tierfilemarkets.com
filemarkets.com 时间:2021-03-21 阅读:()
October2015,IDC#259667MarketShareWorldwideSpecializedThreatAnalysisandProtectionMarketShares,2014:RapidlyEvolvingSecurityDefensesRobertWesterveltPeteLindstromRobAyoubElizabethCorrIDCMARKETSHAREFIGUREFIGURE1WorldwideSpecializedThreatAnalysisandProtection2014ShareSnapshotNote:2014Share(%),Growth(%),andRevenue($M)Source:IDC,20152015IDC#2596672EXECUTIVESUMMARYThespecializedthreatanalysisandprotection(STAP)marketcontinuedtogaintractionin2014withwidespreadadoptionofSaaSandon-premisessandboxesandarenewedfocusonemergingendpointsecuritytechnologies.
Organizationsarealsoincreasinglyevaluatingnetworkinspectionsolutionsdesignedtodetectattackermovementtosensitiveresources.
SignificantSTAPtrendsare:Vendorsconvertingproofofconcepts(POCs).
SecurityvendorsconvertedasignificantnumberofSTAPproofofconceptsin2014.
IDCestimatesthatthemarketin2014hadrevenueof$930million.
Itisforecasttogrowtoover$3billionby2019,withatotalmarketCAGRof27.
6%.
Identifyingattackermovement.
High-profileattacks,databreaches,andcriticalvulnerabilitiesin2013and2014droveinterestinNetFlowandotherproductsdesignedtodetectlateralmovementwithinacorporatenetwork.
FireEye,Lancope,IBM,andBit9-CarbonBlackwerethetop4securityvendorssellingSTAPsolutionsin2014.
Callingforincidentresponse(IR)support.
EarlyadoptersofSTAPsolutionssoughtincidentresponseexpertise,increasingdemandfordigitalforensicsspecialists,databreachsupport,andotherprofessionalservices.
Vendorsrespondedbyaddingorbolsteringtheirservicesofferingsin2014.
IDCbelievesthatemergingendpointsolutionsdesignedtodetectadvancedthreatswillgainmomentum.
Vendorsarecombiningmonitoringwithbehavioralanalyticswithothernon-signature-baseddetectioncapabilitiestoidentifyzerodays.
ThereissomeevidencethatendcustomersarebeginningtoshedstandardantivirusinfavorofsomeendpointSTAPsolutions.
TheSTAPmarketwillcontinuetoevolvewithestablishedsecurityvendorsaddingSTAPfeaturestotheirportfolioorganicallyoracquiringemergingSTAPsolutions.
In2014,PaloAltoNetworksacquiredIsraelistart-upCyveraforanestimated$200millionand,laterintheyear,introducedTraps,aSTAPendpointproductthatintegrateswithitsWildFirefilesandboxingservice.
CiscoSystemsacquiredThreatGRID,addingsuspiciousfileanalysissandboxingcapabilitiestoitsportfolio.
FireEyefurtherbuiltoutitsportfoliowiththeacquisitionofnPulseTechnologiestosupportforensicsandthreatremediationactivities.
ThisIDCstudyexaminesthecompetitivemarketforthisspecializedsecuritytechnology.
Itaimstoidentifythemarketleadersandsignificanttrendsthatwillimpactthebroadermarketforsecurityproductsandservices.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware.
"Thespecializedthreatanalysisandprotectionmarketisrapidlyevolving,withestablishedvendorsaddingSTAPofferingsthatcompeteagainstagrowingcadreofsecuritystart-ups.
Theinnovativesecuritytechnologiesinthismarketmodernizemanyoftheoutdatedapproachesthatattackersareeasilybypassingtoday.
OrganizationsareshowingsignificantinterestandadoptionofSTAPproductstoaddressthegrowingneedforadvancedthreatdetection.
"—RobertWestervelt,researchmanager,SecurityProducts,IDC2015IDC#2596673ADVICEFORTECHNOLOGYSUPPLIERSThespecializedthreatanalysisandprotectionmarketcontinuestobechallengingforvendors,buyers,andsaleschannelresellers.
ThecompetitivemarketcontinuestoevolvewithSTAPsecurityproductsoftenoverlappingavarietyofadjacentsecuritytechnologyareas.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware,sophisticatedattacktechniques,andotheractivityassociatedwithadvancedpersistentthreats.
Theproductsmustnotbesignaturebased.
BuyersareseekingtobolstertheirexistingsecurityinfrastructurebymakinganinvestmentinproductsdesignedtodetectadvancedthreatsfromeachofthethreeSTAPsubmarkets:endpoint,boundary,andinternalnetworkanalysis.
Somevendorsolutionsprovidefunctionalityfromeachofthesubmarkets,integratingemulationproductsdesignedtoanalyzesuspiciousfileswithbehavioralanalysistoidentifyfunctioncallsandsuspiciousfileactivityontheendpoint,andnetworkanalysistodetectattackerreconnaissanceactivityandlateralmovementwithinthenetwork.
EndpointSTAPproductsusebehavioralanalysisofmemoryandapplicationoperations.
Itprimarilyconsistsofanagentorsensorondevicesthatmonitorsystemprocessesandfilesforsignsofanomalousbehaviororattempttopreventsuspiciousfilesfromexecuting.
IDCanticipatesfutureconsolidationoftheendpointSTAPsubmarket,withtraditionalendpointsecurityvendorsaddingSTAPendpointcapabilitiestotheirplatforms.
BoundarySTAPproductsconsistmainlyofvirtualsandboxing/emulationandbehavioralanalysistechnologies.
Thesesafezonesareusedtodetonateandmonitorthebehaviorofsuspiciousfiles,whicharedesignedtoevadesignature-baseddefenses.
BuyershaveincreasinglypurchasedSaaS-basedsandboxingservices,buton-premisesandhybriddeploymentsarealsocommonwithenterprisecustomers.
InternalnetworkanalysisSTAPproductsmonitornetworkflowtodetectindicationsofattackerreconnaissanceactivity,malwaremovement,andbotnetormalwarecommandandcontrolactivity.
Productsshouldbeequippedtohelpresponderspinpointendpointinfectionsandinterruptcommandandcontrolcommunicationprovidecontexttoincidentresponders.
ThestrongestSTAPsolutionsappeartocomefromvendorsthathavecreatedstrongtechnologypartnerships,andIDChasdeterminedthatasecurityvendor'stechnologypartnerecosystemisbeingexaminedthoroughlyinproductevaluations.
Toremaincompetitive,securityvendorsshouldalsoconsiderthefollowingrecommendations:Strikekeydifferentiators:ProductevaluationsarebecomingasignificantchallengeforbuyersplanningtoadoptSTAPtechnology.
ChannelresellersarealsostrainedwhenattemptingtodetermineifaSTAPproductcanfitintheirportfoliowithoutconflictingwithtop-tiertechnologypartners.
Makeclearalldifferentiatingmanagementfeaturesandcapabilitiesagainstcompetitivesolutions.
Expanddeploymentoptions:Akeybuyingrequirementistheabilitytointegrateproductswithexistingsecurityinfrastructure.
ThisrequirementmayresultintheneedforfullSaaS,on-premises,oramixtureofSaaSandon-premisessolutions.
