainmomentum.
Vendorsarecombiningmonitoringwithbehavioralanalyticswithothernon-signature-baseddetectioncapabilitiestoidentifyzerodays.
ThereissomeevidencethatendcustomersarebeginningtoshedstandardantivirusinfavorofsomeendpointSTAPsolutions.
TheSTAPmarketwillcontinuetoevolvewithestablishedsecurityvendorsaddingSTAPfeaturestotheirportfolioorganicallyoracquiringemergingSTAPsolutions.
In2014,PaloAltoNetworksacquiredIsraelistart-upCyveraforanestimated$200millionand,laterintheyear,introducedTraps,aSTAPendpointproductthatintegrateswithitsWildFirefilesandboxingservice.
CiscoSystemsacquiredThreatGRID,addingsuspiciousfileanalysissandboxingcapabilitiestoitsportfolio.
FireEyefurtherbuiltoutitsportfoliowiththeacquisitionofnPulseTechnologiestosupportforensicsandthreatremediationactivities.
ThisIDCstudyexaminesthecompetitivemarketforthisspecializedsecuritytechnology.
Itaimstoidentifythemarketleadersandsignificanttrendsthatwillimpactthebroadermarketforsecurityproductsandservices.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware.
"Thespecializedthreatanalysisandprotectionmarketisrapidlyevolving,withestablishedvendorsaddingSTAPofferingsthatcompeteagainstagrowingcadreofsecuritystart-ups.
Theinnovativesecuritytechnologiesinthismarketmodernizemanyoftheoutdatedapproachesthatattackersareeasilybypassingtoday.
OrganizationsareshowingsignificantinterestandadoptionofSTAPproductstoaddressthegrowingneedforadvancedthreatdetection.
"—RobertWestervelt,researchmanager,SecurityProducts,IDC2015IDC#2596673ADVICEFORTECHNOLOGYSUPPLIERSThespecializedthreatanalysisandprotectionmarketcontinuestobechallengingforvendors,buyers,andsaleschannelresellers.
ThecompetitivemarketcontinuestoevolvewithSTAPsecurityproductsoftenoverlappingavarietyofadjacentsecuritytechnologyareas.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware,sophisticatedattacktechniques,andotheractivityassociatedwithadvancedpersistentthreats.
Theproductsmustnotbesignaturebased.
BuyersareseekingtobolstertheirexistingsecurityinfrastructurebymakinganinvestmentinproductsdesignedtodetectadvancedthreatsfromeachofthethreeSTAPsubmarkets:endpoint,boundary,andinternalnetworkanalysis.
Somevendorsolutionsprovidefunctionalityfromeachofthesubmarkets,integratingemulationproductsdesignedtoanalyzesuspiciousfileswithbehavioralanalysistoidentifyfunctioncallsandsuspiciousfileactivityontheendpoint,andnetworkanalysistodetectattackerreconnaissanceactivityandlateralmovementwithinthenetwork.
EndpointSTAPproductsusebehavioralanalysisofmemoryandapplicationoperations.
Itprimarilyconsistsofanagentorsensorondevicesthatmonitorsystemprocessesandfilesforsignsofanomalousbehaviororattempttopreventsuspiciousfilesfromexecuting.
IDCanticipatesfutureconsolidationoftheendpointSTAPsubmarket,withtraditionalendpointsecurityvendorsaddingSTAPendpointcapabilitiestotheirplatforms.
BoundarySTAPproductsconsistmainlyofvirtualsandboxing/emulationandbehavioralanalysistechnologies.
Thesesafezonesareusedtodetonateandmonitorthebehaviorofsuspiciousfiles,whicharedesignedtoevadesignature-baseddefenses.
BuyershaveincreasinglypurchasedSaaS-basedsandboxingservices,buton-premisesandhybriddeploymentsarealsocommonwithenterprisecustomers.
InternalnetworkanalysisSTAPproductsmonitornetworkflowtodetectindicationsofattackerreconnaissanceactivity,malwaremovement,andbotnetormalwarecommandandcontrolactivity.
Productsshouldbeequippedtohelpresponderspinpointendpointinfectionsandinterruptcommandandcontrolcommunicationprovidecontexttoincidentresponders.
