tierfilemarkets.com
filemarkets.com 时间:2021-03-21 阅读:()
October2015,IDC#259667MarketShareWorldwideSpecializedThreatAnalysisandProtectionMarketShares,2014:RapidlyEvolvingSecurityDefensesRobertWesterveltPeteLindstromRobAyoubElizabethCorrIDCMARKETSHAREFIGUREFIGURE1WorldwideSpecializedThreatAnalysisandProtection2014ShareSnapshotNote:2014Share(%),Growth(%),andRevenue($M)Source:IDC,20152015IDC#2596672EXECUTIVESUMMARYThespecializedthreatanalysisandprotection(STAP)marketcontinuedtogaintractionin2014withwidespreadadoptionofSaaSandon-premisessandboxesandarenewedfocusonemergingendpointsecuritytechnologies.
Organizationsarealsoincreasinglyevaluatingnetworkinspectionsolutionsdesignedtodetectattackermovementtosensitiveresources.
SignificantSTAPtrendsare:Vendorsconvertingproofofconcepts(POCs).
SecurityvendorsconvertedasignificantnumberofSTAPproofofconceptsin2014.
IDCestimatesthatthemarketin2014hadrevenueof$930million.
Itisforecasttogrowtoover$3billionby2019,withatotalmarketCAGRof27.
6%.
Identifyingattackermovement.
High-profileattacks,databreaches,andcriticalvulnerabilitiesin2013and2014droveinterestinNetFlowandotherproductsdesignedtodetectlateralmovementwithinacorporatenetwork.
FireEye,Lancope,IBM,andBit9-CarbonBlackwerethetop4securityvendorssellingSTAPsolutionsin2014.
Callingforincidentresponse(IR)support.
EarlyadoptersofSTAPsolutionssoughtincidentresponseexpertise,increasingdemandfordigitalforensicsspecialists,databreachsupport,andotherprofessionalservices.
Vendorsrespondedbyaddingorbolsteringtheirservicesofferingsin2014.
IDCbelievesthatemergingendpointsolutionsdesignedtodetectadvancedthreatswillgainmomentum.
Vendorsarecombiningmonitoringwithbehavioralanalyticswithothernon-signature-baseddetectioncapabilitiestoidentifyzerodays.
ThereissomeevidencethatendcustomersarebeginningtoshedstandardantivirusinfavorofsomeendpointSTAPsolutions.
TheSTAPmarketwillcontinuetoevolvewithestablishedsecurityvendorsaddingSTAPfeaturestotheirportfolioorganicallyoracquiringemergingSTAPsolutions.
In2014,PaloAltoNetworksacquiredIsraelistart-upCyveraforanestimated$200millionand,laterintheyear,introducedTraps,aSTAPendpointproductthatintegrateswithitsWildFirefilesandboxingservice.
CiscoSystemsacquiredThreatGRID,addingsuspiciousfileanalysissandboxingcapabilitiestoitsportfolio.
FireEyefurtherbuiltoutitsportfoliowiththeacquisitionofnPulseTechnologiestosupportforensicsandthreatremediationactivities.
ThisIDCstudyexaminesthecompetitivemarketforthisspecializedsecuritytechnology.
Itaimstoidentifythemarketleadersandsignificanttrendsthatwillimpactthebroadermarketforsecurityproductsandservices.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware.
"Thespecializedthreatanalysisandprotectionmarketisrapidlyevolving,withestablishedvendorsaddingSTAPofferingsthatcompeteagainstagrowingcadreofsecuritystart-ups.
Theinnovativesecuritytechnologiesinthismarketmodernizemanyoftheoutdatedapproachesthatattackersareeasilybypassingtoday.
OrganizationsareshowingsignificantinterestandadoptionofSTAPproductstoaddressthegrowingneedforadvancedthreatdetection.
"—RobertWestervelt,researchmanager,SecurityProducts,IDC2015IDC#2596673ADVICEFORTECHNOLOGYSUPPLIERSThespecializedthreatanalysisandprotectionmarketcontinuestobechallengingforvendors,buyers,andsaleschannelresellers.
ThecompetitivemarketcontinuestoevolvewithSTAPsecurityproductsoftenoverlappingavarietyofadjacentsecuritytechnologyareas.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware,sophisticatedattacktechniques,andotheractivityassociatedwithadvancedpersistentthreats.
Theproductsmustnotbesignaturebased.
BuyersareseekingtobolstertheirexistingsecurityinfrastructurebymakinganinvestmentinproductsdesignedtodetectadvancedthreatsfromeachofthethreeSTAPsubmarkets:endpoint,boundary,andinternalnetworkanalysis.
Somevendorsolutionsprovidefunctionalityfromeachofthesubmarkets,integratingemulationproductsdesignedtoanalyzesuspiciousfileswithbehavioralanalysistoidentifyfunctioncallsandsuspiciousfileactivityontheendpoint,andnetworkanalysistodetectattackerreconnaissanceactivityandlateralmovementwithinthenetwork.
EndpointSTAPproductsusebehavioralanalysisofmemoryandapplicationoperations.
Itprimarilyconsistsofanagentorsensorondevicesthatmonitorsystemprocessesandfilesforsignsofanomalousbehaviororattempttopreventsuspiciousfilesfromexecuting.
IDCanticipatesfutureconsolidationoftheendpointSTAPsubmarket,withtraditionalendpointsecurityvendorsaddingSTAPendpointcapabilitiestotheirplatforms.
BoundarySTAPproductsconsistmainlyofvirtualsandboxing/emulationandbehavioralanalysistechnologies.
Thesesafezonesareusedtodetonateandmonitorthebehaviorofsuspiciousfiles,whicharedesignedtoevadesignature-baseddefenses.
BuyershaveincreasinglypurchasedSaaS-basedsandboxingservices,buton-premisesandhybriddeploymentsarealsocommonwithenterprisecustomers.
InternalnetworkanalysisSTAPproductsmonitornetworkflowtodetectindicationsofattackerreconnaissanceactivity,malwaremovement,andbotnetormalwarecommandandcontrolactivity.
Productsshouldbeequippedtohelpresponderspinpointendpointinfectionsandinterruptcommandandcontrolcommunicationprovidecontexttoincidentresponders.
ThestrongestSTAPsolutionsappeartocomefromvendorsthathavecreatedstrongtechnologypartnerships,andIDChasdeterminedthatasecurityvendor'stechnologypartnerecosystemisbeingexaminedthoroughlyinproductevaluations.
Toremaincompetitive,securityvendorsshouldalsoconsiderthefollowingrecommendations:Strikekeydifferentiators:ProductevaluationsarebecomingasignificantchallengeforbuyersplanningtoadoptSTAPtechnology.
ChannelresellersarealsostrainedwhenattemptingtodetermineifaSTAPproductcanfitintheirportfoliowithoutconflictingwithtop-tiertechnologypartners.
Makeclearalldifferentiatingmanagementfeaturesandcapabilitiesagainstcompetitivesolutions.
Expanddeploymentoptions:Akeybuyingrequirementistheabilitytointegrateproductswithexistingsecurityinfrastructure.
ThisrequirementmayresultintheneedforfullSaaS,on-premises,oramixtureofSaaSandon-premisessolutions.
