tierfilemarkets.com
filemarkets.com 时间:2021-03-21 阅读:()
October2015,IDC#259667MarketShareWorldwideSpecializedThreatAnalysisandProtectionMarketShares,2014:RapidlyEvolvingSecurityDefensesRobertWesterveltPeteLindstromRobAyoubElizabethCorrIDCMARKETSHAREFIGUREFIGURE1WorldwideSpecializedThreatAnalysisandProtection2014ShareSnapshotNote:2014Share(%),Growth(%),andRevenue($M)Source:IDC,20152015IDC#2596672EXECUTIVESUMMARYThespecializedthreatanalysisandprotection(STAP)marketcontinuedtogaintractionin2014withwidespreadadoptionofSaaSandon-premisessandboxesandarenewedfocusonemergingendpointsecuritytechnologies.
Organizationsarealsoincreasinglyevaluatingnetworkinspectionsolutionsdesignedtodetectattackermovementtosensitiveresources.
SignificantSTAPtrendsare:Vendorsconvertingproofofconcepts(POCs).
SecurityvendorsconvertedasignificantnumberofSTAPproofofconceptsin2014.
IDCestimatesthatthemarketin2014hadrevenueof$930million.
Itisforecasttogrowtoover$3billionby2019,withatotalmarketCAGRof27.
6%.
Identifyingattackermovement.
High-profileattacks,databreaches,andcriticalvulnerabilitiesin2013and2014droveinterestinNetFlowandotherproductsdesignedtodetectlateralmovementwithinacorporatenetwork.
FireEye,Lancope,IBM,andBit9-CarbonBlackwerethetop4securityvendorssellingSTAPsolutionsin2014.
Callingforincidentresponse(IR)support.
EarlyadoptersofSTAPsolutionssoughtincidentresponseexpertise,increasingdemandfordigitalforensicsspecialists,databreachsupport,andotherprofessionalservices.
Vendorsrespondedbyaddingorbolsteringtheirservicesofferingsin2014.
IDCbelievesthatemergingendpointsolutionsdesignedtodetectadvancedthreatswillgainmomentum.
Vendorsarecombiningmonitoringwithbehavioralanalyticswithothernon-signature-baseddetectioncapabilitiestoidentifyzerodays.
ThereissomeevidencethatendcustomersarebeginningtoshedstandardantivirusinfavorofsomeendpointSTAPsolutions.
TheSTAPmarketwillcontinuetoevolvewithestablishedsecurityvendorsaddingSTAPfeaturestotheirportfolioorganicallyoracquiringemergingSTAPsolutions.
In2014,PaloAltoNetworksacquiredIsraelistart-upCyveraforanestimated$200millionand,laterintheyear,introducedTraps,aSTAPendpointproductthatintegrateswithitsWildFirefilesandboxingservice.
CiscoSystemsacquiredThreatGRID,addingsuspiciousfileanalysissandboxingcapabilitiestoitsportfolio.
FireEyefurtherbuiltoutitsportfoliowiththeacquisitionofnPulseTechnologiestosupportforensicsandthreatremediationactivities.
ThisIDCstudyexaminesthecompetitivemarketforthisspecializedsecuritytechnology.
Itaimstoidentifythemarketleadersandsignificanttrendsthatwillimpactthebroadermarketforsecurityproductsandservices.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware.
"Thespecializedthreatanalysisandprotectionmarketisrapidlyevolving,withestablishedvendorsaddingSTAPofferingsthatcompeteagainstagrowingcadreofsecuritystart-ups.
Theinnovativesecuritytechnologiesinthismarketmodernizemanyoftheoutdatedapproachesthatattackersareeasilybypassingtoday.
OrganizationsareshowingsignificantinterestandadoptionofSTAPproductstoaddressthegrowingneedforadvancedthreatdetection.
"—RobertWestervelt,researchmanager,SecurityProducts,IDC2015IDC#2596673ADVICEFORTECHNOLOGYSUPPLIERSThespecializedthreatanalysisandprotectionmarketcontinuestobechallengingforvendors,buyers,andsaleschannelresellers.
ThecompetitivemarketcontinuestoevolvewithSTAPsecurityproductsoftenoverlappingavarietyofadjacentsecuritytechnologyareas.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware,sophisticatedattacktechniques,andotheractivityassociatedwithadvancedpersistentthreats.
Theproductsmustnotbesignaturebased.
BuyersareseekingtobolstertheirexistingsecurityinfrastructurebymakinganinvestmentinproductsdesignedtodetectadvancedthreatsfromeachofthethreeSTAPsubmarkets:endpoint,boundary,andinternalnetworkanalysis.
Somevendorsolutionsprovidefunctionalityfromeachofthesubmarkets,integratingemulationproductsdesignedtoanalyzesuspiciousfileswithbehavioralanalysistoidentifyfunctioncallsandsuspiciousfileactivityontheendpoint,andnetworkanalysistodetectattackerreconnaissanceactivityandlateralmovementwithinthenetwork.
EndpointSTAPproductsusebehavioralanalysisofmemoryandapplicationoperations.
Itprimarilyconsistsofanagentorsensorondevicesthatmonitorsystemprocessesandfilesforsignsofanomalousbehaviororattempttopreventsuspiciousfilesfromexecuting.
IDCanticipatesfutureconsolidationoftheendpointSTAPsubmarket,withtraditionalendpointsecurityvendorsaddingSTAPendpointcapabilitiestotheirplatforms.
BoundarySTAPproductsconsistmainlyofvirtualsandboxing/emulationandbehavioralanalysistechnologies.
Thesesafezonesareusedtodetonateandmonitorthebehaviorofsuspiciousfiles,whicharedesignedtoevadesignature-baseddefenses.
BuyershaveincreasinglypurchasedSaaS-basedsandboxingservices,buton-premisesandhybriddeploymentsarealsocommonwithenterprisecustomers.
InternalnetworkanalysisSTAPproductsmonitornetworkflowtodetectindicationsofattackerreconnaissanceactivity,malwaremovement,andbotnetormalwarecommandandcontrolactivity.
Productsshouldbeequippedtohelpresponderspinpointendpointinfectionsandinterruptcommandandcontrolcommunicationprovidecontexttoincidentresponders.
ThestrongestSTAPsolutionsappeartocomefromvendorsthathavecreatedstrongtechnologypartnerships,andIDChasdeterminedthatasecurityvendor'stechnologypartnerecosystemisbeingexaminedthoroughlyinproductevaluations.
Toremaincompetitive,securityvendorsshouldalsoconsiderthefollowingrecommendations:Strikekeydifferentiators:ProductevaluationsarebecomingasignificantchallengeforbuyersplanningtoadoptSTAPtechnology.
ChannelresellersarealsostrainedwhenattemptingtodetermineifaSTAPproductcanfitintheirportfoliowithoutconflictingwithtop-tiertechnologypartners.
Makeclearalldifferentiatingmanagementfeaturesandcapabilitiesagainstcompetitivesolutions.
Expanddeploymentoptions:Akeybuyingrequirementistheabilitytointegrateproductswithexistingsecurityinfrastructure.
ThisrequirementmayresultintheneedforfullSaaS,on-premises,oramixtureofSaaSandon-premisessolutions.