ThestrongestSTAPsolutionsappeartocomefromvendorsthathavecreatedstrongtechnologypartnerships,andIDChasdeterminedthatasecurityvendor'stechnologypartnerecosystemisbeingexaminedthoroughlyinproductevaluations.
Toremaincompetitive,securityvendorsshouldalsoconsiderthefollowingrecommendations:Strikekeydifferentiators:ProductevaluationsarebecomingasignificantchallengeforbuyersplanningtoadoptSTAPtechnology.
ChannelresellersarealsostrainedwhenattemptingtodetermineifaSTAPproductcanfitintheirportfoliowithoutconflictingwithtop-tiertechnologypartners.
Makeclearalldifferentiatingmanagementfeaturesandcapabilitiesagainstcompetitivesolutions.
Expanddeploymentoptions:Akeybuyingrequirementistheabilitytointegrateproductswithexistingsecurityinfrastructure.
ThisrequirementmayresultintheneedforfullSaaS,on-premises,oramixtureofSaaSandon-premisessolutions.
Whileusabilityandeffortlessdeploymentareadvantageous,buyersarealsochoosingSTAPsolutionswithflexibledeploymentmodels.
2015IDC#2596674Createservicesofferings:Ananalysisofearlyadopterbuyingbehaviorsfoundthatvendorservicesofferingsarenotaprimarybuyingrequirement;however,asecondinquirywithcustomersidentifiedasignificantneedforfollow-upservicesengagements.
Theservicesrequirementwaspromptedbyalackofroutinemaintenance,deficientincidentresponseprocesses,andpoorlyconfigureddeployments.
Developriskscoringmodels:BuyingtrendssuggesttheadditionofaconfigurableriskscoringmethodologytoassistrespondersinprioritizingalertscapturestheattentionofC-suiteexecutivesduringsalesengagements.
Despitethegrowingnumberofrisk-basedscoringcapabilitiesincorporatedintosecurityproducts,STAPvendorscanuseriskscoringasaproductdifferentiator.
Itcouldalsofosterthecomfortlevelrequiredtopromptorganizationstoembraceautomatedresponseandremediationfeatures.
MARKETSHARETheworldwideSTAPsecuritymarketroseto$930millionin2014,anincreaseof126.
3%from2013.
FireEyeremainstheSTAPmarketleader,with37.
9%shareofthemarketin2014.
Itsawitsshareofthemarketdecline5.
2%basedonadditionalmarketentrantsandwidespreadavailabilityofcompetingsandboxingsolutions.
AnotablecompetitorisPaloAltoNetworksandtherapidadoptionofitssubscription-basedWildFiresandboxingservicein2014.
Table1displays2011–2019worldwiderevenueandmarketsharefortheSTAPsecuritymarket.
Tables2–4display2014revenueandmarketsharesforthetopvendorsineachsubmarket.
STAPboundaryisthelargestmarketsegment,withFireEyecontinuingtobethesoledominatingvendor.
Sandboxingtechnologieshavequicklycometomarketfromnetworksecuritycompetitorsandsecuritystart-ups.
BoundarySTAPincludesproductsfromCheckPoint,Cyphort,iBoss,Fortinet,IntelSecurity,Proofpoint,Symantec,andothers.
Italsoincludesashareofsandboxingcomponentsthatexistwithinstandalonevendoradvancedthreatdefensesolutions(seeTable3).
STAPendpointisthefastest-growingmarketsegmentandonethatisquicklyevolvingasendpointsecurityvendors,includingSymantecandIntelSecurity,addendpointadvancedthreatdetectioncapabilitiestotheirplatformstomeettheirestablishedcustomerrequirements.
Lancopehasgainedsignificantadoptionofitsadvancedthreatdetectionsolution,leveragingitscloserelationshipwithCiscoSystems.
RSAandBlueCoatareeachtransformingtheirnetworkpacketcapturingappliances,whichhadbeenfocusedfordigitalforensicsinvestigations,intobreachdetectionandanalysisplatforms(seeTable4).