Whileusabilityandeffortlessdeploymentareadvantageous,buyersarealsochoosingSTAPsolutionswithflexibledeploymentmodels.
2015IDC#2596674Createservicesofferings:Ananalysisofearlyadopterbuyingbehaviorsfoundthatvendorservicesofferingsarenotaprimarybuyingrequirement;however,asecondinquirywithcustomersidentifiedasignificantneedforfollow-upservicesengagements.
Theservicesrequirementwaspromptedbyalackofroutinemaintenance,deficientincidentresponseprocesses,andpoorlyconfigureddeployments.
Developriskscoringmodels:BuyingtrendssuggesttheadditionofaconfigurableriskscoringmethodologytoassistrespondersinprioritizingalertscapturestheattentionofC-suiteexecutivesduringsalesengagements.
Despitethegrowingnumberofrisk-basedscoringcapabilitiesincorporatedintosecurityproducts,STAPvendorscanuseriskscoringasaproductdifferentiator.
Itcouldalsofosterthecomfortlevelrequiredtopromptorganizationstoembraceautomatedresponseandremediationfeatures.
MARKETSHARETheworldwideSTAPsecuritymarketroseto$930millionin2014,anincreaseof126.
3%from2013.
FireEyeremainstheSTAPmarketleader,with37.
9%shareofthemarketin2014.
Itsawitsshareofthemarketdecline5.
2%basedonadditionalmarketentrantsandwidespreadavailabilityofcompetingsandboxingsolutions.
AnotablecompetitorisPaloAltoNetworksandtherapidadoptionofitssubscription-basedWildFiresandboxingservicein2014.
Table1displays2011–2019worldwiderevenueandmarketsharefortheSTAPsecuritymarket.
Tables2–4display2014revenueandmarketsharesforthetopvendorsineachsubmarket.
STAPboundaryisthelargestmarketsegment,withFireEyecontinuingtobethesoledominatingvendor.
Sandboxingtechnologieshavequicklycometomarketfromnetworksecuritycompetitorsandsecuritystart-ups.
BoundarySTAPincludesproductsfromCheckPoint,Cyphort,iBoss,Fortinet,IntelSecurity,Proofpoint,Symantec,andothers.
Italsoincludesashareofsandboxingcomponentsthatexistwithinstandalonevendoradvancedthreatdefensesolutions(seeTable3).
STAPendpointisthefastest-growingmarketsegmentandonethatisquicklyevolvingasendpointsecurityvendors,includingSymantecandIntelSecurity,addendpointadvancedthreatdetectioncapabilitiestotheirplatformstomeettheirestablishedcustomerrequirements.
Lancopehasgainedsignificantadoptionofitsadvancedthreatdetectionsolution,leveragingitscloserelationshipwithCiscoSystems.
RSAandBlueCoatareeachtransformingtheirnetworkpacketcapturingappliances,whichhadbeenfocusedfordigitalforensicsinvestigations,intobreachdetectionandanalysisplatforms(seeTable4).
2015IDC#2596675TABLE1WorldwideSpecializedThreatAnalysisandProtectionRevenuebySegment,2011–2019($M)2011201220132014201520162017201820192014–2019CAGR(%)Boundary80.
6150.
5309.
0709.
81,119.
71,444.
31,653.
41,845.
32,001.
623.
0Endpoint9.
016.
039.
0101.
8212.
7353.
2494.
4618.
0716.
947.
8Internalnetworkanalysis21.
035.
063.
0118.
4202.
5287.
6342.
2386.
7421.
528.
9Total110.
6201.
5411.
0930.
01,535.
02,085.
02,490.
02,850.
03,140.
027.
6Source:IDC,2015TABLE2WorldwideSpecializedThreatAnalysisandProtectionRevenueofBoundarySegmentbyVendor,2014Revenue($M)FireEye353AhnLab25TrendMicro25Cisco25Fidelis23Websense23IBM20Lastline20PaloAltoNetworks17Other178.
8Source:IDC,20152015IDC#2596676TABLE3WorldwideSpecializedThreatAnalysisandProtectionRevenueofEndpointSegmentbyVendor,2014Revenue($M)Bit9-CB38.
0Cylance13.
0Bromium13.
0CrowdStrike12.
0Invincea12.
0Other13.
8Source:IDC,2015TABLE4WorldwideSpecializedThreatAnalysisandProtectionRevenueofInternalNetworkAnalysisSegmentbyVendor,2014Revenue($M)Lancope50.
0IBM15.
0Damballa15.
0BlueCoat13.
0RSA13.
0Other12.
4Source:IDC,20152015IDC#2596677WHOSHAPEDTHEYEARBit9acquiredCarbonBlackatthebeginningof2014andwasabletohighlighttheeffectivenessofitsmodernwhitelistingapproachwithCarbonBlack'sendpointforensicscapabilities.
CarbonBlackhadbeentremendouslysuccessfulwithitsapproachpriortotheacquisitiongainingadoptionwithSOCpersonnelandincidentresponseteamsforitsabilitytotakeacompleteinventoryofeveryfileonanendpointsystemandmonitorforsystemchanges.
Theacquisitionshiftedattentiononwaysorganizationscanmodernizetheirendpointsecuritysolutions.
FireEyegainedattentionwiththelaunchofitsEndpointSecurity(HXSeries)appliancein2014.
ThisproductusesMandiant'sproprietarytechnologyforincidentresponderstomonitorendpointsforthreatindicatorsandalertthesecurityoperationscenterteamaboutpossiblecompromisedendpoints.
EngineersareworkingonembeddingMandiant'sMIRfunctionalityintotheHXSeries,enablingresponderstorapidlyinvestigatepotentialthreats.
TheappliancecanbepurchasedseparatelyorbeintegratedwiththeFireEyeNXSeriesappliances.
PaloAltoNetworksacquiredMortaandCyverain2014toaddendpointvisibilitytoitsportfolio.
TheresultingendpointSTAPproductcalledTrapsisdesignedtoblockattackerexploitationtechniques.
TrapsintegrateswithWildFire,PaloAlto'sSaaS-basedsandboxingservice.
CiscoSystemsacquiredThreatGRID,addingasandboxforcloud-basedsuspiciousfileanalysis.
ThecompanyalsoshowedprogressinextendingtheAdvancedMalwareProtectioncomponentofitsSourcefireacquisitionasanadd-ontoitsASAUTMappliances.
LancopeleverageditsexistingpartnershipwithCiscoSystemstogaintractionintheSTAPmarketwithitsStealthWatchSystemforadvancedthreatdetection.
Lancopecompetesagainstothervendorsintheinternalnetworkanalysissubmarket,whichisdesignedtoidentifylateralmovementwithintrackingnetworkreconnaissance,internalmalwarepropagation,commandandcontroltraffic,anddataexfiltration.
ANoteonSymantecandIntelSecurityIntelSecurityismakinggainswithitsAdvancedThreatDefenseoffering,whichconsistsofastandaloneappliance,designedtointegratewithotherproductsinitsportfolio.
IntelSecurityusesalocalblacklisttodetectknownmalwareandavirtualsandboxenvironmentforsuspiciousfileanalysis.