Whileusabilityandeffortlessdeploymentareadvantageous,buyersarealsochoosingSTAPsolutionswithflexibledeploymentmodels.
2015IDC#2596674Createservicesofferings:Ananalysisofearlyadopterbuyingbehaviorsfoundthatvendorservicesofferingsarenotaprimarybuyingrequirement;however,asecondinquirywithcustomersidentifiedasignificantneedforfollow-upservicesengagements.
Theservicesrequirementwaspromptedbyalackofroutinemaintenance,deficientincidentresponseprocesses,andpoorlyconfigureddeployments.
Developriskscoringmodels:BuyingtrendssuggesttheadditionofaconfigurableriskscoringmethodologytoassistrespondersinprioritizingalertscapturestheattentionofC-suiteexecutivesduringsalesengagements.
Despitethegrowingnumberofrisk-basedscoringcapabilitiesincorporatedintosecurityproducts,STAPvendorscanuseriskscoringasaproductdifferentiator.
Itcouldalsofosterthecomfortlevelrequiredtopromptorganizationstoembraceautomatedresponseandremediationfeatures.
MARKETSHARETheworldwideSTAPsecuritymarketroseto$930millionin2014,anincreaseof126.
3%from2013.
FireEyeremainstheSTAPmarketleader,with37.
9%shareofthemarketin2014.
Itsawitsshareofthemarketdecline5.
2%basedonadditionalmarketentrantsandwidespreadavailabilityofcompetingsandboxingsolutions.
AnotablecompetitorisPaloAltoNetworksandtherapidadoptionofitssubscription-basedWildFiresandboxingservicein2014.
Table1displays2011–2019worldwiderevenueandmarketsharefortheSTAPsecuritymarket.
Tables2–4display2014revenueandmarketsharesforthetopvendorsineachsubmarket.
STAPboundaryisthelargestmarketsegment,withFireEyecontinuingtobethesoledominatingvendor.
Sandboxingtechnologieshavequicklycometomarketfromnetworksecuritycompetitorsandsecuritystart-ups.
BoundarySTAPincludesproductsfromCheckPoint,Cyphort,iBoss,Fortinet,IntelSecurity,Proofpoint,Symantec,andothers.
Italsoincludesashareofsandboxingcomponentsthatexistwithinstandalonevendoradvancedthreatdefensesolutions(seeTable3).
STAPendpointisthefastest-growingmarketsegmentandonethatisquicklyevolvingasendpointsecurityvendors,includingSymantecandIntelSecurity,addendpointadvancedthreatdetectioncapabilitiestotheirplatformstomeettheirestablishedcustomerrequirements.
Lancopehasgainedsignificantadoptionofitsadvancedthreatdetectionsolution,leveragingitscloserelationshipwithCiscoSystems.
RSAandBlueCoatareeachtransformingtheirnetworkpacketcapturingappliances,whichhadbeenfocusedfordigitalforensicsinvestigations,intobreachdetectionandanalysisplatforms(seeTable4).
2015IDC#2596675TABLE1WorldwideSpecializedThreatAnalysisandProtectionRevenuebySegment,2011–2019($M)2011201220132014201520162017201820192014–2019CAGR(%)Boundary80.
6150.
5309.
0709.
81,119.
71,444.
31,653.
41,845.
32,001.
623.
0Endpoint9.
016.
039.
0101.
8212.
7353.
2494.
4618.
0716.
947.
8Internalnetworkanalysis21.
035.
063.
0118.
4202.
5287.
6342.
2386.
7421.
528.
9Total110.
6201.
5411.
0930.
01,535.
02,085.
02,490.
02,850.
03,140.
027.
6Source:IDC,2015TABLE2WorldwideSpecializedThreatAnalysisandProtectionRevenueofBoundarySegmentbyVendor,2014Revenue($M)FireEye353AhnLab25TrendMicro25Cisco25Fidelis23Websense23IBM20Lastline20PaloAltoNetworks17Other178.
8Source:IDC,20152015IDC#2596676TABLE3WorldwideSpecializedThreatAnalysisandProtectionRevenueofEndpointSegmentbyVendor,2014Revenue($M)Bit9-CB38.
0Cylance13.
0Bromium13.
0CrowdStrike12.
0Invincea12.
0Other13.
8Source:IDC,2015TABLE4WorldwideSpecializedThreatAnalysisandProtectionRevenueofInternalNetworkAnalysisSegmentbyVendor,2014Revenue($M)Lancope50.
0IBM15.
0Damballa15.
0BlueCoat13.
0RSA13.
0Other12.
4Source:IDC,20152015IDC#2596677WHOSHAPEDTHEYEARBit9acquiredCarbonBlackatthebeginningof2014andwasabletohighlighttheeffectivenessofitsmodernwhitelistingapproachwithCarbonBlack'sendpointforensicscapabilities.
CarbonBlackhadbeentremendouslysuccessfulwithitsapproachpriortotheacquisitiongainingadoptionwithSOCpersonnelandincidentresponseteamsforitsabilitytotakeacompleteinventoryofeveryfileonanendpointsystemandmonitorforsystemchanges.
Theacquisitionshiftedattentiononwaysorganizationscanmodernizetheirendpointsecuritysolutions.
FireEyegainedattentionwiththelaunchofitsEndpointSecurity(HXSeries)appliancein2014.
ThisproductusesMandiant'sproprietarytechnologyforincidentresponderstomonitorendpointsforthreatindicatorsandalertthesecurityoperationscenterteamaboutpossiblecompromisedendpoints.
EngineersareworkingonembeddingMandiant'sMIRfunctionalityintotheHXSeries,enablingresponderstorapidlyinvestigatepotentialthreats.
TheappliancecanbepurchasedseparatelyorbeintegratedwiththeFireEyeNXSeriesappliances.
PaloAltoNetworksacquiredMortaandCyverain2014toaddendpointvisibilitytoitsportfolio.
TheresultingendpointSTAPproductcalledTrapsisdesignedtoblockattackerexploitationtechniques.
TrapsintegrateswithWildFire,PaloAlto'sSaaS-basedsandboxingservice.
CiscoSystemsacquiredThreatGRID,addingasandboxforcloud-basedsuspiciousfileanalysis.
ThecompanyalsoshowedprogressinextendingtheAdvancedMalwareProtectioncomponentofitsSourcefireacquisitionasanadd-ontoitsASAUTMappliances.
LancopeleverageditsexistingpartnershipwithCiscoSystemstogaintractionintheSTAPmarketwithitsStealthWatchSystemforadvancedthreatdetection.
Lancopecompetesagainstothervendorsintheinternalnetworkanalysissubmarket,whichisdesignedtoidentifylateralmovementwithintrackingnetworkreconnaissance,internalmalwarepropagation,commandandcontroltraffic,anddataexfiltration.
ANoteonSymantecandIntelSecurityIntelSecurityismakinggainswithitsAdvancedThreatDefenseoffering,whichconsistsofastandaloneappliance,designedtointegratewithotherproductsinitsportfolio.
IntelSecurityusesalocalblacklisttodetectknownmalwareandavirtualsandboxenvironmentforsuspiciousfileanalysis.
ItconnectstoIntelSecurity'scloud-basedGlobalThreatIntelligenceforfurtherprotection.