2015IDC#2596675TABLE1WorldwideSpecializedThreatAnalysisandProtectionRevenuebySegment,2011–2019($M)2011201220132014201520162017201820192014–2019CAGR(%)Boundary80.
6150.
5309.
0709.
81,119.
71,444.
31,653.
41,845.
32,001.
623.
0Endpoint9.
016.
039.
0101.
8212.
7353.
2494.
4618.
0716.
947.
8Internalnetworkanalysis21.
035.
063.
0118.
4202.
5287.
6342.
2386.
7421.
528.
9Total110.
6201.
5411.
0930.
01,535.
02,085.
02,490.
02,850.
03,140.
027.
6Source:IDC,2015TABLE2WorldwideSpecializedThreatAnalysisandProtectionRevenueofBoundarySegmentbyVendor,2014Revenue($M)FireEye353AhnLab25TrendMicro25Cisco25Fidelis23Websense23IBM20Lastline20PaloAltoNetworks17Other178.
8Source:IDC,20152015IDC#2596676TABLE3WorldwideSpecializedThreatAnalysisandProtectionRevenueofEndpointSegmentbyVendor,2014Revenue($M)Bit9-CB38.
0Cylance13.
0Bromium13.
0CrowdStrike12.
0Invincea12.
0Other13.
8Source:IDC,2015TABLE4WorldwideSpecializedThreatAnalysisandProtectionRevenueofInternalNetworkAnalysisSegmentbyVendor,2014Revenue($M)Lancope50.
0IBM15.
0Damballa15.
0BlueCoat13.
0RSA13.
0Other12.
4Source:IDC,20152015IDC#2596677WHOSHAPEDTHEYEARBit9acquiredCarbonBlackatthebeginningof2014andwasabletohighlighttheeffectivenessofitsmodernwhitelistingapproachwithCarbonBlack'sendpointforensicscapabilities.
CarbonBlackhadbeentremendouslysuccessfulwithitsapproachpriortotheacquisitiongainingadoptionwithSOCpersonnelandincidentresponseteamsforitsabilitytotakeacompleteinventoryofeveryfileonanendpointsystemandmonitorforsystemchanges.
Theacquisitionshiftedattentiononwaysorganizationscanmodernizetheirendpointsecuritysolutions.
FireEyegainedattentionwiththelaunchofitsEndpointSecurity(HXSeries)appliancein2014.
ThisproductusesMandiant'sproprietarytechnologyforincidentresponderstomonitorendpointsforthreatindicatorsandalertthesecurityoperationscenterteamaboutpossiblecompromisedendpoints.
EngineersareworkingonembeddingMandiant'sMIRfunctionalityintotheHXSeries,enablingresponderstorapidlyinvestigatepotentialthreats.
TheappliancecanbepurchasedseparatelyorbeintegratedwiththeFireEyeNXSeriesappliances.
PaloAltoNetworksacquiredMortaandCyverain2014toaddendpointvisibilitytoitsportfolio.
TheresultingendpointSTAPproductcalledTrapsisdesignedtoblockattackerexploitationtechniques.
TrapsintegrateswithWildFire,PaloAlto'sSaaS-basedsandboxingservice.
CiscoSystemsacquiredThreatGRID,addingasandboxforcloud-basedsuspiciousfileanalysis.
ThecompanyalsoshowedprogressinextendingtheAdvancedMalwareProtectioncomponentofitsSourcefireacquisitionasanadd-ontoitsASAUTMappliances.
LancopeleverageditsexistingpartnershipwithCiscoSystemstogaintractionintheSTAPmarketwithitsStealthWatchSystemforadvancedthreatdetection.
Lancopecompetesagainstothervendorsintheinternalnetworkanalysissubmarket,whichisdesignedtoidentifylateralmovementwithintrackingnetworkreconnaissance,internalmalwarepropagation,commandandcontroltraffic,anddataexfiltration.
ANoteonSymantecandIntelSecurityIntelSecurityismakinggainswithitsAdvancedThreatDefenseoffering,whichconsistsofastandaloneappliance,designedtointegratewithotherproductsinitsportfolio.
IntelSecurityusesalocalblacklisttodetectknownmalwareandavirtualsandboxenvironmentforsuspiciousfileanalysis.
