Reference Technology Roadmap

Transcription

1 Information Security Study: Wave 17 Reference Technology Roadmap Comparing all 42 technologies tracked in the study, this high-level reference contains the Technology Index, the Adoption Index, leading vendor tables, overall technology roadmap and spending charts. It also indicates what is included in the more detailed reports based on each technology segment covered in the study. NEW YORK BOSTON WASHINGTON DC SAN FRANCISCO SEATTLE DENVER LONDON SAO PAULO DUBAI SINGAPORE

2 About TheInfoPro s Information Security Study TheInfoPro s Information Security Study takes an in-depth look at key industry trends and tracks the performance of individual vendors. Now in its twelfth year, this study was finalized in September 2014 and is based on 217 interviews. TheInfoPro s methodology uses extensive interviews with a proprietary network of IT professionals and key decision-makers at large and midsize enterprises. Each interview explores several fundamental areas, including the implementation and spending plans for technologies, evaluations of vendors observed from business and product perspectives, macro IT influences transforming the sector, and factors affecting decision processes. Results are collated into comprehensive research reports providing business intelligence in the form of technological roadmaps, budget trends and vendor spending plans and performance ratings. Examples of Vendors Covered in the Study Aruba Networks Blue Coat Systems Check Point Cisco Dell EMC (RSA) Fortinet FireEye Guidance Software Hewlett-Packard Intel (McAfee) Juniper Networks Microsoft About the Author Palo Alto Networks Qualys Rapid7 Sophos Symantec Websense This report was written by Daniel Kennedy, Research Director for Enterprise Networking and Information Security. Daniel Kennedy is an experienced information security professional. Prior to joining 451 Research, he was a partner in the information security consultancy Praetorian Security LLC, where he directed strategy on risk assessment and security certification. Before that, he was Global Head of Information Security for D.B. Zwirn & Co., as well as Vice President of Application Security and Development Manager at Pershing LLC, a division of the Bank of New York. Kennedy has written for both Forbes online and Ziff Davis, has provided commentary to numerous news outlets, including The New York Times and The Wall Street Journal, and his personal blog, Praetorian Prefect, which was recognized as one of the top five technical blogs in information security by the RSA 2010 Conference. Kennedy holds a master of science degree in information systems from Stevens Institute of Technology, a master of science in information assurance from Norwich University, and a bachelor of science in information management and technology from Syracuse University. He is certified as a CEH (Certified Ethical Hacker) from the EC-Council, is a CISSP, and has a NASD Series 7 license Research, LLC.

3 Guide to Information Security Study Reports A wave of research produces a series of reports that are published approximately in this order: 2015 INFORMATION SECURITY OUTLOOK INFORMATION SECURITY METRICS REFERENCE TECHNOLOGY ROADMAP APPLICATION SECURITY TECHNOLOGY ROADMAP INFRASTRUCTURE SECURITY TECHNOLOGY ROADMAP NETWORK SECURITY TECHNOLOGY ROADMAP SECURITY MANAGEMENT TECHNOLOGY ROADMAP Information security professionals describe how 2015 looks for budgets, projects and pain points with time series charts to give perspective to the coming year. Benchmarking organization efficiency, this report contains metrics about staffing, organization structure, the existence of written policies, compliance and internal security. Allowing comparison of all 42 technologies tracked in the study, this high-level reference contains the Technology Index, the Adoption Index, leading vendor tables, overall technology roadmap and spending charts. It also indicates what is included in the more detailed reports based on each technology segment covered in the study. Capturing IT professionals adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers these four technologies: Web application firewalls, Web application scanning, code/binary analysis and database security. Capturing IT professionals adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 14 technologies, including endpoint and network data-loss prevention (DLP), encryption and tokenization. Capturing IT professionals adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 11 technologies, including firewalls, NIPS, NAC, UTM, anti-spam and anti-ddos. Capturing IT professionals adoption plans, projected spending and vendor short-lists, the in-depth roadmap covers 13 technologies, including mobile device management, SIEM, IT GRC, identity federation, threat intelligence and computer forensics. VENDOR VULNERABILITY AND SPENDING This report allows you to compare IT professionals spending intentions and loyalty ratings for more than 12 vendors. VENDOR MARKET WINDOWS AND RATINGS CUSTOMER ASSESSMENTS FOR INDIVIDUAL VENDORS NARRATIVES MARKET DYNAMICS TheInfoPro s unique Market Window uses IT professionals ratings of vendors on 14 separate criteria to calculate scores for Vendor Promise and Vendor Fulfillment, allowing comparison of vendors effectiveness at strategy, marketing, delivery and execution. Summarizing IT professionals assessments for vendors, this report profiles individual vendors based on spending, vulnerability and ratings on 14 categories. Time series are included. Compiling open-ended commentary from in-depth interviews with IT professionals, you hear the direct voice of the customer discussing technology, the industry and the future of this sector. Designed for IT professionals, this report captures highlights from the complete study, and provides business intelligence in the form of technological roadmaps, budget trends, voice-of-the-customer narratives and vendor spending plans and performance ratings. Source: Information Security Wave Research, LLC.

