I D C M a r k e t S c a p e : W o r l d w i d e W e b S e c u r i t y P r o d u c t s V e n d o r A n a l y s i s

Transcription

1 C O M P E T I T I V E A N A L Y S I S I D C M a r k e t S c a p e : W o r l d w i d e W e b S e c u r i t y P r o d u c t s V e n d o r A n a l y s i s Phil Hochmuth Global Headquarters: 5 Speen Street Framingham, MA USA P F I N T H I S E X C E R P T The content for this paper is excerpted from the IDC MarketScape: Worldwide Web Security Products Vendor Analysis, by Phil Hocmuth (Doc # ). All or parts of the following sections are included in this excerpt: IDC Opinion, In This Study, Situation Overview, Future Outlook, Vendor Profile, Essential Guidance, and Synopsis. Figure 3 is also included. I D C O P I N I O N Explosive growth of Web-based technologies in the enterprise (i.e., social media, mobile apps, software-as-a-service/cloud infrastructure) and the bring-your-own-device (BYOD) phenomenon is forcing rapid change on the Web security market. Five years ago, the iphone was a newborn, Facebook was for college kids, and "clouds" had more relevance to weather.com than amazon.com. At the same time, enterprise Web security technology largely served one purpose: controlling employee Web surfing in the office. Web security products must now address a much broader set of functions: Web-based malware and malicious URLs, social media and the gray areas between its personal and professional usage at work, and cloud-based applications that can also slant toward either corporate and consumer focus. Meanwhile, the idea of an employee browsing the Web from a PC, in an office, or behind a gateway is as antiquated as the Motorola RAZR; smartphones and tablets connected to hotspots, hotels, or mobile networks are now the norm. All of these factors are forcing enterprises to rethink how they deploy Web security. This IDC MarketScape assesses the current leaders, major players, and contenders in the worldwide Web security market and provide rankings for these vendors based on the criteria most important to enterprise customers. Key factors enterprises must consider when selecting a Web security vendor include: Breadth of capabilities. As defined by end users IDC spoke with, these include antimalware, URL/content filtering, DLP, outbound threat detection, social media controls, user/authentication-based policy enforcement, and SSL inspection. Range of form factors and delivery models. The ability to offer on-premise software or hardware appliances, cloud-based software as a service (SaaS), and hybrid offerings blends these delivery models in a complementary way. Adjacencies to other security technologies. Technologies that complement Web security include DLP, security, endpoint/gateway antimalware, network security, and encryption. Scalability and availability. Delivering key Web security capabilities to a diverse set of end users and devices, and at very large scale in terms of connections and global availability, is a key capability. Filing Information: October 2012, IDC #236980, Volume: 1 Security Products: Competitive Analysis

2

3 I N T H I S S T U D Y This IDC study uses the vendor assessment model called IDC MarketScape. This assessment discusses both quantitative and qualitative characteristics that explain a vendor's success in the marketplace and help anticipate its ascendancy. This is the first IDC MarketScape for the enterprise Web security market. The study is composed of two sections. The first part is a definition or description of what characteristics IDC analysts believe lead to success in the enterprise Web Security market. These characteristics are based on end-user and vendor surveys and key analyst observations of best practices and were defined in consultation with many of the leading enterprise Web security vendors. The second part of this study is the visual aggregation of multiple vendors into a single bubble chart format. This format concisely illustrates the observed and quantified scores of the reviewed vendors. The strategies axis represents a three- to five-year span and future perspective, while the capabilities axis represents current product and go-to-market execution. This document concludes with IDC's essential guidance to support continued growth and improvement of these vendors' offerings. M e t h o d o l o g y The IDC MarketScape is designed to provide an overview of the competitive fitness of the global solutions providers in the Web security market. A single chart displays each company's market share and indicates whether it is over- or underperforming and how well it is suited to compete in the market today and in the future (three to five years from now). The accompanying text explains each vendor's major strengths and weaknesses. IDC MarketScape criteria selection, weightings, and vendor scores represent wellresearched IDC judgment about the market and specific vendors. IDC analysts tailor the range of standard characteristics by which vendors are measured through structured discussions, surveys, and interviews with market leaders, participants, and end users. Market weightings are based on user interviews, buyer surveys, and the input of a review board of IDC experts in each market. IDC analysts base individual vendor scores, and ultimately vendor positions on the IDC MarketScape, on detailed surveys and interviews with the vendors, publicly available information, and end-user experiences in an effort to provide an accurate and consistent assessment of each vendor's characteristics, behavior, and capability. IDC employs the following methodology to arrive at each company's ranking: Sources. This study is based on a model that is populated with data provided to IDC from a vendor questionnaire, companies' quarterly and annual reports, earnings calls, industry analyst events, interviews with company representatives, interviews with end users, IDC research, and news coverage. For this IDC MarketScape, IDC conducted interviews with 20 end users from private enterprises, government, and education that make purchasing decisions for Web 2012 IDC #