Symantecannouncedthatitwouldsplitintoseparatesecurityandinformationmanagementbusinessesin2014.
ThecompanyalsoannouncedplanstoinvestinitsportfolioofsecurityproductsandentertheSTAPmarketwithanAdvancedThreatProtectionproductthatintegratesitsexistingemail,networking,andendpointsolutionswithfileinspectiontechnologycalledSymantecCynic,acloud-basedsandboxenvironmentforfileinspection.
SymantecalsoleveragesatechnologyitcallsSynapsetocorrelateeventinformationbetweenthenetwork,endpoints,andemailtoprovidecontexttoalertsforincidentresponders.
MARKETCONTEXTTheSTAPmarketgainedconsiderabletractionin2014asendusersincreasedsecurityspendingtostemtheever-increasingnumberofdatabreaches.
TheTargetbreachinparticularraisedthestakesforsecurityaccountabilityastheCEOwasforcedtoresigninpartasaresultofthemassivedata2015IDC#2596678breach.
STAPproductsarerepresentingthefirstsignificantshiftinthesecuritystackinsometime,andIDCpredictsthatorganizationswillcontinuetodeploytheseproductseitherthroughon-premisesdevices,throughendpointclients,orviathecloud.
ThethreeSTAPsubsegmentsthatIDCistracking—boundary,internalnetwork,andendpoint—havestrongenterpriseinterestandadoption.
However,thesereasonsvarybasedoneachsegment:Boundary.
TheinterestinboundarydeviceshasbeenpromptedprimarilybythesuccessofFireEyeandotherstodeliversandboxingandotheridentificationtechniquesonthenetwork.
Manysecurityadministratorsareverycomfortablewithaddingsecuritydevicestothenetworkandasaresultthesedevicesfiteasilyintotheday-to-daysecurityoperationsfunction.
Internalnetwork.
InternalnetworkSTAPproductsareprimarilyfocusedonbotnetdetectionanddeterminingifmalwarehasinfectedthenetwork.
Insteadoftryingtoevaluatethetrafficflowingthroughthenetworkboundaries,internalnetworkSTAPproductsrelyonuserbehavior,flowtraffic,andDNStraffictodeterminewhetherthereismaliciousbehavioronthenetwork.
OnekeyadvantagetoutedbyinternalnetworkSTAPproductsoverboundaryproductsisareductionintheamountoffalsepositives.
Endpoint.
EndpointSTAPproductsarebeingheraldedasthenextgenerationofendpointsecurity.
Asenterpriseshavebecomemoredisillusionedwithlegacyendpointsecurityproducts,theinterestinsolutionsthatarefasterandmoreaccuratehasincreased.
EndpointSTAPvendorsareapproachingendpointsecurityusingawidevarietyofmethodstoimprovethedetectionandpreventioncapabilitiesofmalwareontheendpoint.
OtherendpointSTAPproductsaremorefocusedonanalyticscollectionandvisibilityintotheendpointandthencoordinatethatdatawithnetwork-basedproducts.
IDCdoesnotbelievethatanysingleapproachorproductwillsolveanorganization'ssecuritychallenges,butbyusingacombinationofSTAPproductswithtraditionalsecurityproducts,thatmanyblindspotscanbeeliminated.
SignificantMarketDevelopmentsSecurityvendorFireEye'scontinuedsuccesshasresultedinaninfluxofadvancedthreatdefenseofferingsthatusevirtualsandboxestoanalyzesuspiciousfilesandidentifyadvancedthreats.
Thesolutions,whichfirstappealedtolargeenterprises,haveexperiencedgrowthbycapturingabroadersegmentofthemarket,whichquicklyembracedcloud-basedsandboxingservices.
Avarietyofpure-playvendorswithsandboxingofferingscontinuetomaketheboundarysubmarketextremelylargecomparedwithendpointandinternalnetworkanalysis.
Bit9'sacquisitionofCarbonBlackhashelpedfuelinterestinmodernizingendpointdefenses,whichhavebeenrelyingheavilyonsignature-basedtechnologytodetectmalware.
Newconceptsarebeingintroducedthatincorporateendpointagentorsensortechnologytoincreasevisibilityandgiveincidentrespondersmorecontextintoalertsandcontroloverinfectedsystems.
EndpointSTAPisrapidlyevolving.
Theattentiongiventopure-playvendorshaspromptedestablishedsecurityvendorstoaddsimilarspecializedthreatanalysisandprotectioncapabilities.
Therootofmanyoftheseemergingtechnologiesisinhost-basedintrusionpreventionanddigitalforensicscapabilitiesthatidentifythreatsinunderlyingsystemmemory,abnormalapplicationfunctioncalls,andothersignsofunusualsystembehavior.
IDCisawareofAccessData,FireEyeMIR,GuidanceSoftwareEncase,RSAECAT,andotherforensicstoolsthathelprespondersgainvisibilitywhileinvestigatingthescopeofaninfection.
IDC2015IDC#2596679analystsexaminetheseproductscloselytodeterminewhetherthereisreal-timemonitoringandalertingcapabilitiesandthecustomerrequirementsandusecasesthattheproductsfulfill.
METHODOLOGYThisIDCsoftwaremarketsizingandforecastispresentedintermsofpackagedsoftwareandappliancerevenue.
IDCusesthetermpackagedsoftwaretodistinguishcommerciallyavailablesoftwarefromcustomsoftware,nottoimplythatthesoftwaremustbeshrink-wrappedorotherwiseprovidedviaphysicalmedia.
Packagedsoftwareisprogramsorcodesetsofanytypecommerciallyavailablethroughsale,lease,orrental,orasaservice.
Packagedsoftwarerevenuetypicallyincludesfeesforinitialandcontinuedright-to-usepackagedsoftwarelicenses.
Thesefeesmayinclude,aspartofthelicensecontract,accesstoproductsupportand/orotherservicesthatareinseparablefromtheright-to-uselicensefeestructure,orthissupportmaybepricedseparately.
Upgradesmaybeincludedinthecontinuingrightofuseormaybepricedseparately.
AllofthesearecountedbyIDCaspackagedsoftwarerevenue.
Appliancesaredefinedasacombinationofhardware,operatingenvironment,andapplicationsoftwarewheretheyareprovidedasasingleproduct.
Packagedsoftwarerevenueexcludesservicerevenuederivedfromtraining,consulting,andsystemsintegrationthatisseparate(orunbundled)fromtheright-to-uselicensebutdoesincludetheimplicitvalueoftheproductincludedinaservicethatofferssoftwarefunctionalitybyadifferentpricingscheme.
Itisthetotalproductrevenuethatisfurtherallocatedtomarkets,geographicareas,andoperatingenvironments.
Themarketforecastandanalysismethodologyincorporatesinformationfromfivedifferentbutinterrelatedsources,asfollows:Reportedandobservedtrendsandfinancialactivity.
Thisstudyincorporatesreportedandobservedtrendsandfinancialactivityin2014asoftheendofSeptember2015.
IDC'sSoftwareCensusinterviews.
IDCinterviewsallsignificantmarketparticipantstodetermineproductrevenue,revenuedemographics,pricing,andotherrelevantinformation.
Productbriefings,pressreleases,andotherpubliclyavailableinformation.