4 Table of Contents About TheInfoPro s Information Security Study 2 Principal Findings 5 Implementation Plans 6 Technology Index and Leading Vendors 9 Appendixes Demographics, Methodology, Sample Variation 17 How to Interpret the Data 19 Source: Information Security Wave Research, LLC.

5 Principal Findings Firewall-management-related initiatives topped the project list for security managers in 2014, and thus it is little surprise that the network firewalls also captured the greatest percentage of those increasing spending in 2014 compared to Application-aware or next-generation firewalls also captured increased spending for 29% of security managers. Intrusion management and event log management rounded out the top three projects in terms of percentage of security managers increasing spending between 2013 and now. Looking forward to 2015, network firewalls again are at the top of the technology list when it comes to the percentage of security managers increasing spending, 3. It is tied with mobile device management (MDM), where 3 of security managers also report plans for increased spending. Application-aware or next-generation firewalls round out the top three technologies capturing increased spending in It is similarly atop the 2014 proprietary Technology Index, a measure of the immediacy of user needs around all tracked security technologies. Palo Alto Networks is the lead in-plan vendor. Network access control (NAC) is number two on the same Index, buoyed by the increase in mobility, guest networks, and non-corporate devices connecting to the company network. Cisco is the lead in-plan vendor for NAC. Endpoint data-loss prevention (DLP) rounds out the top three on the Index. Symantec was the lead inplan vendor in 2013, but gave way to Websense in Similarly, the lead in-plan vendor for mobile device management (MDM) in 2013, MobileIron, gave way to VMware in 2014, fresh off its acquisition of AirWatch. Source: Information Security Wave Research, LLC.

6 Information Security Technology Roadmap Antivirus/Endpoint Security Network Firewalls Anti-spam/ Security Patch Management NIDS/NIPS SSL VPNs Vulnerability/Risk Assessment/Scanning Web Content Filtering Penetration Testing Encryption Multifactor Authentication Event Log Management System Secure File Transfer Authorization and Access Control and Messaging Archiving Mobile Device Management IT Sec Training/Edu/Awareness Certificate/Key Management Security Information Event Management SSO, Identity as a Service, Identity Fed Web Application Scanning Computer Forensics HIDS/HIPS Secure Instant Messaging Application-aware/Next-gen Firewall Anti-DDoS Advanced Anti-malware Response Threat Intelligence Managed Security Service Provider Web Application Firewall Database Security IT GRC Endpoint Data-loss Prevention Solutions Network Access Control File Integrity Monitoring Network Data-loss Prevention Solutions Unified Threat Management Code or Binary Analysis Tools for Securing Virtualization Infra Tokenization Information/Digital Rights Mgmt Tools for Security Public Cloud 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% In Use Now Near-term Plan (In Next 6 Months) Past Long-term Plan (Later Than 18 Months Out) Don't Know In Pilot/Evaluation (Budget Has Already Been Allocated) Long-term Plan (6-18 Months) Not in Plan Q. What is your status of implementation for this technology? n=212 to 214. Source: Information Security Wave Research, LLC.