4 security technology. IDC also used data from IDC's 2011 Cloud Security Survey as the basis for scoring and weighting criteria and assumptions. Market shares, growth rates, and revenue numbers. This IDC MarketScape covers the Web security market. For companies that do not publicly disclose this revenue, IDC estimates revenue and growth rates based on public information, discussions with vendors, knowledge of the industry, and input from regional IDC analysts. Competitive fitness. Each major competitor's preparedness for current and future market conditions is expressed as a set of two scores. One score expresses a given vendor's current "capabilities," while the other expresses the appropriateness of its "strategies" for the future. (IDC bases its assessment of future market conditions on what most likely will be the market's major trends and disruptors.) Each of the two scores is broken down into three criteria (product offerings, go-to-market capabilities, and business capabilities), each of which is in turn broken down into several subcriteria. Both criteria and subcriteria are weighted by importance for a particular market. For each company, we score its qualities with regard to each of the subcriteria, assigning a numeric value. The IDC MarketScape model uses these values to calculate each company's score for each of the criteria and rolls these values to arrive at the described set of two scores. M a r k e t D e f i n i t i o n This IDC MarketScape assesses the market for enterprise-class Web security products as defined in IDC's security products taxonomy, with a specific focus on Web security features and submarkets, including Web and URL filtering; antimalware, antivirus, and malicious code and script blocking; detection of botnet traffic and outbound threat activity; and Web application and social media controls and outbound (data leakage) threats. In addition to these features and functions, delivery models were also a major criteria considered. On-premise software, which includes virtual appliances, hardware appliances, and software as a service or cloud services, were all analyzed, if applicable. Vendors scored higher if they offered more platforms, as well as for demonstrating high levels of integration and feature parity across the platforms and support for hybrid-type deployments with unified management, reporting and policy creation, as well as scalability. Some of the key functionality and features examined in this study include social media and Web 2.0 controls; the ability to support mobile users including laptops, smartphones, and tablets; and the ability to support branch offices with Web security functionality whether through WAN backhaul to a centralized appliance or via the cloud proxy service. IDC also considered what adjacencies and synergies existed among the vendors' Web security offerings and other security and IT product offerings. While Web application firewall (WAF) is a subsegment of the Web security market in IDC's security products taxonomy, WAF features and WAF-focused vendors were not 2 # IDC