ItconnectstoIntelSecurity'scloud-basedGlobalThreatIntelligenceforfurtherprotection.
Symantecannouncedthatitwouldsplitintoseparatesecurityandinformationmanagementbusinessesin2014.
ThecompanyalsoannouncedplanstoinvestinitsportfolioofsecurityproductsandentertheSTAPmarketwithanAdvancedThreatProtectionproductthatintegratesitsexistingemail,networking,andendpointsolutionswithfileinspectiontechnologycalledSymantecCynic,acloud-basedsandboxenvironmentforfileinspection.
SymantecalsoleveragesatechnologyitcallsSynapsetocorrelateeventinformationbetweenthenetwork,endpoints,andemailtoprovidecontexttoalertsforincidentresponders.
MARKETCONTEXTTheSTAPmarketgainedconsiderabletractionin2014asendusersincreasedsecurityspendingtostemtheever-increasingnumberofdatabreaches.
TheTargetbreachinparticularraisedthestakesforsecurityaccountabilityastheCEOwasforcedtoresigninpartasaresultofthemassivedata2015IDC#2596678breach.
STAPproductsarerepresentingthefirstsignificantshiftinthesecuritystackinsometime,andIDCpredictsthatorganizationswillcontinuetodeploytheseproductseitherthroughon-premisesdevices,throughendpointclients,orviathecloud.
ThethreeSTAPsubsegmentsthatIDCistracking—boundary,internalnetwork,andendpoint—havestrongenterpriseinterestandadoption.
However,thesereasonsvarybasedoneachsegment:Boundary.
TheinterestinboundarydeviceshasbeenpromptedprimarilybythesuccessofFireEyeandotherstodeliversandboxingandotheridentificationtechniquesonthenetwork.
Manysecurityadministratorsareverycomfortablewithaddingsecuritydevicestothenetworkandasaresultthesedevicesfiteasilyintotheday-to-daysecurityoperationsfunction.
Internalnetwork.
InternalnetworkSTAPproductsareprimarilyfocusedonbotnetdetectionanddeterminingifmalwarehasinfectedthenetwork.
Insteadoftryingtoevaluatethetrafficflowingthroughthenetworkboundaries,internalnetworkSTAPproductsrelyonuserbehavior,flowtraffic,andDNStraffictodeterminewhetherthereismaliciousbehavioronthenetwork.
OnekeyadvantagetoutedbyinternalnetworkSTAPproductsoverboundaryproductsisareductionintheamountoffalsepositives.
Endpoint.
EndpointSTAPproductsarebeingheraldedasthenextgenerationofendpointsecurity.
Asenterpriseshavebecomemoredisillusionedwithlegacyendpointsecurityproducts,theinterestinsolutionsthatarefasterandmoreaccuratehasincreased.
EndpointSTAPvendorsareapproachingendpointsecurityusingawidevarietyofmethodstoimprovethedetectionandpreventioncapabilitiesofmalwareontheendpoint.
OtherendpointSTAPproductsaremorefocusedonanalyticscollectionandvisibilityintotheendpointandthencoordinatethatdatawithnetwork-basedproducts.
IDCdoesnotbelievethatanysingleapproachorproductwillsolveanorganization'ssecuritychallenges,butbyusingacombinationofSTAPproductswithtraditionalsecurityproducts,thatmanyblindspotscanbeeliminated.
SignificantMarketDevelopmentsSecurityvendorFireEye'scontinuedsuccesshasresultedinaninfluxofadvancedthreatdefenseofferingsthatusevirtualsandboxestoanalyzesuspiciousfilesandidentifyadvancedthreats.
Thesolutions,whichfirstappealedtolargeenterprises,haveexperiencedgrowthbycapturingabroadersegmentofthemarket,whichquicklyembracedcloud-basedsandboxingservices.
Avarietyofpure-playvendorswithsandboxingofferingscontinuetomaketheboundarysubmarketextremelylargecomparedwithendpointandinternalnetworkanalysis.
Bit9'sacquisitionofCarbonBlackhashelpedfuelinterestinmodernizingendpointdefenses,whichhavebeenrelyingheavilyonsignature-basedtechnologytodetectmalware.
Newconceptsarebeingintroducedthatincorporateendpointagentorsensortechnologytoincreasevisibilityandgiveincidentrespondersmorecontextintoalertsandcontroloverinfectedsystems.
EndpointSTAPisrapidlyevolving.
Theattentiongiventopure-playvendorshaspromptedestablishedsecurityvendorstoaddsimilarspecializedthreatanalysisandprotectioncapabilities.
Therootofmanyoftheseemergingtechnologiesisinhost-basedintrusionpreventionanddigitalforensicscapabilitiesthatidentifythreatsinunderlyingsystemmemory,abnormalapplicationfunctioncalls,andothersignsofunusualsystembehavior.
IDCisawareofAccessData,FireEyeMIR,GuidanceSoftwareEncase,RSAECAT,andotherforensicstoolsthathelprespondersgainvisibilitywhileinvestigatingthescopeofaninfection.
IDC2015IDC#2596679analystsexaminetheseproductscloselytodeterminewhetherthereisreal-timemonitoringandalertingcapabilitiesandthecustomerrequirementsandusecasesthattheproductsfulfill.
METHODOLOGYThisIDCsoftwaremarketsizingandforecastispresentedintermsofpackagedsoftwareandappliancerevenue.
IDCusesthetermpackagedsoftwaretodistinguishcommerciallyavailablesoftwarefromcustomsoftware,nottoimplythatthesoftwaremustbeshrink-wrappedorotherwiseprovidedviaphysicalmedia.
Packagedsoftwareisprogramsorcodesetsofanytypecommerciallyavailablethroughsale,lease,orrental,orasaservice.
Packagedsoftwarerevenuetypicallyincludesfeesforinitialandcontinuedright-to-usepackagedsoftwarelicenses.
Thesefeesmayinclude,aspartofthelicensecontract,accesstoproductsupportand/orotherservicesthatareinseparablefromtheright-to-uselicensefeestructure,orthissupportmaybepricedseparately.
Upgradesmaybeincludedinthecontinuingrightofuseormaybepricedseparately.
AllofthesearecountedbyIDCaspackagedsoftwarerevenue.
Appliancesaredefinedasacombinationofhardware,operatingenvironment,andapplicationsoftwarewheretheyareprovidedasasingleproduct.
Packagedsoftwarerevenueexcludesservicerevenuederivedfromtraining,consulting,andsystemsintegrationthatisseparate(orunbundled)fromtheright-to-uselicensebutdoesincludetheimplicitvalueoftheproductincludedinaservicethatofferssoftwarefunctionalitybyadifferentpricingscheme.
Itisthetotalproductrevenuethatisfurtherallocatedtomarkets,geographicareas,andoperatingenvironments.
Themarketforecastandanalysismethodologyincorporatesinformationfromfivedifferentbutinterrelatedsources,asfollows:Reportedandobservedtrendsandfinancialactivity.
Thisstudyincorporatesreportedandobservedtrendsandfinancialactivityin2014asoftheendofSeptember2015.
IDC'sSoftwareCensusinterviews.