Whileusabilityandeffortlessdeploymentareadvantageous,buyersarealsochoosingSTAPsolutionswithflexibledeploymentmodels.
2015IDC#2596674Createservicesofferings:Ananalysisofearlyadopterbuyingbehaviorsfoundthatvendorservicesofferingsarenotaprimarybuyingrequirement;however,asecondinquirywithcustomersidentifiedasignificantneedforfollow-upservicesengagements.
Theservicesrequirementwaspromptedbyalackofroutinemaintenance,deficientincidentresponseprocesses,andpoorlyconfigureddeployments.
Developriskscoringmodels:BuyingtrendssuggesttheadditionofaconfigurableriskscoringmethodologytoassistrespondersinprioritizingalertscapturestheattentionofC-suiteexecutivesduringsalesengagements.
Despitethegrowingnumberofrisk-basedscoringcapabilitiesincorporatedintosecurityproducts,STAPvendorscanuseriskscoringasaproductdifferentiator.
Itcouldalsofosterthecomfortlevelrequiredtopromptorganizationstoembraceautomatedresponseandremediationfeatures.
MARKETSHARETheworldwideSTAPsecuritymarketroseto$930millionin2014,anincreaseof126.
3%from2013.
FireEyeremainstheSTAPmarketleader,with37.
9%shareofthemarketin2014.
Itsawitsshareofthemarketdecline5.
2%basedonadditionalmarketentrantsandwidespreadavailabilityofcompetingsandboxingsolutions.
AnotablecompetitorisPaloAltoNetworksandtherapidadoptionofitssubscription-basedWildFiresandboxingservicein2014.
Table1displays2011–2019worldwiderevenueandmarketsharefortheSTAPsecuritymarket.
Tables2–4display2014revenueandmarketsharesforthetopvendorsineachsubmarket.
STAPboundaryisthelargestmarketsegment,withFireEyecontinuingtobethesoledominatingvendor.
Sandboxingtechnologieshavequicklycometomarketfromnetworksecuritycompetitorsandsecuritystart-ups.
BoundarySTAPincludesproductsfromCheckPoint,Cyphort,iBoss,Fortinet,IntelSecurity,Proofpoint,Symantec,andothers.
Italsoincludesashareofsandboxingcomponentsthatexistwithinstandalonevendoradvancedthreatdefensesolutions(seeTable3).
STAPendpointisthefastest-growingmarketsegmentandonethatisquicklyevolvingasendpointsecurityvendors,includingSymantecandIntelSecurity,addendpointadvancedthreatdetectioncapabilitiestotheirplatformstomeettheirestablishedcustomerrequirements.
Lancopehasgainedsignificantadoptionofitsadvancedthreatdetectionsolution,leveragingitscloserelationshipwithCiscoSystems.
RSAandBlueCoatareeachtransformingtheirnetworkpacketcapturingappliances,whichhadbeenfocusedfordigitalforensicsinvestigations,intobreachdetectionandanalysisplatforms(seeTable4).
2015IDC#2596675TABLE1WorldwideSpecializedThreatAnalysisandProtectionRevenuebySegment,2011–2019($M)2011201220132014201520162017201820192014–2019CAGR(%)Boundary80.
6150.
5309.
0709.
81,119.
71,444.
31,653.
41,845.
32,001.
623.
0Endpoint9.
016.
039.
0101.
8212.
7353.
2494.
4618.
0716.
947.
8Internalnetworkanalysis21.
035.
063.
0118.
4202.
5287.
6342.
2386.
7421.
528.
9Total110.
6201.
5411.
0930.
01,535.
02,085.
02,490.
02,850.
03,140.
027.
6Source:IDC,2015TABLE2WorldwideSpecializedThreatAnalysisandProtectionRevenueofBoundarySegmentbyVendor,2014Revenue($M)FireEye353AhnLab25TrendMicro25Cisco25Fidelis23Websense23IBM20Lastline20PaloAltoNetworks17Other178.
8Source:IDC,20152015IDC#2596676TABLE3WorldwideSpecializedThreatAnalysisandProtectionRevenueofEndpointSegmentbyVendor,2014Revenue($M)Bit9-CB38.
0Cylance13.
0Bromium13.
0CrowdStrike12.
0Invincea12.
0Other13.
8Source:IDC,2015TABLE4WorldwideSpecializedThreatAnalysisandProtectionRevenueofInternalNetworkAnalysisSegmentbyVendor,2014Revenue($M)Lancope50.
0IBM15.
0Damballa15.
0BlueCoat13.
0RSA13.
0Other12.
4Source:IDC,20152015IDC#2596677WHOSHAPEDTHEYEARBit9acquiredCarbonBlackatthebeginningof2014andwasabletohighlighttheeffectivenessofitsmodernwhitelistingapproachwithCarbonBlack'sendpointforensicscapabilities.
CarbonBlackhadbeentremendouslysuccessfulwithitsapproachpriortotheacquisitiongainingadoptionwithSOCpersonnelandincidentresponseteamsforitsabilitytotakeacompleteinventoryofeveryfileonanendpointsystemandmonitorforsystemchanges.
Theacquisitionshiftedattentiononwaysorganizationscanmodernizetheirendpointsecuritysolutions.
FireEyegainedattentionwiththelaunchofitsEndpointSecurity(HXSeries)appliancein2014.
ThisproductusesMandiant'sproprietarytechnologyforincidentresponderstomonitorendpointsforthreatindicatorsandalertthesecurityoperationscenterteamaboutpossiblecompromisedendpoints.
EngineersareworkingonembeddingMandiant'sMIRfunctionalityintotheHXSeries,enablingresponderstorapidlyinvestigatepotentialthreats.
TheappliancecanbepurchasedseparatelyorbeintegratedwiththeFireEyeNXSeriesappliances.
PaloAltoNetworksacquiredMortaandCyverain2014toaddendpointvisibilitytoitsportfolio.
TheresultingendpointSTAPproductcalledTrapsisdesignedtoblockattackerexploitationtechniques.
TrapsintegrateswithWildFire,PaloAlto'sSaaS-basedsandboxingservice.
CiscoSystemsacquiredThreatGRID,addingasandboxforcloud-basedsuspiciousfileanalysis.
ThecompanyalsoshowedprogressinextendingtheAdvancedMalwareProtectioncomponentofitsSourcefireacquisitionasanadd-ontoitsASAUTMappliances.
LancopeleverageditsexistingpartnershipwithCiscoSystemstogaintractionintheSTAPmarketwithitsStealthWatchSystemforadvancedthreatdetection.
Lancopecompetesagainstothervendorsintheinternalnetworkanalysissubmarket,whichisdesignedtoidentifylateralmovementwithintrackingnetworkreconnaissance,internalmalwarepropagation,commandandcontroltraffic,anddataexfiltration.
ANoteonSymantecandIntelSecurityIntelSecurityismakinggainswithitsAdvancedThreatDefenseoffering,whichconsistsofastandaloneappliance,designedtointegratewithotherproductsinitsportfolio.
IntelSecurityusesalocalblacklisttodetectknownmalwareandavirtualsandboxenvironmentforsuspiciousfileanalysis.