IDC'ssoftwareanalystsaroundtheworldmeetwithhundredsofsoftwarevendorseachyear.
Thesebriefingsprovideanopportunitytoreviewcurrentandfuturebusinessandproductstrategies,revenue,shipments,customerbases,targetmarkets,andotherkeyproductandcompetitiveinformation.
Vendorfinancialstatementsandrelatedfilings.
Althoughmanysoftwarevendorsareprivatelyheldandchoosetolimitfinancialdisclosures,informationfrompubliclyheldcompaniesprovidesasignificantbenchmarkforassessinginformalmarketestimatesfromprivatecompanies.
IDCalsobuildsdetailedinformationrelatedtoprivatecompaniesthroughin-depthanalystrelationshipsandmaintainsanextensivelibraryoffinancialandcorporateinformationfocusedontheITindustry.
Wefurthermaintaindetailedrevenuebyproductareamodelsonmorethan1,000worldwidevendors.
IDCdemand-sideresearch.
Thisincludesthousandsofinterviewswithbusinessusersofsoftwaresolutionsannuallyandprovidesapowerfulfifthperspectiveforassessingcompetitiveperformanceandmarketdynamics.
IDC'suserstrategydatabasesofferacompellingandconsistenttime-seriesviewofindustrytrendsanddevelopments.
Directconversationswithtechnologybuyersprovideaninvaluablecomplementtothebroadersurvey-basedresults.
2015IDC#25966710Ultimately,thedatapresentedinthisstudyrepresentsIDC'sbestestimatesbasedonthesedatasourcesaswellasreportedandobservedactivitybyvendorsandfurthermodelingofdatathatwebelievetobetruetofillinanyinformationgaps.
ThedatainthisstudyisderivedfromallthesesourcesandenteredintoIDC'sSoftwareMarketForecasterdatabase,whichisthenupdatedonacontinuousbasisasnewinformationregardingsoftwarevendorrevenuebecomesavailable.
Note:Allnumbersinthisdocumentmaynotbeexactduetorounding.
MARKETDEFINITIONThespecializedthreatanalysisandprotectionmarketoverlapstheendpoint,messaging,network,andWebfunctionalmarkets.
Theproductshelpprotectenterprisesfromnewmalwareattacksthatcannotbedetectedbytraditionalsignature-basedtechniques.
TheSTAPproductsuseavarietyofnon-signature-basedprotectionmethodsincluding,butnotlimitedto,sandboxing,behavioralanalysis,fileintegritymonitoring,telemetricheuristics,containerization,netflowanalysis,andthreatintelligence,whichcandetectamalwareattackorcompromisebyidentifyingattackeractivityorsubtlesystemprocesschanges.
Someoftheproductsonlydetectandalert,whileothersmaycontainmalwaretopreventitfromcausingdamage.
Althoughthesefeaturesmayappearinotherproducts,thiscategoryisonlyfordedicatedSTAPsolutions.
TheSTAPmarketismadeupofdistinguishableproductsasopposedtoembeddedfeatureswithinaproduct.
Theabilitytofindandpreventadvancedmalwareultimatelyrequiresdedicatedactivities,andinthisway,itispossibletomeasuretheextentthatenterprisesareconsciouslytakingactionstodealwithadvancedmalware.
TheSTAPmarketisacompetitivemarketthatoverlapsotherlogicalsecurityproductsmarkets(e.
g.
,IAM,network,endpoint,messaging,Web,SVM,and"other"securityproducts).
TheSTAPmarketmustbereportedseparatelyand,furthermore,notaddedtothesevenlogicalsecurityproductsmarkets,otherwisethetotalsecurityproductsmarketfigurewillbeincorrect.
RELATEDRESEARCHIDC'sForecastScenarioAssumptionsfortheICTMarketsandHistoricalMarketValuesandExchangeRates,Version3,2015(IDC#259115,September2015)WorldwideSpecializedThreatAnalysisandProtectionForecast,2015–2019:DefendingAgainsttheUnknown(IDC#256354,May2015)MarketAnalysisPerspective:WorldwideSecurityProducts,2014(IDC#252908,December2014)WorldwideITSecurityProducts2014–2018Forecastand2013VendorShares:ComprehensiveSecurityProductReview(IDC#253371,December2014)IDC'sWorldwideSecurityProductsTaxonomy,2014(IDC#250802,September2014)WorldwideSpecializedThreatAnalysisandProtection2013–2017Forecastand2012VendorShares(IDC#242346,August2013)AboutIDCInternationalDataCorporation(IDC)isthepremierglobalproviderofmarketintelligence,advisoryservices,andeventsfortheinformationtechnology,telecommunicationsandconsumertechnologymarkets.
IDChelpsITprofessionals,businessexecutives,andtheinvestmentcommunitymakefact-baseddecisionsontechnologypurchasesandbusinessstrategy.
Morethan1,100IDCanalystsprovideglobal,regional,andlocalexpertiseontechnologyandindustryopportunitiesandtrendsinover110countriesworldwide.
For50years,IDChasprovidedstrategicinsightstohelpourclientsachievetheirkeybusinessobjectives.
IDCisasubsidiaryofIDG,theworld'sleadingtechnologymedia,research,andeventscompany.
GlobalHeadquarters5SpeenStreetFramingham,MA01701USA508.
872.
8200Twitter:@IDCidc-insights-community.
comwww.
idc.
comCopyrightNoticeThisIDCresearchdocumentwaspublishedaspartofanIDCcontinuousintelligenceservice,providingwrittenresearch,analystinteractions,telebriefings,andconferences.
Visitwww.
idc.
comtolearnmoreaboutIDCsubscriptionandconsultingservices.
ToviewalistofIDCofficesworldwide,visitwww.
idc.
com/offices.
PleasecontacttheIDCHotlineat800.
343.
4952,ext.
7988(or+1.
508.
988.
7988)orsales@idc.
comforinformationonapplyingthepriceofthisdocumenttowardthepurchaseofanIDCserviceorforinformationonadditionalcopiesorWebrights.
[trademark]Copyright2015IDC.
Reproductionisforbiddenunlessauthorized.
Allrightsreserved.
Organizationsarealsoincreasinglyevaluatingnetworkinspectionsolutionsdesignedtodetectattackermovementtosensitiveresources.
SignificantSTAPtrendsare:Vendorsconvertingproofofconcepts(POCs).
SecurityvendorsconvertedasignificantnumberofSTAPproofofconceptsin2014.
IDCestimatesthatthemarketin2014hadrevenueof$930million.
Itisforecasttogrowtoover$3billionby2019,withatotalmarketCAGRof27.
6%.
Identifyingattackermovement.
High-profileattacks,databreaches,andcriticalvulnerabilitiesin2013and2014droveinterestinNetFlowandotherproductsdesignedtodetectlateralmovementwithinacorporatenetwork.
FireEye,Lancope,IBM,andBit9-CarbonBlackwerethetop4securityvendorssellingSTAPsolutionsin2014.
Callingforincidentresponse(IR)support.
EarlyadoptersofSTAPsolutionssoughtincidentresponseexpertise,increasingdemandfordigitalforensicsspecialists,databreachsupport,andotherprofessionalservices.
Vendorsrespondedbyaddingorbolsteringtheirservicesofferingsin2014.