IDCinterviewsallsignificantmarketparticipantstodetermineproductrevenue,revenuedemographics,pricing,andotherrelevantinformation.
Productbriefings,pressreleases,andotherpubliclyavailableinformation.
IDC'ssoftwareanalystsaroundtheworldmeetwithhundredsofsoftwarevendorseachyear.
Thesebriefingsprovideanopportunitytoreviewcurrentandfuturebusinessandproductstrategies,revenue,shipments,customerbases,targetmarkets,andotherkeyproductandcompetitiveinformation.
Vendorfinancialstatementsandrelatedfilings.
Althoughmanysoftwarevendorsareprivatelyheldandchoosetolimitfinancialdisclosures,informationfrompubliclyheldcompaniesprovidesasignificantbenchmarkforassessinginformalmarketestimatesfromprivatecompanies.
IDCalsobuildsdetailedinformationrelatedtoprivatecompaniesthroughin-depthanalystrelationshipsandmaintainsanextensivelibraryoffinancialandcorporateinformationfocusedontheITindustry.
Wefurthermaintaindetailedrevenuebyproductareamodelsonmorethan1,000worldwidevendors.
IDCdemand-sideresearch.
Thisincludesthousandsofinterviewswithbusinessusersofsoftwaresolutionsannuallyandprovidesapowerfulfifthperspectiveforassessingcompetitiveperformanceandmarketdynamics.
IDC'suserstrategydatabasesofferacompellingandconsistenttime-seriesviewofindustrytrendsanddevelopments.
Directconversationswithtechnologybuyersprovideaninvaluablecomplementtothebroadersurvey-basedresults.
2015IDC#25966710Ultimately,thedatapresentedinthisstudyrepresentsIDC'sbestestimatesbasedonthesedatasourcesaswellasreportedandobservedactivitybyvendorsandfurthermodelingofdatathatwebelievetobetruetofillinanyinformationgaps.
ThedatainthisstudyisderivedfromallthesesourcesandenteredintoIDC'sSoftwareMarketForecasterdatabase,whichisthenupdatedonacontinuousbasisasnewinformationregardingsoftwarevendorrevenuebecomesavailable.
Note:Allnumbersinthisdocumentmaynotbeexactduetorounding.
MARKETDEFINITIONThespecializedthreatanalysisandprotectionmarketoverlapstheendpoint,messaging,network,andWebfunctionalmarkets.
Theproductshelpprotectenterprisesfromnewmalwareattacksthatcannotbedetectedbytraditionalsignature-basedtechniques.
TheSTAPproductsuseavarietyofnon-signature-basedprotectionmethodsincluding,butnotlimitedto,sandboxing,behavioralanalysis,fileintegritymonitoring,telemetricheuristics,containerization,netflowanalysis,andthreatintelligence,whichcandetectamalwareattackorcompromisebyidentifyingattackeractivityorsubtlesystemprocesschanges.
Someoftheproductsonlydetectandalert,whileothersmaycontainmalwaretopreventitfromcausingdamage.
Althoughthesefeaturesmayappearinotherproducts,thiscategoryisonlyfordedicatedSTAPsolutions.
TheSTAPmarketismadeupofdistinguishableproductsasopposedtoembeddedfeatureswithinaproduct.
Theabilitytofindandpreventadvancedmalwareultimatelyrequiresdedicatedactivities,andinthisway,itispossibletomeasuretheextentthatenterprisesareconsciouslytakingactionstodealwithadvancedmalware.
TheSTAPmarketisacompetitivemarketthatoverlapsotherlogicalsecurityproductsmarkets(e.
g.
,IAM,network,endpoint,messaging,Web,SVM,and"other"securityproducts).
TheSTAPmarketmustbereportedseparatelyand,furthermore,notaddedtothesevenlogicalsecurityproductsmarkets,otherwisethetotalsecurityproductsmarketfigurewillbeincorrect.
RELATEDRESEARCHIDC'sForecastScenarioAssumptionsfortheICTMarketsandHistoricalMarketValuesandExchangeRates,Version3,2015(IDC#259115,September2015)WorldwideSpecializedThreatAnalysisandProtectionForecast,2015–2019:DefendingAgainsttheUnknown(IDC#256354,May2015)MarketAnalysisPerspective:WorldwideSecurityProducts,2014(IDC#252908,December2014)WorldwideITSecurityProducts2014–2018Forecastand2013VendorShares:ComprehensiveSecurityProductReview(IDC#253371,December2014)IDC'sWorldwideSecurityProductsTaxonomy,2014(IDC#250802,September2014)WorldwideSpecializedThreatAnalysisandProtection2013–2017Forecastand2012VendorShares(IDC#242346,August2013)AboutIDCInternationalDataCorporation(IDC)isthepremierglobalproviderofmarketintelligence,advisoryservices,andeventsfortheinformationtechnology,telecommunicationsandconsumertechnologymarkets.
IDChelpsITprofessionals,businessexecutives,andtheinvestmentcommunitymakefact-baseddecisionsontechnologypurchasesandbusinessstrategy.
Morethan1,100IDCanalystsprovideglobal,regional,andlocalexpertiseontechnologyandindustryopportunitiesandtrendsinover110countriesworldwide.
For50years,IDChasprovidedstrategicinsightstohelpourclientsachievetheirkeybusinessobjectives.
IDCisasubsidiaryofIDG,theworld'sleadingtechnologymedia,research,andeventscompany.
GlobalHeadquarters5SpeenStreetFramingham,MA01701USA508.
872.
8200Twitter:@IDCidc-insights-community.
comwww.
idc.
comCopyrightNoticeThisIDCresearchdocumentwaspublishedaspartofanIDCcontinuousintelligenceservice,providingwrittenresearch,analystinteractions,telebriefings,andconferences.
Visitwww.
idc.
comtolearnmoreaboutIDCsubscriptionandconsultingservices.
ToviewalistofIDCofficesworldwide,visitwww.
idc.
com/offices.
PleasecontacttheIDCHotlineat800.
343.
4952,ext.
7988(or+1.
508.
988.
7988)orsales@idc.
comforinformationonapplyingthepriceofthisdocumenttowardthepurchaseofanIDCserviceorforinformationonadditionalcopiesorWebrights.
[trademark]Copyright2015IDC.
Reproductionisforbiddenunlessauthorized.
Allrightsreserved.
Organizationsarealsoincreasinglyevaluatingnetworkinspectionsolutionsdesignedtodetectattackermovementtosensitiveresources.
SignificantSTAPtrendsare:Vendorsconvertingproofofconcepts(POCs).
SecurityvendorsconvertedasignificantnumberofSTAPproofofconceptsin2014.
IDCestimatesthatthemarketin2014hadrevenueof$930million.
Itisforecasttogrowtoover$3billionby2019,withatotalmarketCAGRof27.
6%.
Identifyingattackermovement.
High-profileattacks,databreaches,andcriticalvulnerabilitiesin2013and2014droveinterestinNetFlowandotherproductsdesignedtodetectlateralmovementwithinacorporatenetwork.
FireEye,Lancope,IBM,andBit9-CarbonBlackwerethetop4securityvendorssellingSTAPsolutionsin2014.