ItconnectstoIntelSecurity'scloud-basedGlobalThreatIntelligenceforfurtherprotection.
Symantecannouncedthatitwouldsplitintoseparatesecurityandinformationmanagementbusinessesin2014.
ThecompanyalsoannouncedplanstoinvestinitsportfolioofsecurityproductsandentertheSTAPmarketwithanAdvancedThreatProtectionproductthatintegratesitsexistingemail,networking,andendpointsolutionswithfileinspectiontechnologycalledSymantecCynic,acloud-basedsandboxenvironmentforfileinspection.
SymantecalsoleveragesatechnologyitcallsSynapsetocorrelateeventinformationbetweenthenetwork,endpoints,andemailtoprovidecontexttoalertsforincidentresponders.
MARKETCONTEXTTheSTAPmarketgainedconsiderabletractionin2014asendusersincreasedsecurityspendingtostemtheever-increasingnumberofdatabreaches.
TheTargetbreachinparticularraisedthestakesforsecurityaccountabilityastheCEOwasforcedtoresigninpartasaresultofthemassivedata2015IDC#2596678breach.
STAPproductsarerepresentingthefirstsignificantshiftinthesecuritystackinsometime,andIDCpredictsthatorganizationswillcontinuetodeploytheseproductseitherthroughon-premisesdevices,throughendpointclients,orviathecloud.
ThethreeSTAPsubsegmentsthatIDCistracking—boundary,internalnetwork,andendpoint—havestrongenterpriseinterestandadoption.
However,thesereasonsvarybasedoneachsegment:Boundary.
TheinterestinboundarydeviceshasbeenpromptedprimarilybythesuccessofFireEyeandotherstodeliversandboxingandotheridentificationtechniquesonthenetwork.
Manysecurityadministratorsareverycomfortablewithaddingsecuritydevicestothenetworkandasaresultthesedevicesfiteasilyintotheday-to-daysecurityoperationsfunction.
Internalnetwork.
InternalnetworkSTAPproductsareprimarilyfocusedonbotnetdetectionanddeterminingifmalwarehasinfectedthenetwork.
Insteadoftryingtoevaluatethetrafficflowingthroughthenetworkboundaries,internalnetworkSTAPproductsrelyonuserbehavior,flowtraffic,andDNStraffictodeterminewhetherthereismaliciousbehavioronthenetwork.
OnekeyadvantagetoutedbyinternalnetworkSTAPproductsoverboundaryproductsisareductionintheamountoffalsepositives.
Endpoint.
EndpointSTAPproductsarebeingheraldedasthenextgenerationofendpointsecurity.
Asenterpriseshavebecomemoredisillusionedwithlegacyendpointsecurityproducts,theinterestinsolutionsthatarefasterandmoreaccuratehasincreased.
EndpointSTAPvendorsareapproachingendpointsecurityusingawidevarietyofmethodstoimprovethedetectionandpreventioncapabilitiesofmalwareontheendpoint.
OtherendpointSTAPproductsaremorefocusedonanalyticscollectionandvisibilityintotheendpointandthencoordinatethatdatawithnetwork-basedproducts.
IDCdoesnotbelievethatanysingleapproachorproductwillsolveanorganization'ssecuritychallenges,butbyusingacombinationofSTAPproductswithtraditionalsecurityproducts,thatmanyblindspotscanbeeliminated.
SignificantMarketDevelopmentsSecurityvendorFireEye'scontinuedsuccesshasresultedinaninfluxofadvancedthreatdefenseofferingsthatusevirtualsandboxestoanalyzesuspiciousfilesandidentifyadvancedthreats.
Thesolutions,whichfirstappealedtolargeenterprises,haveexperiencedgrowthbycapturingabroadersegmentofthemarket,whichquicklyembracedcloud-basedsandboxingservices.
Avarietyofpure-playvendorswithsandboxingofferingscontinuetomaketheboundarysubmarketextremelylargecomparedwithendpointandinternalnetworkanalysis.
Bit9'sacquisitionofCarbonBlackhashelpedfuelinterestinmodernizingendpointdefenses,whichhavebeenrelyingheavilyonsignature-basedtechnologytodetectmalware.
Newconceptsarebeingintroducedthatincorporateendpointagentorsensortechnologytoincreasevisibilityandgiveincidentrespondersmorecontextintoalertsandcontroloverinfectedsystems.
EndpointSTAPisrapidlyevolving.
Theattentiongiventopure-playvendorshaspromptedestablishedsecurityvendorstoaddsimilarspecializedthreatanalysisandprotectioncapabilities.
Therootofmanyoftheseemergingtechnologiesisinhost-basedintrusionpreventionanddigitalforensicscapabilitiesthatidentifythreatsinunderlyingsystemmemory,abnormalapplicationfunctioncalls,andothersignsofunusualsystembehavior.
IDCisawareofAccessData,FireEyeMIR,GuidanceSoftwareEncase,RSAECAT,andotherforensicstoolsthathelprespondersgainvisibilitywhileinvestigatingthescopeofaninfection.
IDC2015IDC#2596679analystsexaminetheseproductscloselytodeterminewhetherthereisreal-timemonitoringandalertingcapabilitiesandthecustomerrequirementsandusecasesthattheproductsfulfill.
METHODOLOGYThisIDCsoftwaremarketsizingandforecastispresentedintermsofpackagedsoftwareandappliancerevenue.
IDCusesthetermpackagedsoftwaretodistinguishcommerciallyavailablesoftwarefromcustomsoftware,nottoimplythatthesoftwaremustbeshrink-wrappedorotherwiseprovidedviaphysicalmedia.
Packagedsoftwareisprogramsorcodesetsofanytypecommerciallyavailablethroughsale,lease,orrental,orasaservice.
Packagedsoftwarerevenuetypicallyincludesfeesforinitialandcontinuedright-to-usepackagedsoftwarelicenses.
Thesefeesmayinclude,aspartofthelicensecontract,accesstoproductsupportand/orotherservicesthatareinseparablefromtheright-to-uselicensefeestructure,orthissupportmaybepricedseparately.
Upgradesmaybeincludedinthecontinuingrightofuseormaybepricedseparately.
AllofthesearecountedbyIDCaspackagedsoftwarerevenue.
Appliancesaredefinedasacombinationofhardware,operatingenvironment,andapplicationsoftwarewheretheyareprovidedasasingleproduct.
Packagedsoftwarerevenueexcludesservicerevenuederivedfromtraining,consulting,andsystemsintegrationthatisseparate(orunbundled)fromtheright-to-uselicensebutdoesincludetheimplicitvalueoftheproductincludedinaservicethatofferssoftwarefunctionalitybyadifferentpricingscheme.
Itisthetotalproductrevenuethatisfurtherallocatedtomarkets,geographicareas,andoperatingenvironments.
Themarketforecastandanalysismethodologyincorporatesinformationfromfivedifferentbutinterrelatedsources,asfollows:Reportedandobservedtrendsandfinancialactivity.
Thisstudyincorporatesreportedandobservedtrendsandfinancialactivityin2014asoftheendofSeptember2015.
IDC'sSoftwareCensusinterviews.
IDCinterviewsallsignificantmarketparticipantstodetermineproductrevenue,revenuedemographics,pricing,andotherrelevantinformation.