IDCbelievesthatemergingendpointsolutionsdesignedtodetectadvancedthreatswillgainmomentum.
Vendorsarecombiningmonitoringwithbehavioralanalyticswithothernon-signature-baseddetectioncapabilitiestoidentifyzerodays.
ThereissomeevidencethatendcustomersarebeginningtoshedstandardantivirusinfavorofsomeendpointSTAPsolutions.
TheSTAPmarketwillcontinuetoevolvewithestablishedsecurityvendorsaddingSTAPfeaturestotheirportfolioorganicallyoracquiringemergingSTAPsolutions.
In2014,PaloAltoNetworksacquiredIsraelistart-upCyveraforanestimated$200millionand,laterintheyear,introducedTraps,aSTAPendpointproductthatintegrateswithitsWildFirefilesandboxingservice.
CiscoSystemsacquiredThreatGRID,addingsuspiciousfileanalysissandboxingcapabilitiestoitsportfolio.
FireEyefurtherbuiltoutitsportfoliowiththeacquisitionofnPulseTechnologiestosupportforensicsandthreatremediationactivities.
ThisIDCstudyexaminesthecompetitivemarketforthisspecializedsecuritytechnology.
Itaimstoidentifythemarketleadersandsignificanttrendsthatwillimpactthebroadermarketforsecurityproductsandservices.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware.
"Thespecializedthreatanalysisandprotectionmarketisrapidlyevolving,withestablishedvendorsaddingSTAPofferingsthatcompeteagainstagrowingcadreofsecuritystart-ups.
Theinnovativesecuritytechnologiesinthismarketmodernizemanyoftheoutdatedapproachesthatattackersareeasilybypassingtoday.
OrganizationsareshowingsignificantinterestandadoptionofSTAPproductstoaddressthegrowingneedforadvancedthreatdetection.
"—RobertWestervelt,researchmanager,SecurityProducts,IDC2015IDC#2596673ADVICEFORTECHNOLOGYSUPPLIERSThespecializedthreatanalysisandprotectionmarketcontinuestobechallengingforvendors,buyers,andsaleschannelresellers.
ThecompetitivemarketcontinuestoevolvewithSTAPsecurityproductsoftenoverlappingavarietyofadjacentsecuritytechnologyareas.
SecurityvendorproductsthatfitintotheSTAPmarketmustbesoldasadedicatedproductandpurchasedfromcustomerstospecificallyaddresstheproblemofidentifyingcustommalware,sophisticatedattacktechniques,andotheractivityassociatedwithadvancedpersistentthreats.
Theproductsmustnotbesignaturebased.
BuyersareseekingtobolstertheirexistingsecurityinfrastructurebymakinganinvestmentinproductsdesignedtodetectadvancedthreatsfromeachofthethreeSTAPsubmarkets:endpoint,boundary,andinternalnetworkanalysis.
Somevendorsolutionsprovidefunctionalityfromeachofthesubmarkets,integratingemulationproductsdesignedtoanalyzesuspiciousfileswithbehavioralanalysistoidentifyfunctioncallsandsuspiciousfileactivityontheendpoint,andnetworkanalysistodetectattackerreconnaissanceactivityandlateralmovementwithinthenetwork.
EndpointSTAPproductsusebehavioralanalysisofmemoryandapplicationoperations.
Itprimarilyconsistsofanagentorsensorondevicesthatmonitorsystemprocessesandfilesforsignsofanomalousbehaviororattempttopreventsuspiciousfilesfromexecuting.
IDCanticipatesfutureconsolidationoftheendpointSTAPsubmarket,withtraditionalendpointsecurityvendorsaddingSTAPendpointcapabilitiestotheirplatforms.
BoundarySTAPproductsconsistmainlyofvirtualsandboxing/emulationandbehavioralanalysistechnologies.
Thesesafezonesareusedtodetonateandmonitorthebehaviorofsuspiciousfiles,whicharedesignedtoevadesignature-baseddefenses.
BuyershaveincreasinglypurchasedSaaS-basedsandboxingservices,buton-premisesandhybriddeploymentsarealsocommonwithenterprisecustomers.
InternalnetworkanalysisSTAPproductsmonitornetworkflowtodetectindicationsofattackerreconnaissanceactivity,malwaremovement,andbotnetormalwarecommandandcontrolactivity.
Productsshouldbeequippedtohelpresponderspinpointendpointinfectionsandinterruptcommandandcontrolcommunicationprovidecontexttoincidentresponders.
ThestrongestSTAPsolutionsappeartocomefromvendorsthathavecreatedstrongtechnologypartnerships,andIDChasdeterminedthatasecurityvendor'stechnologypartnerecosystemisbeingexaminedthoroughlyinproductevaluations.
Toremaincompetitive,securityvendorsshouldalsoconsiderthefollowingrecommendations:Strikekeydifferentiators:ProductevaluationsarebecomingasignificantchallengeforbuyersplanningtoadoptSTAPtechnology.
ChannelresellersarealsostrainedwhenattemptingtodetermineifaSTAPproductcanfitintheirportfoliowithoutconflictingwithtop-tiertechnologypartners.
Makeclearalldifferentiatingmanagementfeaturesandcapabilitiesagainstcompetitivesolutions.
Expanddeploymentoptions:Akeybuyingrequirementistheabilitytointegrateproductswithexistingsecurityinfrastructure.
ThisrequirementmayresultintheneedforfullSaaS,on-premises,oramixtureofSaaSandon-premisessolutions.
Whileusabilityandeffortlessdeploymentareadvantageous,buyersarealsochoosingSTAPsolutionswithflexibledeploymentmodels.
2015IDC#2596674Createservicesofferings:Ananalysisofearlyadopterbuyingbehaviorsfoundthatvendorservicesofferingsarenotaprimarybuyingrequirement;however,asecondinquirywithcustomersidentifiedasignificantneedforfollow-upservicesengagements.
Theservicesrequirementwaspromptedbyalackofroutinemaintenance,deficientincidentresponseprocesses,andpoorlyconfigureddeployments.
Developriskscoringmodels:BuyingtrendssuggesttheadditionofaconfigurableriskscoringmethodologytoassistrespondersinprioritizingalertscapturestheattentionofC-suiteexecutivesduringsalesengagements.
Despitethegrowingnumberofrisk-basedscoringcapabilitiesincorporatedintosecurityproducts,STAPvendorscanuseriskscoringasaproductdifferentiator.
Itcouldalsofosterthecomfortlevelrequiredtopromptorganizationstoembraceautomatedresponseandremediationfeatures.
MARKETSHARETheworldwideSTAPsecuritymarketroseto$930millionin2014,anincreaseof126.
3%from2013.
FireEyeremainstheSTAPmarketleader,with37.
9%shareofthemarketin2014.
Itsawitsshareofthemarketdecline5.
2%basedonadditionalmarketentrantsandwidespreadavailabilityofcompetingsandboxingsolutions.
AnotablecompetitorisPaloAltoNetworksandtherapidadoptionofitssubscription-basedWildFiresandboxingservicein2014.
Table1displays2011–2019worldwiderevenueandmarketsharefortheSTAPsecuritymarket.
Tables2–4display2014revenueandmarketsharesforthetopvendorsineachsubmarket.