Callingforincidentresponse(IR)support.
EarlyadoptersofSTAPsolutionssoughtincidentresponseexpertise,increasingdemandfordigitalforensicsspecialists,databreachsupport,andotherprofessionalservices.
Vendorsrespondedbyaddingorbolsteringtheirservicesofferingsin2014.
IDCbelievesthatemergingendpointsolutionsdesignedtodetectadvancedthreatswillgainmomentum.
Vendorsarecombiningmonitoringwithbehavioralanalyticswithothernon-signature-baseddetectioncapabilitiestoidentifyzerodays.
ThereissomeevidencethatendcustomersarebeginningtoshedstandardantivirusinfavorofsomeendpointSTAPsolutions.
TheSTAPmarketwillcontinuetoevolvewithestablishedsecurityvendorsaddingSTAPfeaturestotheirportfolioorganicallyoracquiringemergingSTAPsolutions.
In2014,PaloAltoNetworksacquiredIsraelistart-upCyveraforanestimated$200millionand,laterintheyear,introducedTraps,aSTAPendpointproductthatintegrateswithitsWildFirefilesandboxingservice.
CiscoSystemsacquiredThreatGRID,addingsuspiciousfileanalysissandboxingcapabilitiestoitsportfolio.
FireEyefurtherbuiltoutitsportfoliowiththeacquisitionofnPulseTechnologiestosupportforensicsandthreatremediationactivities.
ThisIDCstudyexaminesthecompetitivemarketforthisspecializedsecuritytechnology.
Itaimstoidentifythemarketleadersandsignificanttrendsthatwillimpactthebroadermarketforsecurityproductsandservices.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware.
"Thespecializedthreatanalysisandprotectionmarketisrapidlyevolving,withestablishedvendorsaddingSTAPofferingsthatcompeteagainstagrowingcadreofsecuritystart-ups.
Theinnovativesecuritytechnologiesinthismarketmodernizemanyoftheoutdatedapproachesthatattackersareeasilybypassingtoday.
OrganizationsareshowingsignificantinterestandadoptionofSTAPproductstoaddressthegrowingneedforadvancedthreatdetection.
"—RobertWestervelt,researchmanager,SecurityProducts,IDC2015IDC#2596673ADVICEFORTECHNOLOGYSUPPLIERSThespecializedthreatanalysisandprotectionmarketcontinuestobechallengingforvendors,buyers,andsaleschannelresellers.
ThecompetitivemarketcontinuestoevolvewithSTAPsecurityproductsoftenoverlappingavarietyofadjacentsecuritytechnologyareas.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware,sophisticatedattacktechniques,andotheractivityassociatedwithadvancedpersistentthreats.
Theproductsmustnotbesignaturebased.
BuyersareseekingtobolstertheirexistingsecurityinfrastructurebymakinganinvestmentinproductsdesignedtodetectadvancedthreatsfromeachofthethreeSTAPsubmarkets:endpoint,boundary,andinternalnetworkanalysis.
Somevendorsolutionsprovidefunctionalityfromeachofthesubmarkets,integratingemulationproductsdesignedtoanalyzesuspiciousfileswithbehavioralanalysistoidentifyfunctioncallsandsuspiciousfileactivityontheendpoint,andnetworkanalysistodetectattackerreconnaissanceactivityandlateralmovementwithinthenetwork.
EndpointSTAPproductsusebehavioralanalysisofmemoryandapplicationoperations.
Itprimarilyconsistsofanagentorsensorondevicesthatmonitorsystemprocessesandfilesforsignsofanomalousbehaviororattempttopreventsuspiciousfilesfromexecuting.
IDCanticipatesfutureconsolidationoftheendpointSTAPsubmarket,withtraditionalendpointsecurityvendorsaddingSTAPendpointcapabilitiestotheirplatforms.
BoundarySTAPproductsconsistmainlyofvirtualsandboxing/emulationandbehavioralanalysistechnologies.
Thesesafezonesareusedtodetonateandmonitorthebehaviorofsuspiciousfiles,whicharedesignedtoevadesignature-baseddefenses.
BuyershaveincreasinglypurchasedSaaS-basedsandboxingservices,buton-premisesandhybriddeploymentsarealsocommonwithenterprisecustomers.
InternalnetworkanalysisSTAPproductsmonitornetworkflowtodetectindicationsofattackerreconnaissanceactivity,malwaremovement,andbotnetormalwarecommandandcontrolactivity.
Productsshouldbeequippedtohelpresponderspinpointendpointinfectionsandinterruptcommandandcontrolcommunicationprovidecontexttoincidentresponders.
ThestrongestSTAPsolutionsappeartocomefromvendorsthathavecreatedstrongtechnologypartnerships,andIDChasdeterminedthatasecurityvendor'stechnologypartnerecosystemisbeingexaminedthoroughlyinproductevaluations.
Toremaincompetitive,securityvendorsshouldalsoconsiderthefollowingrecommendations:Strikekeydifferentiators:ProductevaluationsarebecomingasignificantchallengeforbuyersplanningtoadoptSTAPtechnology.
ChannelresellersarealsostrainedwhenattemptingtodetermineifaSTAPproductcanfitintheirportfoliowithoutconflictingwithtop-tiertechnologypartners.
Makeclearalldifferentiatingmanagementfeaturesandcapabilitiesagainstcompetitivesolutions.
Expanddeploymentoptions:Akeybuyingrequirementistheabilitytointegrateproductswithexistingsecurityinfrastructure.
ThisrequirementmayresultintheneedforfullSaaS,on-premises,oramixtureofSaaSandon-premisessolutions.
Whileusabilityandeffortlessdeploymentareadvantageous,buyersarealsochoosingSTAPsolutionswithflexibledeploymentmodels.
2015IDC#2596674Createservicesofferings:Ananalysisofearlyadopterbuyingbehaviorsfoundthatvendorservicesofferingsarenotaprimarybuyingrequirement;however,asecondinquirywithcustomersidentifiedasignificantneedforfollow-upservicesengagements.
Theservicesrequirementwaspromptedbyalackofroutinemaintenance,deficientincidentresponseprocesses,andpoorlyconfigureddeployments.
Developriskscoringmodels:BuyingtrendssuggesttheadditionofaconfigurableriskscoringmethodologytoassistrespondersinprioritizingalertscapturestheattentionofC-suiteexecutivesduringsalesengagements.
Despitethegrowingnumberofrisk-basedscoringcapabilitiesincorporatedintosecurityproducts,STAPvendorscanuseriskscoringasaproductdifferentiator.
Itcouldalsofosterthecomfortlevelrequiredtopromptorganizationstoembraceautomatedresponseandremediationfeatures.
MARKETSHARETheworldwideSTAPsecuritymarketroseto$930millionin2014,anincreaseof126.
3%from2013.
FireEyeremainstheSTAPmarketleader,with37.
9%shareofthemarketin2014.
Itsawitsshareofthemarketdecline5.
2%basedonadditionalmarketentrantsandwidespreadavailabilityofcompetingsandboxingsolutions.
AnotablecompetitorisPaloAltoNetworksandtherapidadoptionofitssubscription-basedWildFiresandboxingservicein2014.