Productbriefings,pressreleases,andotherpubliclyavailableinformation.
IDC'ssoftwareanalystsaroundtheworldmeetwithhundredsofsoftwarevendorseachyear.
Thesebriefingsprovideanopportunitytoreviewcurrentandfuturebusinessandproductstrategies,revenue,shipments,customerbases,targetmarkets,andotherkeyproductandcompetitiveinformation.
Vendorfinancialstatementsandrelatedfilings.
Althoughmanysoftwarevendorsareprivatelyheldandchoosetolimitfinancialdisclosures,informationfrompubliclyheldcompaniesprovidesasignificantbenchmarkforassessinginformalmarketestimatesfromprivatecompanies.
IDCalsobuildsdetailedinformationrelatedtoprivatecompaniesthroughin-depthanalystrelationshipsandmaintainsanextensivelibraryoffinancialandcorporateinformationfocusedontheITindustry.
Wefurthermaintaindetailedrevenuebyproductareamodelsonmorethan1,000worldwidevendors.
IDCdemand-sideresearch.
Thisincludesthousandsofinterviewswithbusinessusersofsoftwaresolutionsannuallyandprovidesapowerfulfifthperspectiveforassessingcompetitiveperformanceandmarketdynamics.
IDC'suserstrategydatabasesofferacompellingandconsistenttime-seriesviewofindustrytrendsanddevelopments.
Directconversationswithtechnologybuyersprovideaninvaluablecomplementtothebroadersurvey-basedresults.
2015IDC#25966710Ultimately,thedatapresentedinthisstudyrepresentsIDC'sbestestimatesbasedonthesedatasourcesaswellasreportedandobservedactivitybyvendorsandfurthermodelingofdatathatwebelievetobetruetofillinanyinformationgaps.
ThedatainthisstudyisderivedfromallthesesourcesandenteredintoIDC'sSoftwareMarketForecasterdatabase,whichisthenupdatedonacontinuousbasisasnewinformationregardingsoftwarevendorrevenuebecomesavailable.
Note:Allnumbersinthisdocumentmaynotbeexactduetorounding.
MARKETDEFINITIONThespecializedthreatanalysisandprotectionmarketoverlapstheendpoint,messaging,network,andWebfunctionalmarkets.
Theproductshelpprotectenterprisesfromnewmalwareattacksthatcannotbedetectedbytraditionalsignature-basedtechniques.
TheSTAPproductsuseavarietyofnon-signature-basedprotectionmethodsincluding,butnotlimitedto,sandboxing,behavioralanalysis,fileintegritymonitoring,telemetricheuristics,containerization,netflowanalysis,andthreatintelligence,whichcandetectamalwareattackorcompromisebyidentifyingattackeractivityorsubtlesystemprocesschanges.
Someoftheproductsonlydetectandalert,whileothersmaycontainmalwaretopreventitfromcausingdamage.
Althoughthesefeaturesmayappearinotherproducts,thiscategoryisonlyfordedicatedSTAPsolutions.
TheSTAPmarketismadeupofdistinguishableproductsasopposedtoembeddedfeatureswithinaproduct.
Theabilitytofindandpreventadvancedmalwareultimatelyrequiresdedicatedactivities,andinthisway,itispossibletomeasuretheextentthatenterprisesareconsciouslytakingactionstodealwithadvancedmalware.
TheSTAPmarketisacompetitivemarketthatoverlapsotherlogicalsecurityproductsmarkets(e.
g.
,IAM,network,endpoint,messaging,Web,SVM,and"other"securityproducts).
TheSTAPmarketmustbereportedseparatelyand,furthermore,notaddedtothesevenlogicalsecurityproductsmarkets,otherwisethetotalsecurityproductsmarketfigurewillbeincorrect.
RELATEDRESEARCHIDC'sForecastScenarioAssumptionsfortheICTMarketsandHistoricalMarketValuesandExchangeRates,Version3,2015(IDC#259115,September2015)WorldwideSpecializedThreatAnalysisandProtectionForecast,2015–2019:DefendingAgainsttheUnknown(IDC#256354,May2015)MarketAnalysisPerspective:WorldwideSecurityProducts,2014(IDC#252908,December2014)WorldwideITSecurityProducts2014–2018Forecastand2013VendorShares:ComprehensiveSecurityProductReview(IDC#253371,December2014)IDC'sWorldwideSecurityProductsTaxonomy,2014(IDC#250802,September2014)WorldwideSpecializedThreatAnalysisandProtection2013–2017Forecastand2012VendorShares(IDC#242346,August2013)AboutIDCInternationalDataCorporation(IDC)isthepremierglobalproviderofmarketintelligence,advisoryservices,andeventsfortheinformationtechnology,telecommunicationsandconsumertechnologymarkets.
IDChelpsITprofessionals,businessexecutives,andtheinvestmentcommunitymakefact-baseddecisionsontechnologypurchasesandbusinessstrategy.
Morethan1,100IDCanalystsprovideglobal,regional,andlocalexpertiseontechnologyandindustryopportunitiesandtrendsinover110countriesworldwide.
For50years,IDChasprovidedstrategicinsightstohelpourclientsachievetheirkeybusinessobjectives.
IDCisasubsidiaryofIDG,theworld'sleadingtechnologymedia,research,andeventscompany.
GlobalHeadquarters5SpeenStreetFramingham,MA01701USA508.
872.
8200Twitter:@IDCidc-insights-community.
comwww.
idc.
comCopyrightNoticeThisIDCresearchdocumentwaspublishedaspartofanIDCcontinuousintelligenceservice,providingwrittenresearch,analystinteractions,telebriefings,andconferences.
Visitwww.
idc.
comtolearnmoreaboutIDCsubscriptionandconsultingservices.
ToviewalistofIDCofficesworldwide,visitwww.
idc.
com/offices.
PleasecontacttheIDCHotlineat800.
343.
4952,ext.
7988(or+1.
508.
988.
7988)orsales@idc.
comforinformationonapplyingthepriceofthisdocumenttowardthepurchaseofanIDCserviceorforinformationonadditionalcopiesorWebrights.
[trademark]Copyright2015IDC.
Reproductionisforbiddenunlessauthorized.
Allrightsreserved.
Organizationsarealsoincreasinglyevaluatingnetworkinspectionsolutionsdesignedtodetectattackermovementtosensitiveresources.
SignificantSTAPtrendsare:Vendorsconvertingproofofconcepts(POCs).
SecurityvendorsconvertedasignificantnumberofSTAPproofofconceptsin2014.
IDCestimatesthatthemarketin2014hadrevenueof$930million.
Itisforecasttogrowtoover$3billionby2019,withatotalmarketCAGRof27.
6%.
Identifyingattackermovement.
High-profileattacks,databreaches,andcriticalvulnerabilitiesin2013and2014droveinterestinNetFlowandotherproductsdesignedtodetectlateralmovementwithinacorporatenetwork.
FireEye,Lancope,IBM,andBit9-CarbonBlackwerethetop4securityvendorssellingSTAPsolutionsin2014.
Callingforincidentresponse(IR)support.