STAPboundaryisthelargestmarketsegment,withFireEyecontinuingtobethesoledominatingvendor.
Sandboxingtechnologieshavequicklycometomarketfromnetworksecuritycompetitorsandsecuritystart-ups.
BoundarySTAPincludesproductsfromCheckPoint,Cyphort,iBoss,Fortinet,IntelSecurity,Proofpoint,Symantec,andothers.
Italsoincludesashareofsandboxingcomponentsthatexistwithinstandalonevendoradvancedthreatdefensesolutions(seeTable3).
STAPendpointisthefastest-growingmarketsegmentandonethatisquicklyevolvingasendpointsecurityvendors,includingSymantecandIntelSecurity,addendpointadvancedthreatdetectioncapabilitiestotheirplatformstomeettheirestablishedcustomerrequirements.
Lancopehasgainedsignificantadoptionofitsadvancedthreatdetectionsolution,leveragingitscloserelationshipwithCiscoSystems.
RSAandBlueCoatareeachtransformingtheirnetworkpacketcapturingappliances,whichhadbeenfocusedfordigitalforensicsinvestigations,intobreachdetectionandanalysisplatforms(seeTable4).
2015IDC#2596675TABLE1WorldwideSpecializedThreatAnalysisandProtectionRevenuebySegment,2011–2019($M)2011201220132014201520162017201820192014–2019CAGR(%)Boundary80.
6150.
5309.
0709.
81,119.
71,444.
31,653.
41,845.
32,001.
623.
0Endpoint9.
016.
039.
0101.
8212.
7353.
2494.
4618.
0716.
947.
8Internalnetworkanalysis21.
035.
063.
0118.
4202.
5287.
6342.
2386.
7421.
528.
9Total110.
6201.
5411.
0930.
01,535.
02,085.
02,490.
02,850.
03,140.
027.
6Source:IDC,2015TABLE2WorldwideSpecializedThreatAnalysisandProtectionRevenueofBoundarySegmentbyVendor,2014Revenue($M)FireEye353AhnLab25TrendMicro25Cisco25Fidelis23Websense23IBM20Lastline20PaloAltoNetworks17Other178.
8Source:IDC,20152015IDC#2596676TABLE3WorldwideSpecializedThreatAnalysisandProtectionRevenueofEndpointSegmentbyVendor,2014Revenue($M)Bit9-CB38.
0Cylance13.
0Bromium13.
0CrowdStrike12.
0Invincea12.
0Other13.
8Source:IDC,2015TABLE4WorldwideSpecializedThreatAnalysisandProtectionRevenueofInternalNetworkAnalysisSegmentbyVendor,2014Revenue($M)Lancope50.
0IBM15.
0Damballa15.
0BlueCoat13.
0RSA13.
0Other12.
4Source:IDC,20152015IDC#2596677WHOSHAPEDTHEYEARBit9acquiredCarbonBlackatthebeginningof2014andwasabletohighlighttheeffectivenessofitsmodernwhitelistingapproachwithCarbonBlack'sendpointforensicscapabilities.
CarbonBlackhadbeentremendouslysuccessfulwithitsapproachpriortotheacquisitiongainingadoptionwithSOCpersonnelandincidentresponseteamsforitsabilitytotakeacompleteinventoryofeveryfileonanendpointsystemandmonitorforsystemchanges.
Theacquisitionshiftedattentiononwaysorganizationscanmodernizetheirendpointsecuritysolutions.
FireEyegainedattentionwiththelaunchofitsEndpointSecurity(HXSeries)appliancein2014.
ThisproductusesMandiant'sproprietarytechnologyforincidentresponderstomonitorendpointsforthreatindicatorsandalertthesecurityoperationscenterteamaboutpossiblecompromisedendpoints.
EngineersareworkingonembeddingMandiant'sMIRfunctionalityintotheHXSeries,enablingresponderstorapidlyinvestigatepotentialthreats.
TheappliancecanbepurchasedseparatelyorbeintegratedwiththeFireEyeNXSeriesappliances.
PaloAltoNetworksacquiredMortaandCyverain2014toaddendpointvisibilitytoitsportfolio.
TheresultingendpointSTAPproductcalledTrapsisdesignedtoblockattackerexploitationtechniques.
TrapsintegrateswithWildFire,PaloAlto'sSaaS-basedsandboxingservice.
CiscoSystemsacquiredThreatGRID,addingasandboxforcloud-basedsuspiciousfileanalysis.
ThecompanyalsoshowedprogressinextendingtheAdvancedMalwareProtectioncomponentofitsSourcefireacquisitionasanadd-ontoitsASAUTMappliances.
LancopeleverageditsexistingpartnershipwithCiscoSystemstogaintractionintheSTAPmarketwithitsStealthWatchSystemforadvancedthreatdetection.
Lancopecompetesagainstothervendorsintheinternalnetworkanalysissubmarket,whichisdesignedtoidentifylateralmovementwithintrackingnetworkreconnaissance,internalmalwarepropagation,commandandcontroltraffic,anddataexfiltration.
ANoteonSymantecandIntelSecurityIntelSecurityismakinggainswithitsAdvancedThreatDefenseoffering,whichconsistsofastandaloneappliance,designedtointegratewithotherproductsinitsportfolio.
IntelSecurityusesalocalblacklisttodetectknownmalwareandavirtualsandboxenvironmentforsuspiciousfileanalysis.
ItconnectstoIntelSecurity'scloud-basedGlobalThreatIntelligenceforfurtherprotection.
Symantecannouncedthatitwouldsplitintoseparatesecurityandinformationmanagementbusinessesin2014.
ThecompanyalsoannouncedplanstoinvestinitsportfolioofsecurityproductsandentertheSTAPmarketwithanAdvancedThreatProtectionproductthatintegratesitsexistingemail,networking,andendpointsolutionswithfileinspectiontechnologycalledSymantecCynic,acloud-basedsandboxenvironmentforfileinspection.
SymantecalsoleveragesatechnologyitcallsSynapsetocorrelateeventinformationbetweenthenetwork,endpoints,andemailtoprovidecontexttoalertsforincidentresponders.
MARKETCONTEXTTheSTAPmarketgainedconsiderabletractionin2014asendusersincreasedsecurityspendingtostemtheever-increasingnumberofdatabreaches.
TheTargetbreachinparticularraisedthestakesforsecurityaccountabilityastheCEOwasforcedtoresigninpartasaresultofthemassivedata2015IDC#2596678breach.
STAPproductsarerepresentingthefirstsignificantshiftinthesecuritystackinsometime,andIDCpredictsthatorganizationswillcontinuetodeploytheseproductseitherthroughon-premisesdevices,throughendpointclients,orviathecloud.
ThethreeSTAPsubsegmentsthatIDCistracking—boundary,internalnetwork,andendpoint—havestrongenterpriseinterestandadoption.
However,thesereasonsvarybasedoneachsegment:Boundary.
TheinterestinboundarydeviceshasbeenpromptedprimarilybythesuccessofFireEyeandotherstodeliversandboxingandotheridentificationtechniquesonthenetwork.
Manysecurityadministratorsareverycomfortablewithaddingsecuritydevicestothenetworkandasaresultthesedevicesfiteasilyintotheday-to-daysecurityoperationsfunction.