Table1displays2011–2019worldwiderevenueandmarketsharefortheSTAPsecuritymarket.
Tables2–4display2014revenueandmarketsharesforthetopvendorsineachsubmarket.
STAPboundaryisthelargestmarketsegment,withFireEyecontinuingtobethesoledominatingvendor.
Sandboxingtechnologieshavequicklycometomarketfromnetworksecuritycompetitorsandsecuritystart-ups.
BoundarySTAPincludesproductsfromCheckPoint,Cyphort,iBoss,Fortinet,IntelSecurity,Proofpoint,Symantec,andothers.
Italsoincludesashareofsandboxingcomponentsthatexistwithinstandalonevendoradvancedthreatdefensesolutions(seeTable3).
STAPendpointisthefastest-growingmarketsegmentandonethatisquicklyevolvingasendpointsecurityvendors,includingSymantecandIntelSecurity,addendpointadvancedthreatdetectioncapabilitiestotheirplatformstomeettheirestablishedcustomerrequirements.
Lancopehasgainedsignificantadoptionofitsadvancedthreatdetectionsolution,leveragingitscloserelationshipwithCiscoSystems.
RSAandBlueCoatareeachtransformingtheirnetworkpacketcapturingappliances,whichhadbeenfocusedfordigitalforensicsinvestigations,intobreachdetectionandanalysisplatforms(seeTable4).
2015IDC#2596675TABLE1WorldwideSpecializedThreatAnalysisandProtectionRevenuebySegment,2011–2019($M)2011201220132014201520162017201820192014–2019CAGR(%)Boundary80.
6150.
5309.
0709.
81,119.
71,444.
31,653.
41,845.
32,001.
623.
0Endpoint9.
016.
039.
0101.
8212.
7353.
2494.
4618.
0716.
947.
8Internalnetworkanalysis21.
035.
063.
0118.
4202.
5287.
6342.
2386.
7421.
528.
9Total110.
6201.
5411.
0930.
01,535.
02,085.
02,490.
02,850.
03,140.
027.
6Source:IDC,2015TABLE2WorldwideSpecializedThreatAnalysisandProtectionRevenueofBoundarySegmentbyVendor,2014Revenue($M)FireEye353AhnLab25TrendMicro25Cisco25Fidelis23Websense23IBM20Lastline20PaloAltoNetworks17Other178.
8Source:IDC,20152015IDC#2596676TABLE3WorldwideSpecializedThreatAnalysisandProtectionRevenueofEndpointSegmentbyVendor,2014Revenue($M)Bit9-CB38.
0Cylance13.
0Bromium13.
0CrowdStrike12.
0Invincea12.
0Other13.
8Source:IDC,2015TABLE4WorldwideSpecializedThreatAnalysisandProtectionRevenueofInternalNetworkAnalysisSegmentbyVendor,2014Revenue($M)Lancope50.
0IBM15.
0Damballa15.
0BlueCoat13.
0RSA13.
0Other12.
4Source:IDC,20152015IDC#2596677WHOSHAPEDTHEYEARBit9acquiredCarbonBlackatthebeginningof2014andwasabletohighlighttheeffectivenessofitsmodernwhitelistingapproachwithCarbonBlack'sendpointforensicscapabilities.
CarbonBlackhadbeentremendouslysuccessfulwithitsapproachpriortotheacquisitiongainingadoptionwithSOCpersonnelandincidentresponseteamsforitsabilitytotakeacompleteinventoryofeveryfileonanendpointsystemandmonitorforsystemchanges.
Theacquisitionshiftedattentiononwaysorganizationscanmodernizetheirendpointsecuritysolutions.
FireEyegainedattentionwiththelaunchofitsEndpointSecurity(HXSeries)appliancein2014.
ThisproductusesMandiant'sproprietarytechnologyforincidentresponderstomonitorendpointsforthreatindicatorsandalertthesecurityoperationscenterteamaboutpossiblecompromisedendpoints.
EngineersareworkingonembeddingMandiant'sMIRfunctionalityintotheHXSeries,enablingresponderstorapidlyinvestigatepotentialthreats.
TheappliancecanbepurchasedseparatelyorbeintegratedwiththeFireEyeNXSeriesappliances.
PaloAltoNetworksacquiredMortaandCyverain2014toaddendpointvisibilitytoitsportfolio.
TheresultingendpointSTAPproductcalledTrapsisdesignedtoblockattackerexploitationtechniques.
TrapsintegrateswithWildFire,PaloAlto'sSaaS-basedsandboxingservice.
CiscoSystemsacquiredThreatGRID,addingasandboxforcloud-basedsuspiciousfileanalysis.
ThecompanyalsoshowedprogressinextendingtheAdvancedMalwareProtectioncomponentofitsSourcefireacquisitionasanadd-ontoitsASAUTMappliances.
LancopeleverageditsexistingpartnershipwithCiscoSystemstogaintractionintheSTAPmarketwithitsStealthWatchSystemforadvancedthreatdetection.
Lancopecompetesagainstothervendorsintheinternalnetworkanalysissubmarket,whichisdesignedtoidentifylateralmovementwithintrackingnetworkreconnaissance,internalmalwarepropagation,commandandcontroltraffic,anddataexfiltration.
ANoteonSymantecandIntelSecurityIntelSecurityismakinggainswithitsAdvancedThreatDefenseoffering,whichconsistsofastandaloneappliance,designedtointegratewithotherproductsinitsportfolio.
IntelSecurityusesalocalblacklisttodetectknownmalwareandavirtualsandboxenvironmentforsuspiciousfileanalysis.
ItconnectstoIntelSecurity'scloud-basedGlobalThreatIntelligenceforfurtherprotection.
Symantecannouncedthatitwouldsplitintoseparatesecurityandinformationmanagementbusinessesin2014.
ThecompanyalsoannouncedplanstoinvestinitsportfolioofsecurityproductsandentertheSTAPmarketwithanAdvancedThreatProtectionproductthatintegratesitsexistingemail,networking,andendpointsolutionswithfileinspectiontechnologycalledSymantecCynic,acloud-basedsandboxenvironmentforfileinspection.
SymantecalsoleveragesatechnologyitcallsSynapsetocorrelateeventinformationbetweenthenetwork,endpoints,andemailtoprovidecontexttoalertsforincidentresponders.
MARKETCONTEXTTheSTAPmarketgainedconsiderabletractionin2014asendusersincreasedsecurityspendingtostemtheever-increasingnumberofdatabreaches.
TheTargetbreachinparticularraisedthestakesforsecurityaccountabilityastheCEOwasforcedtoresigninpartasaresultofthemassivedata2015IDC#2596678breach.
STAPproductsarerepresentingthefirstsignificantshiftinthesecuritystackinsometime,andIDCpredictsthatorganizationswillcontinuetodeploytheseproductseitherthroughon-premisesdevices,throughendpointclients,orviathecloud.
ThethreeSTAPsubsegmentsthatIDCistracking—boundary,internalnetwork,andendpoint—havestrongenterpriseinterestandadoption.
However,thesereasonsvarybasedoneachsegment:Boundary.
TheinterestinboundarydeviceshasbeenpromptedprimarilybythesuccessofFireEyeandotherstodeliversandboxingandotheridentificationtechniquesonthenetwork.