EarlyadoptersofSTAPsolutionssoughtincidentresponseexpertise,increasingdemandfordigitalforensicsspecialists,databreachsupport,andotherprofessionalservices.
Vendorsrespondedbyaddingorbolsteringtheirservicesofferingsin2014.
IDCbelievesthatemergingendpointsolutionsdesignedtodetectadvancedthreatswillgainmomentum.
Vendorsarecombiningmonitoringwithbehavioralanalyticswithothernon-signature-baseddetectioncapabilitiestoidentifyzerodays.
ThereissomeevidencethatendcustomersarebeginningtoshedstandardantivirusinfavorofsomeendpointSTAPsolutions.
TheSTAPmarketwillcontinuetoevolvewithestablishedsecurityvendorsaddingSTAPfeaturestotheirportfolioorganicallyoracquiringemergingSTAPsolutions.
In2014,PaloAltoNetworksacquiredIsraelistart-upCyveraforanestimated$200millionand,laterintheyear,introducedTraps,aSTAPendpointproductthatintegrateswithitsWildFirefilesandboxingservice.
CiscoSystemsacquiredThreatGRID,addingsuspiciousfileanalysissandboxingcapabilitiestoitsportfolio.
FireEyefurtherbuiltoutitsportfoliowiththeacquisitionofnPulseTechnologiestosupportforensicsandthreatremediationactivities.
ThisIDCstudyexaminesthecompetitivemarketforthisspecializedsecuritytechnology.
Itaimstoidentifythemarketleadersandsignificanttrendsthatwillimpactthebroadermarketforsecurityproductsandservices.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware.
"Thespecializedthreatanalysisandprotectionmarketisrapidlyevolving,withestablishedvendorsaddingSTAPofferingsthatcompeteagainstagrowingcadreofsecuritystart-ups.
Theinnovativesecuritytechnologiesinthismarketmodernizemanyoftheoutdatedapproachesthatattackersareeasilybypassingtoday.
OrganizationsareshowingsignificantinterestandadoptionofSTAPproductstoaddressthegrowingneedforadvancedthreatdetection.
"—RobertWestervelt,researchmanager,SecurityProducts,IDC2015IDC#2596673ADVICEFORTECHNOLOGYSUPPLIERSThespecializedthreatanalysisandprotectionmarketcontinuestobechallengingforvendors,buyers,andsaleschannelresellers.
ThecompetitivemarketcontinuestoevolvewithSTAPsecurityproductsoftenoverlappingavarietyofadjacentsecuritytechnologyareas.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware,sophisticatedattacktechniques,andotheractivityassociatedwithadvancedpersistentthreats.
Theproductsmustnotbesignaturebased.
BuyersareseekingtobolstertheirexistingsecurityinfrastructurebymakinganinvestmentinproductsdesignedtodetectadvancedthreatsfromeachofthethreeSTAPsubmarkets:endpoint,boundary,andinternalnetworkanalysis.
Somevendorsolutionsprovidefunctionalityfromeachofthesubmarkets,integratingemulationproductsdesignedtoanalyzesuspiciousfileswithbehavioralanalysistoidentifyfunctioncallsandsuspiciousfileactivityontheendpoint,andnetworkanalysistodetectattackerreconnaissanceactivityandlateralmovementwithinthenetwork.
EndpointSTAPproductsusebehavioralanalysisofmemoryandapplicationoperations.
Itprimarilyconsistsofanagentorsensorondevicesthatmonitorsystemprocessesandfilesforsignsofanomalousbehaviororattempttopreventsuspiciousfilesfromexecuting.
IDCanticipatesfutureconsolidationoftheendpointSTAPsubmarket,withtraditionalendpointsecurityvendorsaddingSTAPendpointcapabilitiestotheirplatforms.
BoundarySTAPproductsconsistmainlyofvirtualsandboxing/emulationandbehavioralanalysistechnologies.
Thesesafezonesareusedtodetonateandmonitorthebehaviorofsuspiciousfiles,whicharedesignedtoevadesignature-baseddefenses.
BuyershaveincreasinglypurchasedSaaS-basedsandboxingservices,buton-premisesandhybriddeploymentsarealsocommonwithenterprisecustomers.
InternalnetworkanalysisSTAPproductsmonitornetworkflowtodetectindicationsofattackerreconnaissanceactivity,malwaremovement,andbotnetormalwarecommandandcontrolactivity.
Productsshouldbeequippedtohelpresponderspinpointendpointinfectionsandinterruptcommandandcontrolcommunicationprovidecontexttoincidentresponders.
ThestrongestSTAPsolutionsappeartocomefromvendorsthathavecreatedstrongtechnologypartnerships,andIDChasdeterminedthatasecurityvendor'stechnologypartnerecosystemisbeingexaminedthoroughlyinproductevaluations.
Toremaincompetitive,securityvendorsshouldalsoconsiderthefollowingrecommendations:Strikekeydifferentiators:ProductevaluationsarebecomingasignificantchallengeforbuyersplanningtoadoptSTAPtechnology.
ChannelresellersarealsostrainedwhenattemptingtodetermineifaSTAPproductcanfitintheirportfoliowithoutconflictingwithtop-tiertechnologypartners.
Makeclearalldifferentiatingmanagementfeaturesandcapabilitiesagainstcompetitivesolutions.
Expanddeploymentoptions:Akeybuyingrequirementistheabilitytointegrateproductswithexistingsecurityinfrastructure.
ThisrequirementmayresultintheneedforfullSaaS,on-premises,oramixtureofSaaSandon-premisessolutions.
Whileusabilityandeffortlessdeploymentareadvantageous,buyersarealsochoosingSTAPsolutionswithflexibledeploymentmodels.
2015IDC#2596674Createservicesofferings:Ananalysisofearlyadopterbuyingbehaviorsfoundthatvendorservicesofferingsarenotaprimarybuyingrequirement;however,asecondinquirywithcustomersidentifiedasignificantneedforfollow-upservicesengagements.
Theservicesrequirementwaspromptedbyalackofroutinemaintenance,deficientincidentresponseprocesses,andpoorlyconfigureddeployments.
Developriskscoringmodels:BuyingtrendssuggesttheadditionofaconfigurableriskscoringmethodologytoassistrespondersinprioritizingalertscapturestheattentionofC-suiteexecutivesduringsalesengagements.
Despitethegrowingnumberofrisk-basedscoringcapabilitiesincorporatedintosecurityproducts,STAPvendorscanuseriskscoringasaproductdifferentiator.
Itcouldalsofosterthecomfortlevelrequiredtopromptorganizationstoembraceautomatedresponseandremediationfeatures.
MARKETSHARETheworldwideSTAPsecuritymarketroseto$930millionin2014,anincreaseof126.
3%from2013.
FireEyeremainstheSTAPmarketleader,with37.
9%shareofthemarketin2014.
Itsawitsshareofthemarketdecline5.
2%basedonadditionalmarketentrantsandwidespreadavailabilityofcompetingsandboxingsolutions.
AnotablecompetitorisPaloAltoNetworksandtherapidadoptionofitssubscription-basedWildFiresandboxingservicein2014.
Table1displays2011–2019worldwiderevenueandmarketsharefortheSTAPsecuritymarket.