7 2014 vs Spending Change for Information Security Technologies Network Firewalls NIDS/NIPS Event Log Management System Application-aware/Next-gen Firewall Mobile Device Management Security Information Event Management Web Content Filtering SSO, Identity as a Service, Identity Fed Authorization and Access Control Network Access Control IT Sec Training/Edu/Awareness Encryption Multifactor Authentication Vulnerability/Risk Assessment/Scanning Advanced Anti-malware Response Secure File Transfer SSL VPNs Managed Security Service Provider IT GRC Certificate/Key Management Network Data-loss Prevention Solutions Penetration Testing and Messaging Archiving Code or Binary Analysis Antivirus/Endpoint Security Endpoint Data-loss Prevention Solutions Anti-DDoS Web Application Firewall Anti-spam/ Security Computer Forensics Patch Management Threat Intelligence Web Application Scanning Unified Threat Management Tools for Securing Virtualization Infra HIDS/HIPS Database Security Tokenization File Integrity Monitoring Secure Instant Messaging Tools for Security Public Cloud Information/Digital Rights Mgmt 7% 5% 7% 7% 4% 7% 50% 5 4% 46% 44% 54% 4 30% 45% 48% 56% 44% 26% % 54% 28% 29% 24% 5 26% 66% 54% 17% 77% 3 28% 3 70% % 47% % 3 30% 29% 29% 28% 25% % 19% 19% 19% 16% 16% 15% 14% 14% 14% 14% % 8% 8% 27% 18% 7% 7% 6% 17% 10% 6% 5% 4% 2 25% 29% Less Spending About the Same More Spending Q. How will your spending on this technology change in 2014 as compared to 2013? n=209 to 214. Data from respondents not using the technology or that don't know about spending are hidden. Source: Information Security Wave Research, LLC.

8 2015 vs Spending Change for Information Security Technologies Network Firewalls Mobile Device Management Application-aware/Next-gen Firewall Security Information Event Management NIDS/NIPS Event Log Management System SSO, Identity as a Service, Identity Fed Network Access Control Multifactor Authentication Authorization and Access Control Endpoint Data-loss Prevention Solutions IT Sec Training/Edu/Awareness Encryption Network Data-loss Prevention Solutions Managed Security Service Provider Vulnerability/Risk Assessment/Scanning Web Application Firewall Web Content Filtering Penetration Testing Secure File Transfer Tools for Securing Virtualization Infra Computer Forensics Certificate/Key Management Advanced Anti-malware Response IT GRC Unified Threat Management Anti-DDoS Antivirus/Endpoint Security Code or Binary Analysis Web Application Scanning and Messaging Archiving SSL VPNs Database Security Tools for Security Public Cloud Anti-spam/ Security Patch Management Threat Intelligence HIDS/HIPS Tokenization Information/Digital Rights Mgmt File Integrity Monitoring Secure Instant Messaging 4% 1 10% 6% 8% 6% 5% 8% 4% 5% 48% 4 8% 28% 40% 5 47% 44% 48% 48% 47% 58% 4% 64% 60% 64% 5 77% 66% 7 74% 5 54% 45% 18% 2 25% 4 4% 20% 25% 26% 3 24% 28% 19% % 25% 28% 25% % 27% 27% 25% 24% 2 18% 14% % 18% 18% 17% 16% 15% 15% 15% 15% 14% % 10% 9% 9% 9% 7% 7% 6% 6% 4% Less Spending About the Same More Spending Q. How will your spending on this technology change in 2015 as compared to 2014? n=209 to 214. Data from respondents not using the technology or that don't know about spending are hidden. Source: Information Security Wave Research, LLC.

9 Information Security Technologies: Index vs. Adoption Index Rank Technology Score Adoption Score Rank Technology 1 Application aware/next generation Firewall IT Security Training/Education/Awareness Network Access Control Code or Binary Analysis Endpoint Data loss Prevention Solutions Web Application Scanning Mobile Device Management Network Intrusion Detection and/or Prevention Network Data loss Prevention Solutions Database Security Multifactor Authentication Tools for Security Public Cloud Web Application Firewall Information or Digital Rights Management Security Information Event Management Web Content Filtering Single Sign on, Identity as a Service and/or Identity Federation Score Adoption Score Vulnerability/Risk Assessment/Scanning Event Log Management System File Integrity Monitoring Advanced Anti malware Response Host Intrusion Detection and/or Prevention Managed Security Service Provider Computer Forensics Authorization and Access Control Network Firewalls Tools for Securing Virtualization Infrastructure Patch Management Secure File Transfer Penetration Testing Threat Intelligence Tokenization IT GRC Encryption Anti DDoS SSL VPNs Certificate/Key Management Secure Instant Messaging and Messaging Archiving Anti spam/ Security Unified Threat Management Antivirus/Endpoint Security 0 97 Technology Index : measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization s budget for the relevant IT sector, and future changes in the organization s budget. A high score means a technology is expected to see significant growth. Technology Adoption Index: measures aggregate investment in a technology based on several factors including: usage or planned usage, changes in planned spending, and an organization s budget for the relevant IT sector. A high score means the technology is already experiencing healthy adoption. n=212 to 215. Source: Information Security Wave Research, LLC.