Manysecurityadministratorsareverycomfortablewithaddingsecuritydevicestothenetworkandasaresultthesedevicesfiteasilyintotheday-to-daysecurityoperationsfunction.
Internalnetwork.
InternalnetworkSTAPproductsareprimarilyfocusedonbotnetdetectionanddeterminingifmalwarehasinfectedthenetwork.
Insteadoftryingtoevaluatethetrafficflowingthroughthenetworkboundaries,internalnetworkSTAPproductsrelyonuserbehavior,flowtraffic,andDNStraffictodeterminewhetherthereismaliciousbehavioronthenetwork.
OnekeyadvantagetoutedbyinternalnetworkSTAPproductsoverboundaryproductsisareductionintheamountoffalsepositives.
Endpoint.
EndpointSTAPproductsarebeingheraldedasthenextgenerationofendpointsecurity.
Asenterpriseshavebecomemoredisillusionedwithlegacyendpointsecurityproducts,theinterestinsolutionsthatarefasterandmoreaccuratehasincreased.
EndpointSTAPvendorsareapproachingendpointsecurityusingawidevarietyofmethodstoimprovethedetectionandpreventioncapabilitiesofmalwareontheendpoint.
OtherendpointSTAPproductsaremorefocusedonanalyticscollectionandvisibilityintotheendpointandthencoordinatethatdatawithnetwork-basedproducts.
IDCdoesnotbelievethatanysingleapproachorproductwillsolveanorganization'ssecuritychallenges,butbyusingacombinationofSTAPproductswithtraditionalsecurityproducts,thatmanyblindspotscanbeeliminated.
SignificantMarketDevelopmentsSecurityvendorFireEye'scontinuedsuccesshasresultedinaninfluxofadvancedthreatdefenseofferingsthatusevirtualsandboxestoanalyzesuspiciousfilesandidentifyadvancedthreats.
Thesolutions,whichfirstappealedtolargeenterprises,haveexperiencedgrowthbycapturingabroadersegmentofthemarket,whichquicklyembracedcloud-basedsandboxingservices.
Avarietyofpure-playvendorswithsandboxingofferingscontinuetomaketheboundarysubmarketextremelylargecomparedwithendpointandinternalnetworkanalysis.
Bit9'sacquisitionofCarbonBlackhashelpedfuelinterestinmodernizingendpointdefenses,whichhavebeenrelyingheavilyonsignature-basedtechnologytodetectmalware.
Newconceptsarebeingintroducedthatincorporateendpointagentorsensortechnologytoincreasevisibilityandgiveincidentrespondersmorecontextintoalertsandcontroloverinfectedsystems.
EndpointSTAPisrapidlyevolving.
Theattentiongiventopure-playvendorshaspromptedestablishedsecurityvendorstoaddsimilarspecializedthreatanalysisandprotectioncapabilities.
Therootofmanyoftheseemergingtechnologiesisinhost-basedintrusionpreventionanddigitalforensicscapabilitiesthatidentifythreatsinunderlyingsystemmemory,abnormalapplicationfunctioncalls,andothersignsofunusualsystembehavior.
IDCisawareofAccessData,FireEyeMIR,GuidanceSoftwareEncase,RSAECAT,andotherforensicstoolsthathelprespondersgainvisibilitywhileinvestigatingthescopeofaninfection.
IDC2015IDC#2596679analystsexaminetheseproductscloselytodeterminewhetherthereisreal-timemonitoringandalertingcapabilitiesandthecustomerrequirementsandusecasesthattheproductsfulfill.
METHODOLOGYThisIDCsoftwaremarketsizingandforecastispresentedintermsofpackagedsoftwareandappliancerevenue.
IDCusesthetermpackagedsoftwaretodistinguishcommerciallyavailablesoftwarefromcustomsoftware,nottoimplythatthesoftwaremustbeshrink-wrappedorotherwiseprovidedviaphysicalmedia.
Packagedsoftwareisprogramsorcodesetsofanytypecommerciallyavailablethroughsale,lease,orrental,orasaservice.
Packagedsoftwarerevenuetypicallyincludesfeesforinitialandcontinuedright-to-usepackagedsoftwarelicenses.
Thesefeesmayinclude,aspartofthelicensecontract,accesstoproductsupportand/orotherservicesthatareinseparablefromtheright-to-uselicensefeestructure,orthissupportmaybepricedseparately.
Upgradesmaybeincludedinthecontinuingrightofuseormaybepricedseparately.
AllofthesearecountedbyIDCaspackagedsoftwarerevenue.
Appliancesaredefinedasacombinationofhardware,operatingenvironment,andapplicationsoftwarewheretheyareprovidedasasingleproduct.
Packagedsoftwarerevenueexcludesservicerevenuederivedfromtraining,consulting,andsystemsintegrationthatisseparate(orunbundled)fromtheright-to-uselicensebutdoesincludetheimplicitvalueoftheproductincludedinaservicethatofferssoftwarefunctionalitybyadifferentpricingscheme.
Itisthetotalproductrevenuethatisfurtherallocatedtomarkets,geographicareas,andoperatingenvironments.
Themarketforecastandanalysismethodologyincorporatesinformationfromfivedifferentbutinterrelatedsources,asfollows:Reportedandobservedtrendsandfinancialactivity.
Thisstudyincorporatesreportedandobservedtrendsandfinancialactivityin2014asoftheendofSeptember2015.
IDC'sSoftwareCensusinterviews.
IDCinterviewsallsignificantmarketparticipantstodetermineproductrevenue,revenuedemographics,pricing,andotherrelevantinformation.
Productbriefings,pressreleases,andotherpubliclyavailableinformation.
IDC'ssoftwareanalystsaroundtheworldmeetwithhundredsofsoftwarevendorseachyear.
Thesebriefingsprovideanopportunitytoreviewcurrentandfuturebusinessandproductstrategies,revenue,shipments,customerbases,targetmarkets,andotherkeyproductandcompetitiveinformation.
Vendorfinancialstatementsandrelatedfilings.
Althoughmanysoftwarevendorsareprivatelyheldandchoosetolimitfinancialdisclosures,informationfrompubliclyheldcompaniesprovidesasignificantbenchmarkforassessinginformalmarketestimatesfromprivatecompanies.
IDCalsobuildsdetailedinformationrelatedtoprivatecompaniesthroughin-depthanalystrelationshipsandmaintainsanextensivelibraryoffinancialandcorporateinformationfocusedontheITindustry.
Wefurthermaintaindetailedrevenuebyproductareamodelsonmorethan1,000worldwidevendors.
IDCdemand-sideresearch.
Thisincludesthousandsofinterviewswithbusinessusersofsoftwaresolutionsannuallyandprovidesapowerfulfifthperspectiveforassessingcompetitiveperformanceandmarketdynamics.
IDC'suserstrategydatabasesofferacompellingandconsistenttime-seriesviewofindustrytrendsanddevelopments.
Directconversationswithtechnologybuyersprovideaninvaluablecomplementtothebroadersurvey-basedresults.