5 considered in this study. The difference between secure Web gateways and WAF is people versus machines: Web security gateway products examined in this IDC MarketScape are focused on protecting enterprise end-users' activity and access to the Web and HTTP-based applications and services (both on the Internet and private networks), and WAF protects Web servers and applications from intrusions and attacks. S I T U A T I O N O V E R V I E W I n t r o d u c t i o n The Web security market has evolved rapidly over the past five years. Not long ago, most Web security solutions focused on blocking, filtering, or limiting the access corporate employees had to inappropriate or distracting Web sites. This was largely a time-manage net/productivity issue. The advent of Web-based malware, hosted on both entrusted and trusted Web sites, required another layer of technology to Web security: URL reputation, antimalware scanning, and blocking. With the rapid adoption of enterprise-focused SaaS and other cloud services, as well as widespread use of consumer-focused Web applications and social networking in the enterprise, the Web has evolved into a full-fledged applications and infrastructure platform for corporations. The binary allow/block approach to Web security doesn't work when the majority of the Fortune 100 maintain dedicated Facebook and Twitter accounts. Meanwhile, thousands of large organizations rely on SaaS apps such as salesforece.com, NetSuite, and Google as core systems and tools. Web security solutions must also now account for mobile users and unmanaged devices in the enterprise as the employees require access to Web applications while outside of the corporate perimeter and often use devices such as personal smartphones and tablets for access. Increased use of services such as Dropbox, Box.net, CloudApp, LiveLoop, FileShare, and other online storage and collaborative platforms also poses information security challenges to enterprises. Many of these applications use Web interfaces, or Web-based protocols, and can be controlled by Web security gateway products and SaaS. F U T U R E O U T L O O K I D C M a r k e t S c a p e : W o r l d w i d e W e b S e c u r i t y P r o d u c t s V e n d o r A s s e s s m e n t The IDC vendor assessment for the enterprise Web security market represents IDC's opinion on which vendors are well positioned today through current capabilities and which are best positioned to gain market share over the next few years. Positioning in the upper right of the grid indicates that vendors are well positioned to gain market share. For the purpose of discussion, IDC divided potential key strategy measures for success into two primary categories: capabilities and strategies IDC #

6 Positioning on the y-axis reflects the vendor's current capabilities and menu of services and how well aligned it is to customer needs. The capabilities category focuses on the capabilities of the company and the product today, here and now. Under this category, IDC analysts will look at how well a vendor is building/delivering capabilities that enable it to execute its chosen strategy in the market. Positioning on the x-axis or strategies axis indicates how well the vendor's future strategy aligns with what customers will require in three to five years. The strategy category focuses on high-level strategic decisions and underlying assumptions about offerings, customer segments, and business and go-to-market plans for the future, in this case defined as the next three to five years. Under this category, analysts look at whether or not a supplier's strategies in various areas are aligned with customer requirements (and spending) over a defined future time period. Figure 3 shows each vendor's position in the vendor assessment chart. A vendor's market share is indicated by the size of the bubble, and a (+), (-), or (=) icon indicates whether or not the vendor is growing faster than, slower than, or even with, respectively, overall market growth. 4 # IDC

7 F I G U R E 3 I D C M a r k e t S c a p e : W o r l d w i d e W e b S e c u r i t y P r o d u c t s V e n d o r A s s e s s m e n t Notes: Revenue represented includes software, appliances, and SaaS platforms. Blue Coat's revenue represented in the MarketScape chart is based on past IDC estimates of the vendor's Web security revenue and is not a reflection of Blue Coat's total revenue. IDC previously counted the majority of Blue Coat's revenue in the WAN application delivery market. (Web security and WAN application delivery are mutually exclusive markets and therefore the revenue cannot be double counted). Going forward, IDC has modified the classification of Blue Coat's revenue between Web security and WAN application delivery, shifting the majority of product revenue to Web Security. This will be reflected in upcoming IDC reports providing 2012 revenue market share in Web Security and WAN Application Delivery, respectively. Source: IDC, IDC #