10 Information Security Technologies: Index Ranking and Leading Vendors (1 of 2) Rank Score Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use Application aware/next generation Firewall Palo Alto Ntwks! Check Point Palo Alto Ntwks! Check Point 2 99 Network Access Control Cisco! ForeScout Cisco! Juniper 3 86 Endpoint Data loss Prevention Solutions Websense Symantec Symantec Intel 4 80 Mobile Device Management VMware! Microsoft VMware MobileIron 5 78 Network Data loss Prevention Solutions Websense Symantec Symantec! EMC 6 70 Multifactor Authentication EMC! Duo Security EMC! Microsoft 7 64 Web Application Firewall Palo Alto Ntwks F5 Ntwks F5 Ntwks Imperva 8 63 Security Information Event Management Splunk LogRhythm HP IBM 9 62 Single Sign on, Identity as a Service and/or Identity Federation Okta Oracle Microsoft! Oracle Event Log Management System Splunk! Open Source Splunk HP Advanced Anti malware Response FireEye! Bit9 FireEye Intel Managed Security Service Provider Verizon HP; IBM Dell Symantec Authorization and Access Control EMC Cisco; SailPoint Microsoft! Oracle Tools for Securing Virtualization Infrastructure VMware Symantec VMware! Intel Secure File Transfer IBM; WatchDox Box; Citrix; Microsoft IBM Threat Intelligence FireEye! HP; IBM; isight; NTT; Palo Alto Ntwks; Symantec Symantec Accellion; Homegrown; Ipswitch IT GRC EMC LockPath EMC! Homegrown Anti DDoS Akamai Prolexic Akamai AT&T; Prolexic Certificate/Key Management Microsoft! Venafi Microsoft! Symantec; Verisign, Inc and Messaging Archiving Microsoft Symantec Microsoft Symantec Unified Threat Management Cisco Palo Alto Ntwks Palo Alto Ntwks Intel Dell Technology Index : measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization s budget for the relevant IT sector, and future changes in the organization s budget. A high score means a technology is expected to see significant growth. A! vendor has at least twice the number of selections as the closest competitor. A! vendor has at least twice the number of responses as the closest competitor. n=212 to 215. Source: Information Security Wave Research, LLC.

11 Information Security Technologies: Index Ranking and Leading Vendors (2 of 2) Rank Score Technology Lead in Plan 2nd in Plan Lead in Use 2nd in Use IT Security Training/Education/Awareness Cisco; FishNet; PhishMe; SANS Inst; Security Awareness; TSTC Homegrown Homegrown! SANS Inst Code or Binary Analysis Veracode HP HP Veracode Web Application Scanning WhiteHat Sec! Open Source; Qualys; Rapid Network Intrusion Detection and/or Prevention Palo Alto Ntwks Cisco Cisco! Palo Alto Ntwks Database Security Imperva! Intel Oracle Imperva Tools for Security Public Cloud CipherCloud! Okta Microsoft Qualys HP CloudLock; Homegrown; Skyhigh Ntwks Information or Digital Rights Management Microsoft! Adobe; EMC; GigaTrust Microsoft! Adobe Web Content Filtering Palo Alto Ntwks! Cisco; F5 Ntwks; Intel; Websense Websense Vulnerability/Risk Assessment/Scanning Qualys Rapid7 Qualys! Rapid7 Blue Coat File Integrity Monitoring Tripwire! Intel; Symantec Tripwire! Microsoft Host Intrusion Detection and/or Prevention Intel! Open Source; Symantec Intel!; Symantec Tripwire Computer Forensics Guidance Sftw! Bit9; FireEye Guidance Sftw! AccessData Network Firewalls Palo Alto Ntwks! Cisco Check Point Patch Management Secunia; TCS Microsoft Microsoft! IBM Penetration Testing Dell! Homegrown Homegrown; PWC; Rapid7 Deloitte; Protiviti Tokenization Symantec VeriFone Homegrown! CyberSource; Liaison Tech; Paymetric; Protegrity Encryption Microsoft! EMC Microsoft Symantec 39 9 SSL VPNs Cisco! Sophos Cisco Juniper 39 9 Secure Instant Messaging Microsoft! Avaya Microsoft! IBM 41 4 Anti spam/ Security Symantec! Microsoft Cisco 42 0 Antivirus/Endpoint Security Symantec Intel Technology Index : measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization s budget for the relevant IT sector, and future changes in the organization s budget. A high score means a technology is expected to see significant growth. A! vendor has at least twice the number of selections as the closest competitor. A! vendor has at least twice the number of responses as the closest competitor. n=212 to 215. Source: Information Security Wave Research, LLC.