Tables2–4display2014revenueandmarketsharesforthetopvendorsineachsubmarket.
STAPboundaryisthelargestmarketsegment,withFireEyecontinuingtobethesoledominatingvendor.
Sandboxingtechnologieshavequicklycometomarketfromnetworksecuritycompetitorsandsecuritystart-ups.
BoundarySTAPincludesproductsfromCheckPoint,Cyphort,iBoss,Fortinet,IntelSecurity,Proofpoint,Symantec,andothers.
Italsoincludesashareofsandboxingcomponentsthatexistwithinstandalonevendoradvancedthreatdefensesolutions(seeTable3).
STAPendpointisthefastest-growingmarketsegmentandonethatisquicklyevolvingasendpointsecurityvendors,includingSymantecandIntelSecurity,addendpointadvancedthreatdetectioncapabilitiestotheirplatformstomeettheirestablishedcustomerrequirements.
Lancopehasgainedsignificantadoptionofitsadvancedthreatdetectionsolution,leveragingitscloserelationshipwithCiscoSystems.
RSAandBlueCoatareeachtransformingtheirnetworkpacketcapturingappliances,whichhadbeenfocusedfordigitalforensicsinvestigations,intobreachdetectionandanalysisplatforms(seeTable4).
2015IDC#2596675TABLE1WorldwideSpecializedThreatAnalysisandProtectionRevenuebySegment,2011–2019($M)2011201220132014201520162017201820192014–2019CAGR(%)Boundary80.
6150.
5309.
0709.
81,119.
71,444.
31,653.
41,845.
32,001.
623.
0Endpoint9.
016.
039.
0101.
8212.
7353.
2494.
4618.
0716.
947.
8Internalnetworkanalysis21.
035.
063.
0118.
4202.
5287.
6342.
2386.
7421.
528.
9Total110.
6201.
5411.
0930.
01,535.
02,085.
02,490.
02,850.
03,140.
027.
6Source:IDC,2015TABLE2WorldwideSpecializedThreatAnalysisandProtectionRevenueofBoundarySegmentbyVendor,2014Revenue($M)FireEye353AhnLab25TrendMicro25Cisco25Fidelis23Websense23IBM20Lastline20PaloAltoNetworks17Other178.
8Source:IDC,20152015IDC#2596676TABLE3WorldwideSpecializedThreatAnalysisandProtectionRevenueofEndpointSegmentbyVendor,2014Revenue($M)Bit9-CB38.
0Cylance13.
0Bromium13.
0CrowdStrike12.
0Invincea12.
0Other13.
8Source:IDC,2015TABLE4WorldwideSpecializedThreatAnalysisandProtectionRevenueofInternalNetworkAnalysisSegmentbyVendor,2014Revenue($M)Lancope50.
0IBM15.
0Damballa15.
0BlueCoat13.
0RSA13.
0Other12.
4Source:IDC,20152015IDC#2596677WHOSHAPEDTHEYEARBit9acquiredCarbonBlackatthebeginningof2014andwasabletohighlighttheeffectivenessofitsmodernwhitelistingapproachwithCarbonBlack'sendpointforensicscapabilities.
CarbonBlackhadbeentremendouslysuccessfulwithitsapproachpriortotheacquisitiongainingadoptionwithSOCpersonnelandincidentresponseteamsforitsabilitytotakeacompleteinventoryofeveryfileonanendpointsystemandmonitorforsystemchanges.
Theacquisitionshiftedattentiononwaysorganizationscanmodernizetheirendpointsecuritysolutions.
FireEyegainedattentionwiththelaunchofitsEndpointSecurity(HXSeries)appliancein2014.
ThisproductusesMandiant'sproprietarytechnologyforincidentresponderstomonitorendpointsforthreatindicatorsandalertthesecurityoperationscenterteamaboutpossiblecompromisedendpoints.
EngineersareworkingonembeddingMandiant'sMIRfunctionalityintotheHXSeries,enablingresponderstorapidlyinvestigatepotentialthreats.
TheappliancecanbepurchasedseparatelyorbeintegratedwiththeFireEyeNXSeriesappliances.
PaloAltoNetworksacquiredMortaandCyverain2014toaddendpointvisibilitytoitsportfolio.
TheresultingendpointSTAPproductcalledTrapsisdesignedtoblockattackerexploitationtechniques.
TrapsintegrateswithWildFire,PaloAlto'sSaaS-basedsandboxingservice.
CiscoSystemsacquiredThreatGRID,addingasandboxforcloud-basedsuspiciousfileanalysis.
ThecompanyalsoshowedprogressinextendingtheAdvancedMalwareProtectioncomponentofitsSourcefireacquisitionasanadd-ontoitsASAUTMappliances.
LancopeleverageditsexistingpartnershipwithCiscoSystemstogaintractionintheSTAPmarketwithitsStealthWatchSystemforadvancedthreatdetection.
Lancopecompetesagainstothervendorsintheinternalnetworkanalysissubmarket,whichisdesignedtoidentifylateralmovementwithintrackingnetworkreconnaissance,internalmalwarepropagation,commandandcontroltraffic,anddataexfiltration.
ANoteonSymantecandIntelSecurityIntelSecurityismakinggainswithitsAdvancedThreatDefenseoffering,whichconsistsofastandaloneappliance,designedtointegratewithotherproductsinitsportfolio.
IntelSecurityusesalocalblacklisttodetectknownmalwareandavirtualsandboxenvironmentforsuspiciousfileanalysis.
ItconnectstoIntelSecurity'scloud-basedGlobalThreatIntelligenceforfurtherprotection.
Symantecannouncedthatitwouldsplitintoseparatesecurityandinformationmanagementbusinessesin2014.
ThecompanyalsoannouncedplanstoinvestinitsportfolioofsecurityproductsandentertheSTAPmarketwithanAdvancedThreatProtectionproductthatintegratesitsexistingemail,networking,andendpointsolutionswithfileinspectiontechnologycalledSymantecCynic,acloud-basedsandboxenvironmentforfileinspection.
SymantecalsoleveragesatechnologyitcallsSynapsetocorrelateeventinformationbetweenthenetwork,endpoints,andemailtoprovidecontexttoalertsforincidentresponders.
MARKETCONTEXTTheSTAPmarketgainedconsiderabletractionin2014asendusersincreasedsecurityspendingtostemtheever-increasingnumberofdatabreaches.
TheTargetbreachinparticularraisedthestakesforsecurityaccountabilityastheCEOwasforcedtoresigninpartasaresultofthemassivedata2015IDC#2596678breach.
STAPproductsarerepresentingthefirstsignificantshiftinthesecuritystackinsometime,andIDCpredictsthatorganizationswillcontinuetodeploytheseproductseitherthroughon-premisesdevices,throughendpointclients,orviathecloud.
ThethreeSTAPsubsegmentsthatIDCistracking—boundary,internalnetwork,andendpoint—havestrongenterpriseinterestandadoption.
However,thesereasonsvarybasedoneachsegment:Boundary.
TheinterestinboundarydeviceshasbeenpromptedprimarilybythesuccessofFireEyeandotherstodeliversandboxingandotheridentificationtechniquesonthenetwork.