ItconnectstoIntelSecurity'scloud-basedGlobalThreatIntelligenceforfurtherprotection.
Symantecannouncedthatitwouldsplitintoseparatesecurityandinformationmanagementbusinessesin2014.
ThecompanyalsoannouncedplanstoinvestinitsportfolioofsecurityproductsandentertheSTAPmarketwithanAdvancedThreatProtectionproductthatintegratesitsexistingemail,networking,andendpointsolutionswithfileinspectiontechnologycalledSymantecCynic,acloud-basedsandboxenvironmentforfileinspection.
SymantecalsoleveragesatechnologyitcallsSynapsetocorrelateeventinformationbetweenthenetwork,endpoints,andemailtoprovidecontexttoalertsforincidentresponders.
MARKETCONTEXTTheSTAPmarketgainedconsiderabletractionin2014asendusersincreasedsecurityspendingtostemtheever-increasingnumberofdatabreaches.
TheTargetbreachinparticularraisedthestakesforsecurityaccountabilityastheCEOwasforcedtoresigninpartasaresultofthemassivedata2015IDC#2596678breach.
STAPproductsarerepresentingthefirstsignificantshiftinthesecuritystackinsometime,andIDCpredictsthatorganizationswillcontinuetodeploytheseproductseitherthroughon-premisesdevices,throughendpointclients,orviathecloud.
ThethreeSTAPsubsegmentsthatIDCistracking—boundary,internalnetwork,andendpoint—havestrongenterpriseinterestandadoption.
However,thesereasonsvarybasedoneachsegment:Boundary.
TheinterestinboundarydeviceshasbeenpromptedprimarilybythesuccessofFireEyeandotherstodeliversandboxingandotheridentificationtechniquesonthenetwork.
Manysecurityadministratorsareverycomfortablewithaddingsecuritydevicestothenetworkandasaresultthesedevicesfiteasilyintotheday-to-daysecurityoperationsfunction.
Internalnetwork.
InternalnetworkSTAPproductsareprimarilyfocusedonbotnetdetectionanddeterminingifmalwarehasinfectedthenetwork.
Insteadoftryingtoevaluatethetrafficflowingthroughthenetworkboundaries,internalnetworkSTAPproductsrelyonuserbehavior,flowtraffic,andDNStraffictodeterminewhetherthereismaliciousbehavioronthenetwork.
OnekeyadvantagetoutedbyinternalnetworkSTAPproductsoverboundaryproductsisareductionintheamountoffalsepositives.
Endpoint.
EndpointSTAPproductsarebeingheraldedasthenextgenerationofendpointsecurity.
Asenterpriseshavebecomemoredisillusionedwithlegacyendpointsecurityproducts,theinterestinsolutionsthatarefasterandmoreaccuratehasincreased.
EndpointSTAPvendorsareapproachingendpointsecurityusingawidevarietyofmethodstoimprovethedetectionandpreventioncapabilitiesofmalwareontheendpoint.
OtherendpointSTAPproductsaremorefocusedonanalyticscollectionandvisibilityintotheendpointandthencoordinatethatdatawithnetwork-basedproducts.
IDCdoesnotbelievethatanysingleapproachorproductwillsolveanorganization'ssecuritychallenges,butbyusingacombinationofSTAPproductswithtraditionalsecurityproducts,thatmanyblindspotscanbeeliminated.
SignificantMarketDevelopmentsSecurityvendorFireEye'scontinuedsuccesshasresultedinaninfluxofadvancedthreatdefenseofferingsthatusevirtualsandboxestoanalyzesuspiciousfilesandidentifyadvancedthreats.
Thesolutions,whichfirstappealedtolargeenterprises,haveexperiencedgrowthbycapturingabroadersegmentofthemarket,whichquicklyembracedcloud-basedsandboxingservices.
Avarietyofpure-playvendorswithsandboxingofferingscontinuetomaketheboundarysubmarketextremelylargecomparedwithendpointandinternalnetworkanalysis.
Bit9'sacquisitionofCarbonBlackhashelpedfuelinterestinmodernizingendpointdefenses,whichhavebeenrelyingheavilyonsignature-basedtechnologytodetectmalware.