12 Information Security Technologies: Index Ranking and Leading Inuse Vendors Time Series (1 of 2) Rank Technology 2H '13 Lead In-use Vendor 2H '14 Lead In-use Vendor 2H '13 2nd In-use Vendor 2H '14 2nd In-use Vendor 1 Application aware/next generation Firewall Palo Alto Ntwks Palo Alto Ntwks! Imperva Check Point 2 Network Access Control Cisco! Cisco! ForeScout Juniper 3 Endpoint Data loss Prevention Solutions Symantec! Symantec McAfee Intel 4 Mobile Device Management Good Tech VMware MobileIron MobileIron 5 Network Data loss Prevention Solutions Symantec! Symantec! EMC; Websense EMC 6 Multifactor Authentication EMC! EMC! Microsoft Microsoft 7 Web Application Firewall F5 Ntwks F5 Ntwks Imperva Imperva 8 Security Information Event Management HP HP IBM IBM 9 Single Sign on, Identity as a Service and/or Identity Federation Microsoft Microsoft! Oracle Oracle 10 Event Log Management System Splunk Splunk HP HP 11 Advanced Anti malware Response FireEye FireEye Symantec Intel 12 Managed Security Service Provider Symantec Dell Dell Symantec 13 Authorization and Access Control Microsoft! Oracle 14 Tools for Securing Virtualization Infrastructure VMware! VMware! Microsoft Intel 15 Secure File Transfer Homegrown IBM IBM Accellion; Homegrown; Ipswitch 16 Threat Intelligence Symantec Symantec IBM Dell 17 IT GRC EMC! EMC! Homegrown Homegrown 18 Anti DDoS Akamai AT&T; Prolexic 19 Certificate/Key Management Microsoft! Microsoft! Symantec Symantec; Verisign, Inc. 19 and Messaging Archiving Symantec Microsoft Microsoft Symantec 21 Unified Threat Management Fortinet; Palo Alto Ntwks Palo Alto Ntwks Check Point Intel Technology Index : measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization s budget for the relevant IT sector, and future changes in the organization s budget. A high score means a technology is expected to see significant growth. A! vendor has at least twice the number of selections as the closest competitor. A! vendor has at least twice the number of responses as the closest competitor. 2H '13, n=198 to 205; 2H '14, n=212 to 215. Source: Information Security Wave Research, LLC.

13 Information Security Technologies: Index Ranking and Leading Inuse Vendors Time Series (2 of 2) Rank Technology 2H '13 Lead In-use Vendor 2H '14 Lead In-use Vendor 2H '13 2nd In-use Vendor 2H '14 2nd In-use Vendor 21 IT Security Training/Education/Awareness Homegrown! Homegrown! SANS Inst SANS Inst 21 Code or Binary Analysis IBM HP HP Veracode 24 Web Application Scanning Qualys HP 24 Network Intrusion Detection and/or Prevention Cisco! Cisco! HP; McAfee Palo Alto Ntwks 26 Database Security Oracle Oracle Imperva Imperva 26 Tools for Security Public Cloud AWS Microsoft Homegrown; Oracle; CloudLock; Homegrown; Skyhigh Ntwks 28 Information or Digital Rights Management Microsoft! Microsoft! EMC Adobe 29 Web Content Filtering Websense Websense Blue Coat Blue Coat 29 Vulnerability/Risk Assessment/Scanning Qualys! Qualys! Open Source Rapid7 31 File Integrity Monitoring Tripwire! Tripwire! Open Source; Symantec Microsoft 32 Host Intrusion Detection and/or Prevention McAfee!; Symantec Intel!; Symantec IBM Tripwire 32 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData AccessData 34 Network Firewalls Cisco Cisco Check Point Check Point 35 Patch Management Microsoft! Microsoft! Symantec IBM 35 Penetration Testing Homegrown Homegrown; PWC; Rapid7 Trustwave Deloitte; Protiviti 37 Tokenization EMC; Homegrown; SafeNet Homegrown! CyberSource; Microsoft; Oracle; Paymetric CyberSource; Liaison Tech; Paymetric; Protegrity 38 Encryption Microsoft Symantec 39 SSL VPNs Cisco Cisco Juniper Juniper 39 Secure Instant Messaging Microsoft! Microsoft! IBM IBM 41 Anti spam/ Security Cisco Microsoft Symantec Cisco 42 Antivirus/Endpoint Security Symantec Symantec McAfee Intel Technology Index : measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization s budget for the relevant IT sector, and future changes in the organization s budget. A high score means a technology is expected to see significant growth. A! vendor has at least twice the number of selections as the closest competitor. A! vendor has at least twice the number of responses as the closest competitor. 2H '13, n=198 to 205; 2H '14, n=212 to 215. Source: Information Security Wave Research, LLC.