Manysecurityadministratorsareverycomfortablewithaddingsecuritydevicestothenetworkandasaresultthesedevicesfiteasilyintotheday-to-daysecurityoperationsfunction.
Internalnetwork.
InternalnetworkSTAPproductsareprimarilyfocusedonbotnetdetectionanddeterminingifmalwarehasinfectedthenetwork.
Insteadoftryingtoevaluatethetrafficflowingthroughthenetworkboundaries,internalnetworkSTAPproductsrelyonuserbehavior,flowtraffic,andDNStraffictodeterminewhetherthereismaliciousbehavioronthenetwork.
OnekeyadvantagetoutedbyinternalnetworkSTAPproductsoverboundaryproductsisareductionintheamountoffalsepositives.
Endpoint.
EndpointSTAPproductsarebeingheraldedasthenextgenerationofendpointsecurity.
Asenterpriseshavebecomemoredisillusionedwithlegacyendpointsecurityproducts,theinterestinsolutionsthatarefasterandmoreaccuratehasincreased.
EndpointSTAPvendorsareapproachingendpointsecurityusingawidevarietyofmethodstoimprovethedetectionandpreventioncapabilitiesofmalwareontheendpoint.
OtherendpointSTAPproductsaremorefocusedonanalyticscollectionandvisibilityintotheendpointandthencoordinatethatdatawithnetwork-basedproducts.
IDCdoesnotbelievethatanysingleapproachorproductwillsolveanorganization'ssecuritychallenges,butbyusingacombinationofSTAPproductswithtraditionalsecurityproducts,thatmanyblindspotscanbeeliminated.
SignificantMarketDevelopmentsSecurityvendorFireEye'scontinuedsuccesshasresultedinaninfluxofadvancedthreatdefenseofferingsthatusevirtualsandboxestoanalyzesuspiciousfilesandidentifyadvancedthreats.
Thesolutions,whichfirstappealedtolargeenterprises,haveexperiencedgrowthbycapturingabroadersegmentofthemarket,whichquicklyembracedcloud-basedsandboxingservices.
Avarietyofpure-playvendorswithsandboxingofferingscontinuetomaketheboundarysubmarketextremelylargecomparedwithendpointandinternalnetworkanalysis.
Bit9'sacquisitionofCarbonBlackhashelpedfuelinterestinmodernizingendpointdefenses,whichhavebeenrelyingheavilyonsignature-basedtechnologytodetectmalware.
Newconceptsarebeingintroducedthatincorporateendpointagentorsensortechnologytoincreasevisibilityandgiveincidentrespondersmorecontextintoalertsandcontroloverinfectedsystems.
EndpointSTAPisrapidlyevolving.
Theattentiongiventopure-playvendorshaspromptedestablishedsecurityvendorstoaddsimilarspecializedthreatanalysisandprotectioncapabilities.
Therootofmanyoftheseemergingtechnologiesisinhost-basedintrusionpreventionanddigitalforensicscapabilitiesthatidentifythreatsinunderlyingsystemmemory,abnormalapplicationfunctioncalls,andothersignsofunusualsystembehavior.
IDCisawareofAccessData,FireEyeMIR,GuidanceSoftwareEncase,RSAECAT,andotherforensicstoolsthathelprespondersgainvisibilitywhileinvestigatingthescopeofaninfection.
IDC2015IDC#2596679analystsexaminetheseproductscloselytodeterminewhetherthereisreal-timemonitoringandalertingcapabilitiesandthecustomerrequirementsandusecasesthattheproductsfulfill.
METHODOLOGYThisIDCsoftwaremarketsizingandforecastispresentedintermsofpackagedsoftwareandappliancerevenue.
IDCusesthetermpackagedsoftwaretodistinguishcommerciallyavailablesoftwarefromcustomsoftware,nottoimplythatthesoftwaremustbeshrink-wrappedorotherwiseprovidedviaphysicalmedia.
Packagedsoftwareisprogramsorcodesetsofanytypecommerciallyavailablethroughsale,lease,orrental,orasaservice.
Packagedsoftwarerevenuetypicallyincludesfeesforinitialandcontinuedright-to-usepackagedsoftwarelicenses.
Thesefeesmayinclude,aspartofthelicensecontract,accesstoproductsupportand/orotherservicesthatareinseparablefromtheright-to-uselicensefeestructure,orthissupportmaybepricedseparately.
Upgradesmaybeincludedinthecontinuingrightofuseormaybepricedseparately.
AllofthesearecountedbyIDCaspackagedsoftwarerevenue.
Appliancesaredefinedasacombinationofhardware,operatingenvironment,andapplicationsoftwarewheretheyareprovidedasasingleproduct.
Packagedsoftwarerevenueexcludesservicerevenuederivedfromtraining,consulting,andsystemsintegrationthatisseparate(orunbundled)fromtheright-to-uselicensebutdoesincludetheimplicitvalueoftheproductincludedinaservicethatofferssoftwarefunctionalitybyadifferentpricingscheme.
Itisthetotalproductrevenuethatisfurtherallocatedtomarkets,geographicareas,andoperatingenvironments.
Themarketforecastandanalysismethodologyincorporatesinformationfromfivedifferentbutinterrelatedsources,asfollows:Reportedandobservedtrendsandfinancialactivity.
Thisstudyincorporatesreportedandobservedtrendsandfinancialactivityin2014asoftheendofSeptember2015.
IDC'sSoftwareCensusinterviews.
IDCinterviewsallsignificantmarketparticipantstodetermineproductrevenue,revenuedemographics,pricing,andotherrelevantinformation.
Productbriefings,pressreleases,andotherpubliclyavailableinformation.
IDC'ssoftwareanalystsaroundtheworldmeetwithhundredsofsoftwarevendorseachyear.
Thesebriefingsprovideanopportunitytoreviewcurrentandfuturebusinessandproductstrategies,revenue,shipments,customerbases,targetmarkets,andotherkeyproductandcompetitiveinformation.
Vendorfinancialstatementsandrelatedfilings.
Althoughmanysoftwarevendorsareprivatelyheldandchoosetolimitfinancialdisclosures,informationfrompubliclyheldcompaniesprovidesasignificantbenchmarkforassessinginformalmarketestimatesfromprivatecompanies.
IDCalsobuildsdetailedinformationrelatedtoprivatecompaniesthroughin-depthanalystrelationshipsandmaintainsanextensivelibraryoffinancialandcorporateinformationfocusedontheITindustry.
Wefurthermaintaindetailedrevenuebyproductareamodelsonmorethan1,000worldwidevendors.
IDCdemand-sideresearch.
Thisincludesthousandsofinterviewswithbusinessusersofsoftwaresolutionsannuallyandprovidesapowerfulfifthperspectiveforassessingcompetitiveperformanceandmarketdynamics.
IDC'suserstrategydatabasesofferacompellingandconsistenttime-seriesviewofindustrytrendsanddevelopments.
Directconversationswithtechnologybuyersprovideaninvaluablecomplementtothebroadersurvey-basedresults.
2015IDC#25966710Ultimately,thedatapresentedinthisstudyrepresentsIDC'sbestestimatesbasedonthesedatasourcesaswellasreportedandobservedactivitybyvendorsandfurthermodelingofdatathatwebelievetobetruetofillinanyinformationgaps.