Newconceptsarebeingintroducedthatincorporateendpointagentorsensortechnologytoincreasevisibilityandgiveincidentrespondersmorecontextintoalertsandcontroloverinfectedsystems.
EndpointSTAPisrapidlyevolving.
Theattentiongiventopure-playvendorshaspromptedestablishedsecurityvendorstoaddsimilarspecializedthreatanalysisandprotectioncapabilities.
Therootofmanyoftheseemergingtechnologiesisinhost-basedintrusionpreventionanddigitalforensicscapabilitiesthatidentifythreatsinunderlyingsystemmemory,abnormalapplicationfunctioncalls,andothersignsofunusualsystembehavior.
IDCisawareofAccessData,FireEyeMIR,GuidanceSoftwareEncase,RSAECAT,andotherforensicstoolsthathelprespondersgainvisibilitywhileinvestigatingthescopeofaninfection.
IDC2015IDC#2596679analystsexaminetheseproductscloselytodeterminewhetherthereisreal-timemonitoringandalertingcapabilitiesandthecustomerrequirementsandusecasesthattheproductsfulfill.
METHODOLOGYThisIDCsoftwaremarketsizingandforecastispresentedintermsofpackagedsoftwareandappliancerevenue.
IDCusesthetermpackagedsoftwaretodistinguishcommerciallyavailablesoftwarefromcustomsoftware,nottoimplythatthesoftwaremustbeshrink-wrappedorotherwiseprovidedviaphysicalmedia.
Packagedsoftwareisprogramsorcodesetsofanytypecommerciallyavailablethroughsale,lease,orrental,orasaservice.
Packagedsoftwarerevenuetypicallyincludesfeesforinitialandcontinuedright-to-usepackagedsoftwarelicenses.
Thesefeesmayinclude,aspartofthelicensecontract,accesstoproductsupportand/orotherservicesthatareinseparablefromtheright-to-uselicensefeestructure,orthissupportmaybepricedseparately.
Upgradesmaybeincludedinthecontinuingrightofuseormaybepricedseparately.
AllofthesearecountedbyIDCaspackagedsoftwarerevenue.
Appliancesaredefinedasacombinationofhardware,operatingenvironment,andapplicationsoftwarewheretheyareprovidedasasingleproduct.
Packagedsoftwarerevenueexcludesservicerevenuederivedfromtraining,consulting,andsystemsintegrationthatisseparate(orunbundled)fromtheright-to-uselicensebutdoesincludetheimplicitvalueoftheproductincludedinaservicethatofferssoftwarefunctionalitybyadifferentpricingscheme.
Itisthetotalproductrevenuethatisfurtherallocatedtomarkets,geographicareas,andoperatingenvironments.
Themarketforecastandanalysismethodologyincorporatesinformationfromfivedifferentbutinterrelatedsources,asfollows:Reportedandobservedtrendsandfinancialactivity.
Thisstudyincorporatesreportedandobservedtrendsandfinancialactivityin2014asoftheendofSeptember2015.
IDC'sSoftwareCensusinterviews.
IDCinterviewsallsignificantmarketparticipantstodetermineproductrevenue,revenuedemographics,pricing,andotherrelevantinformation.
Productbriefings,pressreleases,andotherpubliclyavailableinformation.
IDC'ssoftwareanalystsaroundtheworldmeetwithhundredsofsoftwarevendorseachyear.
Thesebriefingsprovideanopportunitytoreviewcurrentandfuturebusinessandproductstrategies,revenue,shipments,customerbases,targetmarkets,andotherkeyproductandcompetitiveinformation.
Vendorfinancialstatementsandrelatedfilings.
Althoughmanysoftwarevendorsareprivatelyheldandchoosetolimitfinancialdisclosures,informationfrompubliclyheldcompaniesprovidesasignificantbenchmarkforassessinginformalmarketestimatesfromprivatecompanies.
IDCalsobuildsdetailedinformationrelatedtoprivatecompaniesthroughin-depthanalystrelationshipsandmaintainsanextensivelibraryoffinancialandcorporateinformationfocusedontheITindustry.