14 Information Security Technologies: Index Ranking and Leading Inplan Vendors Time Series (1 of 2) Rank Technology 2H '13 Lead In-plan Vendor 2H '14 Lead In-plan Vendor 2H '13 2nd In-plan Vendor 2H '14 2nd In-plan Vendor 1 Application aware/next generation Firewall Palo Alto Ntwks Palo Alto Ntwks! Check Point Check Point 2 Network Access Control Cisco! Cisco! Aruba Ntwks ForeScout 3 Endpoint Data loss Prevention Solutions Symantec! Websense McAfee Symantec 4 Mobile Device Management MobileIron! VMware! Good Tech Microsoft 5 Network Data loss Prevention Solutions Symantec Websense McAfee Symantec 6 Multifactor Authentication EMC; Symantec EMC! Duo Security 7 Web Application Firewall F5 Ntwks! Palo Alto Ntwks Check Point F5 Ntwks 8 Security Information Event Management LogRhythm Splunk IBM LogRhythm 9 Single Sign on, Identity as a Service and/or Identity Federation Microsoft; Okta Okta Ping Identity Oracle 10 Event Log Management System LogRhythm! Splunk! McAfee Open Source 11 Advanced Anti malware Response FireEye! FireEye! Check Point; Palo Alto Ntwks Bit9 12 Managed Security Service Provider Dell Verizon AT&T HP; IBM 13 Authorization and Access Control EMC Cisco; SailPoint 14 Tools for Securing Virtualization Infrastructure VMware VMware Check Point Symantec 15 Secure File Transfer Box! IBM; WatchDox Accellion; AppSense; Google Box; Citrix; Microsoft 16 Threat Intelligence CrowdStrike FireEye! Symantec HP; IBM; isight; NTT; Palo Alto Ntwks; Symantec 17 IT GRC EMC! EMC IBM LockPath 18 Anti DDoS Akamai Prolexic 19 Certificate/Key Management Microsoft Microsoft! Venafi Venafi 19 and Messaging Archiving Google! Microsoft HP Symantec 21 Unified Threat Management Fortinet Cisco Check Point; Palo Alto Ntwks Palo Alto Ntwks Technology Index : measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization s budget for the relevant IT sector, and future changes in the organization s budget. A high score means a technology is expected to see significant growth. A! vendor has at least twice the number of selections as the closest competitor. A! vendor has at least twice the number of responses as the closest competitor. 2H '13, n=198 to 205; 2H '14, n=212 to 215. Source: Information Security Wave Research, LLC.