Internalnetwork.
InternalnetworkSTAPproductsareprimarilyfocusedonbotnetdetectionanddeterminingifmalwarehasinfectedthenetwork.
Insteadoftryingtoevaluatethetrafficflowingthroughthenetworkboundaries,internalnetworkSTAPproductsrelyonuserbehavior,flowtraffic,andDNStraffictodeterminewhetherthereismaliciousbehavioronthenetwork.
OnekeyadvantagetoutedbyinternalnetworkSTAPproductsoverboundaryproductsisareductionintheamountoffalsepositives.
Endpoint.
EndpointSTAPproductsarebeingheraldedasthenextgenerationofendpointsecurity.
Asenterpriseshavebecomemoredisillusionedwithlegacyendpointsecurityproducts,theinterestinsolutionsthatarefasterandmoreaccuratehasincreased.
EndpointSTAPvendorsareapproachingendpointsecurityusingawidevarietyofmethodstoimprovethedetectionandpreventioncapabilitiesofmalwareontheendpoint.
OtherendpointSTAPproductsaremorefocusedonanalyticscollectionandvisibilityintotheendpointandthencoordinatethatdatawithnetwork-basedproducts.
IDCdoesnotbelievethatanysingleapproachorproductwillsolveanorganization'ssecuritychallenges,butbyusingacombinationofSTAPproductswithtraditionalsecurityproducts,thatmanyblindspotscanbeeliminated.
SignificantMarketDevelopmentsSecurityvendorFireEye'scontinuedsuccesshasresultedinaninfluxofadvancedthreatdefenseofferingsthatusevirtualsandboxestoanalyzesuspiciousfilesandidentifyadvancedthreats.
Thesolutions,whichfirstappealedtolargeenterprises,haveexperiencedgrowthbycapturingabroadersegmentofthemarket,whichquicklyembracedcloud-basedsandboxingservices.
Avarietyofpure-playvendorswithsandboxingofferingscontinuetomaketheboundarysubmarketextremelylargecomparedwithendpointandinternalnetworkanalysis.
Bit9'sacquisitionofCarbonBlackhashelpedfuelinterestinmodernizingendpointdefenses,whichhavebeenrelyingheavilyonsignature-basedtechnologytodetectmalware.
Newconceptsarebeingintroducedthatincorporateendpointagentorsensortechnologytoincreasevisibilityandgiveincidentrespondersmorecontextintoalertsandcontroloverinfectedsystems.
EndpointSTAPisrapidlyevolving.
Theattentiongiventopure-playvendorshaspromptedestablishedsecurityvendorstoaddsimilarspecializedthreatanalysisandprotectioncapabilities.
Therootofmanyoftheseemergingtechnologiesisinhost-basedintrusionpreventionanddigitalforensicscapabilitiesthatidentifythreatsinunderlyingsystemmemory,abnormalapplicationfunctioncalls,andothersignsofunusualsystembehavior.
IDCisawareofAccessData,FireEyeMIR,GuidanceSoftwareEncase,RSAECAT,andotherforensicstoolsthathelprespondersgainvisibilitywhileinvestigatingthescopeofaninfection.
IDC2015IDC#2596679analystsexaminetheseproductscloselytodeterminewhetherthereisreal-timemonitoringandalertingcapabilitiesandthecustomerrequirementsandusecasesthattheproductsfulfill.
METHODOLOGYThisIDCsoftwaremarketsizingandforecastispresentedintermsofpackagedsoftwareandappliancerevenue.
IDCusesthetermpackagedsoftwaretodistinguishcommerciallyavailablesoftwarefromcustomsoftware,nottoimplythatthesoftwaremustbeshrink-wrappedorotherwiseprovidedviaphysicalmedia.
Packagedsoftwareisprogramsorcodesetsofanytypecommerciallyavailablethroughsale,lease,orrental,orasaservice.
Packagedsoftwarerevenuetypicallyincludesfeesforinitialandcontinuedright-to-usepackagedsoftwarelicenses.
Thesefeesmayinclude,aspartofthelicensecontract,accesstoproductsupportand/orotherservicesthatareinseparablefromtheright-to-uselicensefeestructure,orthissupportmaybepricedseparately.
Upgradesmaybeincludedinthecontinuingrightofuseormaybepricedseparately.
AllofthesearecountedbyIDCaspackagedsoftwarerevenue.
Appliancesaredefinedasacombinationofhardware,operatingenvironment,andapplicationsoftwarewheretheyareprovidedasasingleproduct.
Packagedsoftwarerevenueexcludesservicerevenuederivedfromtraining,consulting,andsystemsintegrationthatisseparate(orunbundled)fromtheright-to-uselicensebutdoesincludetheimplicitvalueoftheproductincludedinaservicethatofferssoftwarefunctionalitybyadifferentpricingscheme.
Itisthetotalproductrevenuethatisfurtherallocatedtomarkets,geographicareas,andoperatingenvironments.
Themarketforecastandanalysismethodologyincorporatesinformationfromfivedifferentbutinterrelatedsources,asfollows:Reportedandobservedtrendsandfinancialactivity.
Thisstudyincorporatesreportedandobservedtrendsandfinancialactivityin2014asoftheendofSeptember2015.
IDC'sSoftwareCensusinterviews.
IDCinterviewsallsignificantmarketparticipantstodetermineproductrevenue,revenuedemographics,pricing,andotherrelevantinformation.
Productbriefings,pressreleases,andotherpubliclyavailableinformation.
IDC'ssoftwareanalystsaroundtheworldmeetwithhundredsofsoftwarevendorseachyear.
Thesebriefingsprovideanopportunitytoreviewcurrentandfuturebusinessandproductstrategies,revenue,shipments,customerbases,targetmarkets,andotherkeyproductandcompetitiveinformation.
Vendorfinancialstatementsandrelatedfilings.
Althoughmanysoftwarevendorsareprivatelyheldandchoosetolimitfinancialdisclosures,informationfrompubliclyheldcompaniesprovidesasignificantbenchmarkforassessinginformalmarketestimatesfromprivatecompanies.
IDCalsobuildsdetailedinformationrelatedtoprivatecompaniesthroughin-depthanalystrelationshipsandmaintainsanextensivelibraryoffinancialandcorporateinformationfocusedontheITindustry.
Wefurthermaintaindetailedrevenuebyproductareamodelsonmorethan1,000worldwidevendors.
IDCdemand-sideresearch.
Thisincludesthousandsofinterviewswithbusinessusersofsoftwaresolutionsannuallyandprovidesapowerfulfifthperspectiveforassessingcompetitiveperformanceandmarketdynamics.
IDC'suserstrategydatabasesofferacompellingandconsistenttime-seriesviewofindustrytrendsanddevelopments.
Directconversationswithtechnologybuyersprovideaninvaluablecomplementtothebroadersurvey-basedresults.
2015IDC#25966710Ultimately,thedatapresentedinthisstudyrepresentsIDC'sbestestimatesbasedonthesedatasourcesaswellasreportedandobservedactivitybyvendorsandfurthermodelingofdatathatwebelievetobetruetofillinanyinformationgaps.