Wefurthermaintaindetailedrevenuebyproductareamodelsonmorethan1,000worldwidevendors.
IDCdemand-sideresearch.
Thisincludesthousandsofinterviewswithbusinessusersofsoftwaresolutionsannuallyandprovidesapowerfulfifthperspectiveforassessingcompetitiveperformanceandmarketdynamics.
IDC'suserstrategydatabasesofferacompellingandconsistenttime-seriesviewofindustrytrendsanddevelopments.
Directconversationswithtechnologybuyersprovideaninvaluablecomplementtothebroadersurvey-basedresults.
2015IDC#25966710Ultimately,thedatapresentedinthisstudyrepresentsIDC'sbestestimatesbasedonthesedatasourcesaswellasreportedandobservedactivitybyvendorsandfurthermodelingofdatathatwebelievetobetruetofillinanyinformationgaps.
ThedatainthisstudyisderivedfromallthesesourcesandenteredintoIDC'sSoftwareMarketForecasterdatabase,whichisthenupdatedonacontinuousbasisasnewinformationregardingsoftwarevendorrevenuebecomesavailable.
Note:Allnumbersinthisdocumentmaynotbeexactduetorounding.
MARKETDEFINITIONThespecializedthreatanalysisandprotectionmarketoverlapstheendpoint,messaging,network,andWebfunctionalmarkets.
Theproductshelpprotectenterprisesfromnewmalwareattacksthatcannotbedetectedbytraditionalsignature-basedtechniques.
TheSTAPproductsuseavarietyofnon-signature-basedprotectionmethodsincluding,butnotlimitedto,sandboxing,behavioralanalysis,fileintegritymonitoring,telemetricheuristics,containerization,netflowanalysis,andthreatintelligence,whichcandetectamalwareattackorcompromisebyidentifyingattackeractivityorsubtlesystemprocesschanges.
Someoftheproductsonlydetectandalert,whileothersmaycontainmalwaretopreventitfromcausingdamage.
Althoughthesefeaturesmayappearinotherproducts,thiscategoryisonlyfordedicatedSTAPsolutions.
TheSTAPmarketismadeupofdistinguishableproductsasopposedtoembeddedfeatureswithinaproduct.
Theabilitytofindandpreventadvancedmalwareultimatelyrequiresdedicatedactivities,andinthisway,itispossibletomeasuretheextentthatenterprisesareconsciouslytakingactionstodealwithadvancedmalware.
TheSTAPmarketisacompetitivemarketthatoverlapsotherlogicalsecurityproductsmarkets(e.
g.
,IAM,network,endpoint,messaging,Web,SVM,and"other"securityproducts).
TheSTAPmarketmustbereportedseparatelyand,furthermore,notaddedtothesevenlogicalsecurityproductsmarkets,otherwisethetotalsecurityproductsmarketfigurewillbeincorrect.
RELATEDRESEARCHIDC'sForecastScenarioAssumptionsfortheICTMarketsandHistoricalMarketValuesandExchangeRates,Version3,2015(IDC#259115,September2015)WorldwideSpecializedThreatAnalysisandProtectionForecast,2015–2019:DefendingAgainsttheUnknown(IDC#256354,May2015)MarketAnalysisPerspective:WorldwideSecurityProducts,2014(IDC#252908,December2014)WorldwideITSecurityProducts2014–2018Forecastand2013VendorShares:ComprehensiveSecurityProductReview(IDC#253371,December2014)IDC'sWorldwideSecurityProductsTaxonomy,2014(IDC#250802,September2014)WorldwideSpecializedThreatAnalysisandProtection2013–2017Forecastand2012VendorShares(IDC#242346,August2013)AboutIDCInternationalDataCorporation(IDC)isthepremierglobalproviderofmarketintelligence,advisoryservices,andeventsfortheinformationtechnology,telecommunicationsandconsumertechnologymarkets.
IDChelpsITprofessionals,businessexecutives,andtheinvestmentcommunitymakefact-baseddecisionsontechnologypurchasesandbusinessstrategy.
Morethan1,100IDCanalystsprovideglobal,regional,andlocalexpertiseontechnologyandindustryopportunitiesandtrendsinover110countriesworldwide.