8 V e n d o r P r o f i l e Barracuda Networks Barracuda Networks is a Leader in the Web security IDC MarketScape, with onpremise appliance, virtual appliance, and SaaS offerings. It is also among those with the greatest Web security appliance market share (in both revenue and shipments). In addition to its on-premise hardware appliances, Barracuda also supports the three major hypervisors for virtual appliance scenarios: VMware, HyperV, and Citrix. Its 2008 acquisition of Purewire, a Web security SaaS provider, rounded out the vendor's on-premise/cloud strategy. Barracuda supports all the major features of secure Web gateways: URL filtering, antimalware, social media/web 2.0 controls, and content inspection. Barracuda's SaaS component, called Barracuda Web Security Service, is a cloud-based Web security service that allows end users to manage gateway devices via a central cloud interface as well as store log files and reports in the Barracuda cloud. The service also provides traffic filtering and antimalware technology via the cloud. Either the Web Security Service can work with on-premise equipment (either a Barracuda Web gateway or the vendor's next-generation firewall product) or end users can connect their sites or end users directly to the Barracuda Web Security Service cloud (a pure SaaS model). Additionally, Barracuda offers agents for laptops and a Barracuda Safe Browser for mobile devices to connect mobile/remote users to the cloud platform. Areas of Strength Barracuda's core strength is efficiently producing cost- and functionally effective security appliances for small businesses and medium-sized enterprises. Barracuda was behind only Websense and Cisco in 2011 in terms of appliance revenue, and it is one of the foremost in terms of equipment shipments in Web security. Barracuda offers on-premise appliances and virtual appliances, which provide flexibility in deployment options a key requirement cited by a majority of 24 end users interviewed for this IDC MarketScape. Barracuda has a wide range of other content and network security products for potential adjacencies and integration points. Barracuda's next-generation firewall, messaging security appliance, UTM, WAF, and backup and archiving solutions all could be potential sell-through, as well as deeper integration opportunities, with Web security. Barracuda has an efficiently run channel partner program and sales/marketing organization, which effectively reaches its target customers SMB/midsize enterprises with growing IT and security needs and complexities. Areas of Wea knes s Lack of Internet Content Adaptation Protocol (ICAP) support limits connecting the Web appliance to third-party scanners such as antimalware or DLP. While not as 6 # IDC

9 much of a requirement in SMBs Barracuda's core customer base the feature is critical in many larger firms; several IT executives interviewed for this IDC MarketScape required multiple ICAP connections for external scanning engines from their Web security providers. However, Barracuda does use ICAP internally on its hardware to connect its own inspection engines and plans to expose this capability to support external proxy support by the end of Barracuda's threat research lab, while a capable organization, is relatively small compared with its large antimalware competitors. Limited support of third-party AV engines (only open source ClamAV is supported for on-device antimalware) is another limitation. Areas of Opp ortun ity Barracuda is well positioned to help small and midsize organizations transition from pure device-based, on-premise Web security solutions to hybrid and cloud-based technology. Barracuda's approach is effective in that it provides a gradual introduction of cloud technology as a complementary add-on to appliances, rather than abruptly pulling its customer base into a cloud-centric security solution. (According to IDC data, SMBs are 33% less likely to adopt cloud security services compared with enterprises.) E S S E N T I A L G U I D A N C E A d v i c e t o E n d U s e r s Choose Web security tools and services that measure up. It is important for Web security solutions to offer a wide range of cutting-edge features, but what separates truly useful tools from products that are installed and then forgotten about is the ability to see and measure progress. This means a rich set of reporting tools that can provide metrics and statistics on performance number of Web-based infections stopped, availability/uptime of services, policy violations detected, and so forth and give customers visibility into these data over time. Enterprises that install products without the ability to measure their effectiveness over time will be in a continual state of security product window shopping. Look for vendors with strong cloud strategies. An overall Web security solutions provider should have a clear strategy for how it will utilize both cloudbased security intelligence and threat information in its products, as well as a road map for how it will deliver Web security solutions from the cloud, or via the security SaaS model. Customers interested only in appliance or software-based Web security solutions should keep in mind how their product needs may change in three to five years, and choose vendors that will be able to anticipate new demands and delivery models. Web security is a two-way street. Enterprises must have visibility not only into the Web-based traffic entering the enterprise URL requests, file downloads, streams, and potential malware they must also consider the outbound factor, including potential botnet C&C communications, exfiltration of sensitive data, or unwanted P2P or chat/video/social networking communications used by 2012 IDC #