2015IDC#25966710Ultimately,thedatapresentedinthisstudyrepresentsIDC'sbestestimatesbasedonthesedatasourcesaswellasreportedandobservedactivitybyvendorsandfurthermodelingofdatathatwebelievetobetruetofillinanyinformationgaps.
ThedatainthisstudyisderivedfromallthesesourcesandenteredintoIDC'sSoftwareMarketForecasterdatabase,whichisthenupdatedonacontinuousbasisasnewinformationregardingsoftwarevendorrevenuebecomesavailable.
Note:Allnumbersinthisdocumentmaynotbeexactduetorounding.
MARKETDEFINITIONThespecializedthreatanalysisandprotectionmarketoverlapstheendpoint,messaging,network,andWebfunctionalmarkets.
Theproductshelpprotectenterprisesfromnewmalwareattacksthatcannotbedetectedbytraditionalsignature-basedtechniques.
TheSTAPproductsuseavarietyofnon-signature-basedprotectionmethodsincluding,butnotlimitedto,sandboxing,behavioralanalysis,fileintegritymonitoring,telemetricheuristics,containerization,netflowanalysis,andthreatintelligence,whichcandetectamalwareattackorcompromisebyidentifyingattackeractivityorsubtlesystemprocesschanges.
Someoftheproductsonlydetectandalert,whileothersmaycontainmalwaretopreventitfromcausingdamage.
Althoughthesefeaturesmayappearinotherproducts,thiscategoryisonlyfordedicatedSTAPsolutions.
TheSTAPmarketismadeupofdistinguishableproductsasopposedtoembeddedfeatureswithinaproduct.
Theabilitytofindandpreventadvancedmalwareultimatelyrequiresdedicatedactivities,andinthisway,itispossibletomeasuretheextentthatenterprisesareconsciouslytakingactionstodealwithadvancedmalware.
TheSTAPmarketisacompetitivemarketthatoverlapsotherlogicalsecurityproductsmarkets(e.
g.
,IAM,network,endpoint,messaging,Web,SVM,and"other"securityproducts).
TheSTAPmarketmustbereportedseparatelyand,furthermore,notaddedtothesevenlogicalsecurityproductsmarkets,otherwisethetotalsecurityproductsmarketfigurewillbeincorrect.
RELATEDRESEARCHIDC'sForecastScenarioAssumptionsfortheICTMarketsandHistoricalMarketValuesandExchangeRates,Version3,2015(IDC#259115,September2015)WorldwideSpecializedThreatAnalysisandProtectionForecast,2015–2019:DefendingAgainsttheUnknown(IDC#256354,May2015)MarketAnalysisPerspective:WorldwideSecurityProducts,2014(IDC#252908,December2014)WorldwideITSecurityProducts2014–2018Forecastand2013VendorShares:ComprehensiveSecurityProductReview(IDC#253371,December2014)IDC'sWorldwideSecurityProductsTaxonomy,2014(IDC#250802,September2014)WorldwideSpecializedThreatAnalysisandProtection2013–2017Forecastand2012VendorShares(IDC#242346,August2013)AboutIDCInternationalDataCorporation(IDC)isthepremierglobalproviderofmarketintelligence,advisoryservices,andeventsfortheinformationtechnology,telecommunicationsandconsumertechnologymarkets.
IDChelpsITprofessionals,businessexecutives,andtheinvestmentcommunitymakefact-baseddecisionsontechnologypurchasesandbusinessstrategy.
Morethan1,100IDCanalystsprovideglobal,regional,andlocalexpertiseontechnologyandindustryopportunitiesandtrendsinover110countriesworldwide.
For50years,IDChasprovidedstrategicinsightstohelpourclientsachievetheirkeybusinessobjectives.
IDCisasubsidiaryofIDG,theworld'sleadingtechnologymedia,research,andeventscompany.
GlobalHeadquarters5SpeenStreetFramingham,MA01701USA508.
872.
8200Twitter:@IDCidc-insights-community.
comwww.
idc.
comCopyrightNoticeThisIDCresearchdocumentwaspublishedaspartofanIDCcontinuousintelligenceservice,providingwrittenresearch,analystinteractions,telebriefings,andconferences.
Visitwww.
idc.
comtolearnmoreaboutIDCsubscriptionandconsultingservices.
ToviewalistofIDCofficesworldwide,visitwww.
idc.
com/offices.
PleasecontacttheIDCHotlineat800.
343.
4952,ext.
7988(or+1.
508.
988.
7988)orsales@idc.
comforinformationonapplyingthepriceofthisdocumenttowardthepurchaseofanIDCserviceorforinformationonadditionalcopiesorWebrights.
[trademark]Copyright2015IDC.
Reproductionisforbiddenunlessauthorized.
Allrightsreserved.
- tierfilemarkets.com相关文档
- promotefilemarkets.com
- Imagefilemarkets.com
- grantedfilemarkets.com
- householdsfilemarkets.com
- indexesfilemarkets.com
- Sourcefilemarkets.com
wordpress外贸企业主题 wordpress经典外贸企业建站主题
WordPress经典外贸企业建站主题,经典配色扁平化简约设计+跨屏自适应移动端设备,特色外贸企业建站功能模块+在线Inquiry询单功能,更有利于Google等英文搜索优化和站点收录。采用标准的HTML5+CSS3语言开发,兼容当下的各种主流浏览器: IE 6+(以及类似360、遨游等基于IE内核的)、Firefox、Google Chrome、Safari、Opera等;同时支持移动终端的常用...
舍利云30元/月起;美国CERA云服务器,原生ip,低至28元/月起
目前舍利云服务器的主要特色是适合seo和建站,性价比方面非常不错,舍利云的产品以BGP线路速度优质稳定而著称,对于产品的线路和带宽有着极其严格的讲究,这主要表现在其对母鸡的超售有严格的管控,与此同时舍利云也尽心尽力为用户提供完美服务。目前,香港cn2云服务器,5M/10M带宽,价格低至30元/月,可试用1天;;美国cera云服务器,原生ip,低至28元/月起。一、香港CN2云服务器香港CN2精品线...
#消息# contabo:德国老牌机房新增美国“纽约、西雅图”数据中心,免设置费
运作了18年的德国老牌机房contabo在继去年4月开办了第一个美国数据中心(中部城市:圣路易斯)后立马在本月全新上马两个数据中心:纽约、西雅图。当前,为庆祝美国独立日,美国三个数据中心的VPS全部免除设置费,VPS本身的配置很高,价格适中,有较高的性价比!官方网站:https://contabo.com/en/SSD VPSKVM虚拟,纯SSD阵列,不限制流量,自带一个IPv4内存CPUSSD带...
filemarkets.com为你推荐
-
neworiental天津新东方总部地址在哪里?18comic.fun18岁以后男孩最喜欢的网站长尾关键词挖掘工具大家是怎么挖掘长尾关键词的?www.44ri.comwww.yydcsjw.comwww.e12.com.cn上海高中除了四大名校,接下来哪所高中最好?顺便讲下它的各方面情况5xoy.com求个如月群真汉化版下载地址m.kan84.net那里有免费的电影看?javbibibibi直播是真的吗www.kaspersky.com.cn现在网上又有病毒了?sodu.tw今天sodu.org为什么打不开了?