For50years,IDChasprovidedstrategicinsightstohelpourclientsachievetheirkeybusinessobjectives.
IDCisasubsidiaryofIDG,theworld'sleadingtechnologymedia,research,andeventscompany.
GlobalHeadquarters5SpeenStreetFramingham,MA01701USA508.
872.
8200Twitter:@IDCidc-insights-community.
comwww.
idc.
comCopyrightNoticeThisIDCresearchdocumentwaspublishedaspartofanIDCcontinuousintelligenceservice,providingwrittenresearch,analystinteractions,telebriefings,andconferences.
Visitwww.
idc.
comtolearnmoreaboutIDCsubscriptionandconsultingservices.
ToviewalistofIDCofficesworldwide,visitwww.
idc.
com/offices.
PleasecontacttheIDCHotlineat800.
343.
4952,ext.
7988(or+1.
508.
988.
7988)orsales@idc.
comforinformationonapplyingthepriceofthisdocumenttowardthepurchaseofanIDCserviceorforinformationonadditionalcopiesorWebrights.
[trademark]Copyright2015IDC.
Reproductionisforbiddenunlessauthorized.
Allrightsreserved.
- tierfilemarkets.com相关文档
- promotefilemarkets.com
- Imagefilemarkets.com
- grantedfilemarkets.com
- householdsfilemarkets.com
- indexesfilemarkets.com
- Sourcefilemarkets.com
Digital-VM:服务器,$80/月;挪威/丹麦英国/Digital-VM:日本/新加坡/digital-vm:日本VPS仅$2.4/月
digital-vm怎么样?digital-vm在今年1月份就新增了日本、新加坡独立服务器业务,但是不知为何,期间终止了销售日本服务器和新加坡服务器,今天无意中在webhostingtalk论坛看到Digital-VM在发日本和新加坡独立服务器销售信息。服务器硬件是 Supermicro、采用最新一代 Intel CPU、DDR4 RAM 和 Enterprise Samsung SSD内存,默认...
搬瓦工:香港PCCW机房即将关闭;可免费升级至香港CN2 GIA;2核2G/1Gbps大带宽高端线路,89美元/年
搬瓦工怎么样?这几天收到搬瓦工发来的邮件,告知香港pccw机房(HKHK_1)即将关闭,这也不算是什么出乎意料的事情,反而他不关闭我倒觉得奇怪。因为目前搬瓦工香港cn2 GIA 机房和香港pccw机房价格、配置都一样,可以互相迁移,但是不管是速度还是延迟还是丢包率,搬瓦工香港PCCW机房都比不上香港cn2 gia 机房,所以不知道香港 PCCW 机房存在还有什么意义?关闭也是理所当然的事情。点击进...
盘点AoYoZhuJi傲游主机商8个数据中心常见方案及八折优惠
傲游主机商我们可能很多人并不陌生,实际上这个商家早年也就是个人主机商,传说是有几个个人投资创办的,不过能坚持到现在也算不错,毕竟有早年的用户积累正常情况上还是能延续的。如果是新服务商这几年确实不是特别容易,问到几个老牌的个人服务商很多都是早年的用户积累客户群。傲游主机目前有提供XEN和KVM架构的云服务器,不少还是亚洲CN2优化节点,目前数据中心包括中国香港、韩国、德国、荷兰和美国等多个地区的CN...
filemarkets.com为你推荐
-
渣渣辉商标渣渣辉是什么意思啊?sonicchat深圳哪里有卖汽车模型?老虎数码我想买个一千左右的数码相机!最好低于一千五!再给我说一下像素是多少?关键字关键词标签里写多少个关键词为最好partnersonline电脑内一切浏览器无法打开sodu.tw给个看免费小说的网站59ddd.comarmada m300什么装系统dpscyclewow3.13术士的PVE的命中多少够了?铂金血痕仇家血痕是个成语吗?xyq.cbg.163.com这俩号哪个号值得买 价钱合适吗?多少合适!再续前缘区的http://xyq.cbg.163.com/cgi-bin/equipquery.py?server_id=149&equip_id=404113&act=buy_show_equip_infohttp://xyq.cb