15 Information Security Technologies: Index Ranking and Leading Inplan Vendors Time Series (2 of 2) Rank Technology 2H '13 Lead In-plan Vendor 2H '14 Lead In-plan Vendor 2H '13 2nd In-plan Vendor 2H '14 2nd In-plan Vendor 21 IT Security Training/Education/Awareness SANS Inst! Cisco; FishNet; PhishMe; SANS Inst; Security Awareness; TSTC Wombat 21 Code or Binary Analysis Veracode Veracode WhiteHat Sec HP Homegrown 24 Web Application Scanning WhiteHat Sec! Open Source; Qualys; Rapid7 24 Network Intrusion Detection and/or Prevention Palo Alto Ntwks Palo Alto Ntwks Check Point Cisco 26 Database Security Imperva Imperva! IBM Intel 26 Tools for Security Public Cloud CipherCloud! CipherCloud! Ping Identity Okta 28 Information or Digital Rights Management Microsoft! Microsoft! WatchDox Adobe; EMC; GigaTrust 29 Web Content Filtering Websense! Palo Alto Ntwks! Blue Coat Cisco; F5 Ntwks; Intel; Websense 29 Vulnerability/Risk Assessment/Scanning McAfee; Tenable Qualys Core Security Rapid7 31 File Integrity Monitoring Tripwire Tripwire! Symantec Intel; Symantec 32 Host Intrusion Detection and/or Prevention McAfee! Intel! Trend Micro Open Source; Symantec 32 Computer Forensics Guidance Sftw! Guidance Sftw! AccessData; Symantec Bit9; FireEye 34 Network Firewalls Palo Alto Ntwks! 35 Patch Management Microsoft! Secunia; TCS Microsoft 35 Penetration Testing Dell! Homegrown 37 Tokenization Agilysys Symantec Protegrity; SafeNet VeriFone 38 Encryption Microsoft! EMC 39 SSL VPNs Juniper! Cisco! Cisco; Citrix Sophos 39 Secure Instant Messaging Microsoft Microsoft! Google Avaya 41 Anti spam/ Security Symantec! 42 Antivirus/Endpoint Security Trend Micro Technology Index : measures user demand for a technology based on several factors including: usage or planned usage, changes in planned spending, an organization s budget for the relevant IT sector, and future changes in the organization s budget. A high score means a technology is expected to see significant growth. A! vendor has at least twice the number of selections as the closest competitor. A! vendor has at least twice the number of responses as the closest competitor. 2H '13, n=198 to 205; 2H '14, n=212 to 215. Source: Information Security Wave Research, LLC.

16 Appendixes

17 Demographics Industry Verticals Enterprise Revenue Public Sector Transportation Energy/Utilities 4% Industrial/ Manufacturing 5% Other 9% Financial Services 25% $30B-$40B $20B-$29.99B $10B-$19.99B 1 > $40B 9% < $499.99M 19% $500M-$999.99M 8% Materials/Chemicals 6% Services: Business/Accounting/ Engineering 7% Telecom/Technology 8% Education 8% Healthcare/ Pharmaceuticals 10% Consumer Goods/Retail 1 $5B-$9.99B 1 $1B-$4.99B 3 Employee Size Information Security Budget Level % > $30M $20M-$29.99M 8% $10M-$19.99M 6% < $500K 20% > 10,000 48% 1,000-4,999 29% $7M-$9.99M 1 $500K-$999K 1 $4M-$6.99M 9% 5,000-10,000 15% $1M-$3.99M 3 Top Left Chart, n=215; Top Right Chart, n=215; Bottom Left Chart, n=215; Bottom Right Chart, n=145. Source: Information Security Wave Research, LLC.

18 Methodology and Sample Variation METHODOLOGY The Information Security Study relies on a proprietary network of IT professionals and is based on in-depth interviews with 217 security professionals conducted from February 2014 through July TheInfoPro s interviewers are current and former IT managers and executives. They ask open-ended questions that enable TheInfoPro to gain an excellent understanding of the issues and decision-making process related to strategic planning, technology benchmarking, and vendor selection and negotiation. The Commentator Network has a variety of industry types and levels of technology adoption. TheInfoPro screens potential commentators to ensure that they can discuss in detail their enterprises technology roadmap and relationships with pertinent vendors. To participate, a commentator had to work for a large or midsize enterprise. For the purposes of this study, large enterprises have more than $1bn of revenue and midsize enterprises have annual revenue of $100m to $999m. SAMPLE SIZE VARIATION Because the interviews are designed to be flexible to the needs and knowledge of the commentator, not every interviewee is asked every question. As a result, many charts have a sample size varying from the total number of interviews. RECENT CHANGES TO THE STUDY Many respondents have detailed knowledge of all technology areas, but some do not. Beginning this year we are reporting percentages based upon the full survey sample of respondents, and showing the percentage of respondents who indicated that they did not have detailed status knowledge for certain technologies. TheInfoPro s Technology Index and Adoption Index have been updated. The indexes were re-engineered to provide a stronger picture of user demand and investment in technologies. The calculations now account for planned changes in a technology s spending and the relevant sector s budgets. Source: Information Security Wave Research, LLC.