ThedatainthisstudyisderivedfromallthesesourcesandenteredintoIDC'sSoftwareMarketForecasterdatabase,whichisthenupdatedonacontinuousbasisasnewinformationregardingsoftwarevendorrevenuebecomesavailable.
Note:Allnumbersinthisdocumentmaynotbeexactduetorounding.
MARKETDEFINITIONThespecializedthreatanalysisandprotectionmarketoverlapstheendpoint,messaging,network,andWebfunctionalmarkets.
Theproductshelpprotectenterprisesfromnewmalwareattacksthatcannotbedetectedbytraditionalsignature-basedtechniques.
TheSTAPproductsuseavarietyofnon-signature-basedprotectionmethodsincluding,butnotlimitedto,sandboxing,behavioralanalysis,fileintegritymonitoring,telemetricheuristics,containerization,netflowanalysis,andthreatintelligence,whichcandetectamalwareattackorcompromisebyidentifyingattackeractivityorsubtlesystemprocesschanges.
Someoftheproductsonlydetectandalert,whileothersmaycontainmalwaretopreventitfromcausingdamage.
Althoughthesefeaturesmayappearinotherproducts,thiscategoryisonlyfordedicatedSTAPsolutions.
TheSTAPmarketismadeupofdistinguishableproductsasopposedtoembeddedfeatureswithinaproduct.
Theabilitytofindandpreventadvancedmalwareultimatelyrequiresdedicatedactivities,andinthisway,itispossibletomeasuretheextentthatenterprisesareconsciouslytakingactionstodealwithadvancedmalware.
TheSTAPmarketisacompetitivemarketthatoverlapsotherlogicalsecurityproductsmarkets(e.
g.
,IAM,network,endpoint,messaging,Web,SVM,and"other"securityproducts).
TheSTAPmarketmustbereportedseparatelyand,furthermore,notaddedtothesevenlogicalsecurityproductsmarkets,otherwisethetotalsecurityproductsmarketfigurewillbeincorrect.
RELATEDRESEARCHIDC'sForecastScenarioAssumptionsfortheICTMarketsandHistoricalMarketValuesandExchangeRates,Version3,2015(IDC#259115,September2015)WorldwideSpecializedThreatAnalysisandProtectionForecast,2015–2019:DefendingAgainsttheUnknown(IDC#256354,May2015)MarketAnalysisPerspective:WorldwideSecurityProducts,2014(IDC#252908,December2014)WorldwideITSecurityProducts2014–2018Forecastand2013VendorShares:ComprehensiveSecurityProductReview(IDC#253371,December2014)IDC'sWorldwideSecurityProductsTaxonomy,2014(IDC#250802,September2014)WorldwideSpecializedThreatAnalysisandProtection2013–2017Forecastand2012VendorShares(IDC#242346,August2013)AboutIDCInternationalDataCorporation(IDC)isthepremierglobalproviderofmarketintelligence,advisoryservices,andeventsfortheinformationtechnology,telecommunicationsandconsumertechnologymarkets.
IDChelpsITprofessionals,businessexecutives,andtheinvestmentcommunitymakefact-baseddecisionsontechnologypurchasesandbusinessstrategy.
Morethan1,100IDCanalystsprovideglobal,regional,andlocalexpertiseontechnologyandindustryopportunitiesandtrendsinover110countriesworldwide.
For50years,IDChasprovidedstrategicinsightstohelpourclientsachievetheirkeybusinessobjectives.
IDCisasubsidiaryofIDG,theworld'sleadingtechnologymedia,research,andeventscompany.
GlobalHeadquarters5SpeenStreetFramingham,MA01701USA508.
872.
8200Twitter:@IDCidc-insights-community.
comwww.
idc.
comCopyrightNoticeThisIDCresearchdocumentwaspublishedaspartofanIDCcontinuousintelligenceservice,providingwrittenresearch,analystinteractions,telebriefings,andconferences.
Visitwww.
idc.
comtolearnmoreaboutIDCsubscriptionandconsultingservices.
ToviewalistofIDCofficesworldwide,visitwww.
idc.
com/offices.
PleasecontacttheIDCHotlineat800.
343.
4952,ext.
7988(or+1.
508.
988.
7988)orsales@idc.
comforinformationonapplyingthepriceofthisdocumenttowardthepurchaseofanIDCserviceorforinformationonadditionalcopiesorWebrights.
[trademark]Copyright2015IDC.
Reproductionisforbiddenunlessauthorized.
Allrightsreserved.
- tierfilemarkets.com相关文档
- promotefilemarkets.com
- Imagefilemarkets.com
- grantedfilemarkets.com
- householdsfilemarkets.com
- indexesfilemarkets.com
- Sourcefilemarkets.com
spinservers春节优惠:$149/月10Gbps圣何塞服务器-2*E5-2630Lv3 CPU,256G内存,2*1.6T SSD硬盘
spinservers是Majestic Hosting Solutions LLC旗下站点,商家提供国外服务器租用和Hybrid Dedicated等产品,数据中心包括美国达拉斯和圣何塞机房,机器默认10Gbps端口带宽,高配置硬件,支持使用PayPal、信用卡、支付宝或者微信等付款方式。农历春节之际,商家推出了几款特别促销配置,最低双路E5-2630Lv3机器每月149美元起,下面列出几款机器...
tmhhost:暑假快乐,全高端线路,VPS直接8折,200G高防,美国gia日本软银韩国cn2香港cn2大带宽
tmhhost为2021年暑假开启了全场大促销,全部都是高端线路的VPS,速度快有保障。美国洛杉矶CN2 GIA+200G高防、洛杉矶三网CN2 GIA、洛杉矶CERA机房CN2 GIA,日本软银(100M带宽)、香港BGP直连200M带宽、香港三网CN2 GIA、韩国双向CN2。本次活动结束于8月31日。官方网站:https://www.tmhhost.com8折优惠码:TMH-SUMMER日本...
Pia云服务香港月20元游戏提供香港CN2云服务器
Pia云商家在前面有介绍过一次,根据市面上的信息是2018的开办的国人商家,原名叫哔哔云,目前整合到了魔方云平台。这个云服务商家主要销售云服务器VPS主机业务和服务,云服务器采用KVM虚拟架构 。目前涉及的机房有美国洛杉矶、中国香港和深圳地区。洛杉矶为crea机房,三网回程CN2 GIA,自带20G防御。中国香港机房的线路也是CN2直连大陆,比较适合建站或者有游戏业务需求的用户群。在这篇文章中,简...
filemarkets.com为你推荐
-
brandoff淘宝上的代购奢侈品都是真品吗?12306崩溃iphone 12306网络错误Baby被问婚变绯闻小s在黄晓明婚礼上问了什么问题bbs.99nets.com做一款即时通讯软件难吗 像hi qq这类的刘祚天Mc浩然的资料以及百科谁知道?罗伦佐娜罗拉芳娜 (西班牙小姐)谁可以简单的介绍以下月神谭求几个个性网名:seo优化工具SEO优化工具哪个好用点啊?www.5ff.comhttp://www.940777.com/网站,是不是真的网投六合789se.comwuwu8.com这个站长是谁?