10 employees. This makes the inbound/outbound scanning and remediation capabilities of the vendor a critical selection criterion. Evaluate cloud-enabled product capabilities. In addition to SaaS as a delivery model, users should also consider a vendor's cloud capabilities in terms of threat intelligence. This includes how the vendor uses the cloud to collect and disseminate information on emerging threats, as well as the capabilities to update and empower on-premise products to detect and stop these threats. A d v i c e t o V e n d o r s Hybrid/SaaS delivery models are critical to future success. Two-thirds of enterprises will have deployed some form of cloud security SaaS in the next 24 months, according to IDC's 2011 Cloud Security Survey; the majority of those deploying SaaS will do so in concert with existing on-premise solutions in a hybrid approach. Vendors must anticipate this trend and either create cloudbased services that integrate well with their on-premise hardware/virtual appliances or find partnership with noncompetitive cloud service providers, MSSPs, or carriers that could provide such services in the cloud. Look into industries that are ramping up Web-based services. The traditional sweet spot for Web security vendors has been in highly regulated industries such as finance and healthcare (to police Web usage and protect financial or patient data) and in education to protect students and student information. Vendors must look at industries through the lens of Web expansion and security opportunities. With the emergence of smart grid and a more customer-oriented way of thinking, Web security tools will be in high demand in verticals such as utilities, manufacturing, and health sciences. Realize the changing nature, and criticality, of Web traffic. Vendors must also anticipate the growing importance of HTTP traffic in the enterprise. Webbased apps are evolving, as well as new technologies such as HTML5, which promise to make these apps as rich and powerful as installed desktop software. As businesses continue to move more applications into the cloud, and rely on SaaS for business-critical software and infrastructure components, the myriad TCP/UDP application-specific ports will converge, and ports 80 and 443 traffic will become the most important in many organizations. Vendors that can anticipate this shift, and position their products as enablers of secure SaaS/cloud-connected enterprises, will be viewed as more strategic than vendors focusing on filtering, antimalware, and to some extent, social media control and blocking. Watch out for next-generation firewall displacement/cannibalization. Web security vendors will have to compete not only with each other but with nextgeneration firewall vendors, as these providers, such as Palo Alto, Fortinet, Cisco, Juniper, and Dell (SonicWALL), move more aggressively into Layer 7 security, with features such as Web application control, URL filtering, and even antimalware/antispam capabilities on the firewall. As mentioned previously, positioning the Web security gateway as a secure connectivity point to the cloud and SaaS will put Web security products in a more strategic position and prevent 8 # IDC

11 end users from sampling and rolling these features into their NGFW upgrade feature checklist. L E A R N M O R E R e l a t e d R e s e a r c h Worldwide Web Security Forecast and 2011 Vendor Shares (IDC #235515, July 2012) IDC's Worldwide Security Products Taxonomy, 2012 (IDC #235288, June 2012) S y n o p s i s This IDC study uses the vendor assessment model called IDC MarketScape. This assessment discusses both quantitative and qualitative characteristics that explain a vendor's success in the marketplace and help anticipate its ascendancy. This is the first IDC MarketScape for the enterprise Web security market. Enterprises are moving toward cloud-based Web security technologies, but they are doing so without abandoning their on-premise appliance/software deployments. The need to support both types of Web security delivery models, and manage, maintain, and support these models in a hybrid delivery scenario, is a critical requirement for any vendor offering Web security solutions today, and over the next five years. "The Web security market is moving toward a SaaS model," says Phil Hochmuth, program manager for IDC's Security Products. "Enterprises will require the flexibility, scale, and availability of cloud security services to protect growing mobile workforces, BYOD scenarios, and continual expanding and shifting of the enterprise Web perimeter. However, enterprises won't jump into the Web security SaaS pool with two feet and a pinched nose; it will be a slow, wading process. Hybrid solutions providers offering links to the power and scale of cloud-based Web security, with strong onpremise offerings, will be in the best position to succeed in this market over the next months." C o p y r i g h t N o t i c e This IDC research document was published as part of an IDC continuous intelligence service, providing written research, analyst interactions, telebriefings, and conferences. Visit to learn more about IDC subscription and consulting services. To view a list of IDC offices worldwide, visit Please contact the IDC Hotline at , ext (or ) or sales@idc.com for information on applying the price of this document toward the purchase of an IDC service or for information on additional copies or Web rights. Copyright 2012 IDC. Reproduction is forbidden unless authorized. All rights reserved IDC #