19 How to Interpret the Data DATA IN STANDARD BAR AND COLUMN CHARTS Bar and column charts represent the percentage of commentators that gave a particular response. When relevant, Don t Know responses are included on charts. If a stacked bar or column chart does not equal 100%, it is because Don t Know or Not Using responses are hidden. For questions with multiple responses per interview, the totals for some charts may exceed 100%. TECHNOLOGY ROADMAP AND INDEXES The Technology Roadmaps highlight the percentage of respondents with a technology in use, the percentage that are likely to use the technology for the first time in the next two years, and those who have no plans. The size of the gap between 'in use' and 'not in plan' status indicates the potential opportunity for a technology in the next two years. For each roadmap technology, respondents are asked about their implementation status and plans, the vendors in use or consideration, and expectations for spending changes. This data is combined with spending and budget data to calculate the and Adoption index values for each technology. The Technology Index measures user demand for a technology based on several factors, including usage or planned usage, changes in planned spending, an organization s budget for the relevant IT sector, and future changes in the organization s budget. A high score means a technology is expected to see significant growth. The Technology Adoption Index measures aggregate investment in a technology based on several factors, including usage or planned usage, changes in planned spending, and an organization s budget for the relevant IT sector. A high score means the technology is already experiencing healthy adoption. Technologies with a high Index score and a low Adoption Index score have the largest near-term market opportunity for vendors. Technologies with a high Index score and a high Adoption Index score are experiencing near-term growth but have limited opportunities for new market entrants. A low Index paired with a low Adoption Index indicates a technology with limited near-term growth potential. CUSTOMER RATINGS Respondents rated vendors on 14 criteria using a 1-5 scale, with 1 being poor and 5 being excellent. The Market Window is TheInfoPro's unique methodology to visualize comparative vendor ratings on a single chart. It plots the Promise and Fulfillment Indexes to compare vendors effectiveness at marketing and execution. A vendor placing in the upper right quadrant is rated highly for both its promise and ability to execute underpromising and overdelivering relative to its peers. Conversely, a vendor in the lower left quadrant rates poorly on the same criteria. The Vendor Promise Index is designed as a measure of marketing effectiveness. It uses four of the 14 customer ratings criteria (competitive positioning, technical innovation, management s strategic vision and brand/reputation), which are related to global concepts conveyed to potential customers prior to actual product/service delivery and use. The Vendor Fulfillment Index is designed as a measure of execution effectiveness. It uses four of the 14 customer ratings criteria (value for the money, product quality, delivery as promised and technical support quality), which are related to the physical product/service delivery and customer experience of using the product or service. Source: Information Security Wave Research, LLC.

20 Each individual report summarizes interesting portions of TheInfoPro s Wave 17 Information Security Study and does not comprehensively review the hundreds of pages of research that form the full study. For access to TheInfoPro s reports and services, please contact [email protected]. Methodology questions may be addressed to [email protected]. 451 Research is a preeminent information technology research and advisory company. With a core focus on technology innovation and market disruption, we provide essential insight for leaders of the digital economy. More than 100 analysts and consultants deliver that insight via syndicated research, advisory services and live events to over 1,000 client organizations in North America, Europe and around the world. Founded in 2000 and headquartered in New York, 451 Research is a division of The 451 Group. TheInfoPro, a service of 451 Research, is widely regarded as The Voice of the Customer, providing independent, real world intelligence on key IT sectors including Servers and Virtualization, Information Security, Networking, Storage and Cloud Computing. Using one-onone interviews conducted within a proprietary network composed of the world s largest buyers and users of IT, TheInfoPro provides data and insights that are used for strategic planning, technology benchmarking, competitive analysis, and vendor selection and negotiation. Reproduction and distribution of this publication, in whole or in part, in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss legal issues related to the information technology business, 451 Research does not provide legal advice or services and their research should not be construed or used as such. 451 Research shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. TheInfoPro and logo are registered trademarks and property of 451 Research, LLC Research, LLC and/or its Affiliates. All Rights Reserved West 37th Street, 3rd Floor, New York, NY P F Research, LLC.