ThedatainthisstudyisderivedfromallthesesourcesandenteredintoIDC'sSoftwareMarketForecasterdatabase,whichisthenupdatedonacontinuousbasisasnewinformationregardingsoftwarevendorrevenuebecomesavailable.
Note:Allnumbersinthisdocumentmaynotbeexactduetorounding.
MARKETDEFINITIONThespecializedthreatanalysisandprotectionmarketoverlapstheendpoint,messaging,network,andWebfunctionalmarkets.
Theproductshelpprotectenterprisesfromnewmalwareattacksthatcannotbedetectedbytraditionalsignature-basedtechniques.
TheSTAPproductsuseavarietyofnon-signature-basedprotectionmethodsincluding,butnotlimitedto,sandboxing,behavioralanalysis,fileintegritymonitoring,telemetricheuristics,containerization,netflowanalysis,andthreatintelligence,whichcandetectamalwareattackorcompromisebyidentifyingattackeractivityorsubtlesystemprocesschanges.
Someoftheproductsonlydetectandalert,whileothersmaycontainmalwaretopreventitfromcausingdamage.
Althoughthesefeaturesmayappearinotherproducts,thiscategoryisonlyfordedicatedSTAPsolutions.
TheSTAPmarketismadeupofdistinguishableproductsasopposedtoembeddedfeatureswithinaproduct.
Theabilitytofindandpreventadvancedmalwareultimatelyrequiresdedicatedactivities,andinthisway,itispossibletomeasuretheextentthatenterprisesareconsciouslytakingactionstodealwithadvancedmalware.
TheSTAPmarketisacompetitivemarketthatoverlapsotherlogicalsecurityproductsmarkets(e.
g.
,IAM,network,endpoint,messaging,Web,SVM,and"other"securityproducts).
TheSTAPmarketmustbereportedseparatelyand,furthermore,notaddedtothesevenlogicalsecurityproductsmarkets,otherwisethetotalsecurityproductsmarketfigurewillbeincorrect.
RELATEDRESEARCHIDC'sForecastScenarioAssumptionsfortheICTMarketsandHistoricalMarketValuesandExchangeRates,Version3,2015(IDC#259115,September2015)WorldwideSpecializedThreatAnalysisandProtectionForecast,2015–2019:DefendingAgainsttheUnknown(IDC#256354,May2015)MarketAnalysisPerspective:WorldwideSecurityProducts,2014(IDC#252908,December2014)WorldwideITSecurityProducts2014–2018Forecastand2013VendorShares:ComprehensiveSecurityProductReview(IDC#253371,December2014)IDC'sWorldwideSecurityProductsTaxonomy,2014(IDC#250802,September2014)WorldwideSpecializedThreatAnalysisandProtection2013–2017Forecastand2012VendorShares(IDC#242346,August2013)AboutIDCInternationalDataCorporation(IDC)isthepremierglobalproviderofmarketintelligence,advisoryservices,andeventsfortheinformationtechnology,telecommunicationsandconsumertechnologymarkets.
IDChelpsITprofessionals,businessexecutives,andtheinvestmentcommunitymakefact-baseddecisionsontechnologypurchasesandbusinessstrategy.
Morethan1,100IDCanalystsprovideglobal,regional,andlocalexpertiseontechnologyandindustryopportunitiesandtrendsinover110countriesworldwide.
For50years,IDChasprovidedstrategicinsightstohelpourclientsachievetheirkeybusinessobjectives.
IDCisasubsidiaryofIDG,theworld'sleadingtechnologymedia,research,andeventscompany.
GlobalHeadquarters5SpeenStreetFramingham,MA01701USA508.
872.
8200Twitter:@IDCidc-insights-community.
comwww.
idc.
comCopyrightNoticeThisIDCresearchdocumentwaspublishedaspartofanIDCcontinuousintelligenceservice,providingwrittenresearch,analystinteractions,telebriefings,andconferences.
Visitwww.
idc.
comtolearnmoreaboutIDCsubscriptionandconsultingservices.
ToviewalistofIDCofficesworldwide,visitwww.
idc.
com/offices.
PleasecontacttheIDCHotlineat800.
343.
4952,ext.
7988(or+1.
508.
988.
7988)orsales@idc.
comforinformationonapplyingthepriceofthisdocumenttowardthepurchaseofanIDCserviceorforinformationonadditionalcopiesorWebrights.
[trademark]Copyright2015IDC.
Reproductionisforbiddenunlessauthorized.
Allrightsreserved.
- tierfilemarkets.com相关文档
- promotefilemarkets.com
- Imagefilemarkets.com
- grantedfilemarkets.com
- householdsfilemarkets.com
- indexesfilemarkets.com
- Sourcefilemarkets.com
物语云-VPS-美国洛杉矶VPS无限流量云windows大带宽100M不限流量 26/月起
物语云计算怎么样?物语云计算(MonogatariCloud)是一家成立于2016年的老牌国人商家,主营国内游戏高防独服业务,拥有多家机房资源,产品质量过硬,颇有一定口碑。本次带来的是特惠活动为美国洛杉矶Cera机房的不限流量大带宽VPS,去程直连回程4837,支持免费安装Windows系统。值得注意的是,物语云采用的虚拟化技术为Hyper-v,因此并不会超售超开。一、物语云官网点击此处进入物语云...
鲸云10美元,香港BGPRM 1核 1G 10Mbps峰值带宽 1TB流量,江西CN2-NAT 1核 512MB内存 100M带宽 ,
WHloud Official Notice(鲸云官方通知)(鲸落 梦之终章)]WHloud RouMu Cloud Hosting若木产品线云主机-香港节点上新预售本次线路均为电信CN2 GIA+移动联通BGP,此机型为正常常规机,建站推荐。本次预售定为国庆后开通,据销售状况决定,照以往经验或有咕咕的可能性,但是大多等待时间不长。均赠送2个快照 2个备份,1个默认ipv4官方网站:https:/...
TNAHosting($5/月)4核/12GB/500GB/15TB/芝加哥机房
TNAHosting是一家成立于2012年的国外主机商,提供VPS主机及独立服务器租用等业务,其中VPS主机基于OpenVZ和KVM架构,数据中心在美国芝加哥机房。目前,商家在LET推出芝加哥机房大硬盘高配VPS套餐,再次刷新了价格底线,基于OpenVZ架构,12GB内存,500GB大硬盘,支持月付仅5美元起。下面列出这款VPS主机配置信息。CPU:4 cores内存:12GB硬盘:500GB月流...
filemarkets.com为你推荐
-
网罗设计怎么能学习好网络设计渣渣辉商标渣渣辉是什么意思啊?网红名字被抢注我想问这个网红 名字叫什么 讲一下谢谢了地图应用谁知道什么地图软件好用,求 最好可以看到路上行人西部妈妈网我爸妈在云南做非法集资了,钱肯定交了很多,我不恨她们。他们叫我明天去看,让我用心的看,,说是什么...比肩工场比肩是什么意思,行比肩大运的主要意象百度关键词工具常见的关键词挖掘工具有哪些www.78222.com我看一个网站.www.snw58.com里面好有意思呀,不知道里面的信息是不是真实的www.hhh258comwww.tx88d.com 有这个网站吗?ww.66bobo.com有的网址直接输入***.com就行了,不用WWW, 为什么?