Critical Watch aims to reduce countermeasure deployment pain by doing it all for you

Similar documents
KEYW uses acquired Sensage technology to form Hexis Cyber Solutions

With Cloud Defender, Alert Logic combines products to deliver outcome-based security

Web Threat Detection 5.0, the second major release under RSA for the former Silver Tail

Analysis of the Global Security Information and Event Management (SIEM) and Log Management (LM) Market All Information Becomes Actionable

Tom Reilly President & CEO, ArcSight

The Emergence of Security Business Intelligence: Risk

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

The SIEM Evaluator s Guide

Trustwave blocks Web-borne malware - guaranteed, or your money back

ENTERPRISE SECURITY INFORMATION MANAGEMENT 5 IMPLICATIONS

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Secunia Vulnerability Intelligence Manager

Splunk expands operational intelligence to mobile apps with MINT

MarketsandMarkets. Publisher Sample

1 Introduction Product Description Strengths and Challenges Copyright... 5

SIEM and Log Management Global Market Analysis

Bell Techlogix looks to add business services to its BEAM-as-a-Service offering

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Detect & Investigate Threats. OVERVIEW

Worldwide Security and Vulnerability Management Forecast and 2013 Vendor Shares

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

The Benefits of an Integrated Approach to Security in the Cloud

MANAGED SECURITY SERVICES: WHEN IT'S TIME TO STOP GOING "IT" ALONE

EnterpriseWeb grows business with its enterprise- and cloud-friendly application layer

Magic Quadrant for Security Information and Event Management

TECHNOLOGY INTEGRATION GUIDE

How To Buy Nitro Security

Mobile and analytics highlight SAVO's summer release

Magic Quadrant for Security Information and

Mobile Labs tackles key challenges in QA testing for enterprise mobile apps

2011 Forrester Research, Inc. Reproduction Prohibited

Vulnerability Management

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

Vendor Landscape: Security Information & Event Management (SIEM)

QRadar SIEM and FireEye MPS Integration

Synergic Partners: Spanish big-data pioneer

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Discover & Investigate Advanced Threats. OVERVIEW

Accenture Cloud Platform at v3 - the Airbnb or Uber of cloud?

Magic Quadrant for Security Information and Event Management

Magic Quadrant for Security Information and Event Management

Magic Quadrant for Security Information and Event Management

Nuix bolsters its e-discovery team and continues its push to information governance

QRadar SIEM and Zscaler Nanolog Streaming Service

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

IBM Security QRadar Vulnerability Manager

INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

Solution Briefing. Integrating the LogLogic API with NSN s Remediation & Escalation Mgmt. System

Phone: Fax:

REPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different?

Arxan unveils its Internet of Things security strategy

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking

Managed service provider Bell Techlogix shines its BEAM to differentiate

Working to be stronger

Magic Quadrant for Security Information and Event Management

Flexiant named key partner for Parallels Automation suite

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

VMware Integrated Partner Solutions for Networking and Security

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

IBM Security X-Force Threat Intelligence

How To Manage Security On A Networked Computer System

IBM Security IBM Corporation IBM Corporation

Magic Quadrant for Security Information and Event Management

Extreme Networks Security Analytics G2 Vulnerability Manager

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Cisco RSA Announcement Update

Brochure More information from

REPORT State of Vulnerability Risk Management

TECHNOLOGY INTEGRATION GUIDE

INSERT COMPANY LOGO HERE

How To Create Situational Awareness

Unified Security Management and Open Threat Exchange

Q1 Labs Corporate Overview

SIEM 2.0: AN IANS INTERACTIVE PHONE CONFERENCE INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS SUMMARY OF FINDINGS

21CT's LYNXeon brings intelligence to security analytics for data of all sizes

Automate the Hunt. Rapid IOC Detection and Remediation WHITE PAPER WP-ATH

What is Security Intelligence?

SANS Top 20 Critical Controls for Effective Cyber Defense

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Fedr8 codifies app-migration model as Argentum analytics engine for running on cloud

FNT enters US, Asia with broad DCIM suite

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

+44 (0)

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Virtustream acquires ViewTrust to build out its risk management capabilities

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Developing Secure Software in the Age of Advanced Persistent Threats

Continuous Network Monitoring

The 2014 Next Generation Firewall Challenge

ServiceNow looks to move IT beyond helpdesk to managing service relationships

Find the intruders using correlation and context Ofer Shezaf

M A R K E T A N A L Y S I S

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

The webinar will begin shortly

Transcription:

Critical Watch aims to reduce countermeasure deployment pain by doing it all for you Analyst: Javvad Malik 6 Sep, 2012 Critical Watch offers Active Countermeasure Intelligence, a combination of risk intelligence and active mitigation. Targeting a partner strategy through licensing and OEM agreements, it aims to unify elements of risk and map them to the most effective countermeasures. The 451 Take The Active Countermeasure Intelligence Platform may initially appear as another IT GRC (governance, risk and compliance) product. While similarities exist, Critical Watch expands on the functionality typically provided. Integrating with a vendor SIEM, it is built to analyze and correlate vulnerabilities that span across network, application, data and Web layers. Furthermore, it takes the bold step of tuning security devices to provide mitigation. We can think of the product as being half GRC and half IPS. Pursuing a route to market through indirect channels, licensing and OEM agreements, it allows for vendors to enhance their existing offerings. Being modular in design aids in its appeal to partners, and has enabled Critical Watch to avoid going head-on into the crowded market against GRC and analytics vendors. If Critical Watch can continue to provide enhanced functionality at a price point that prohibits companies from developing their own variants, it should maintain a solid position. Context Dallas-based Critical Watch was founded in 2000 by Eva Bunker and Nelson Bunker, who serve as Copyright 2012 - The 451 Group 1

architects. Both have 15 years of experience in technology and security. The company is self-funded and claims to remain profitable, with the ability to sustain itself for the foreseeable future. Although employee numbers and revenue are confidential, we believe that its SaaS model, which has grown across all the usual verticals of healthcare, finance, education, government, e-commerce, technology and manufacturing, has allowed the company to remain profitable. Products One of the challenges plaguing organizations is having the relevant information to hand in order to make effective risk decisions. This can leave security and risk practitioners having to make decisions based on incomplete information, or recommending solutions that may not be the most practical for the organization. This is not an easy gap to fill; enterprises are notoriously complex, with most having difficulty keeping an up-to-date inventory of all assets and controls deployed. This is where Critical Watch is trying to ease the pain by integrating with an organization's exiting SIEM and analyzing the information in order to make intelligent risk decisions. The initial product brought to the market by Critical Watch was its vulnerability management offering, FusionVM. In 2008 the company released FusionVM Profile Validator, designed specifically to be integrated with HP TippingPoint IPS. This mapped vulnerabilities to IPS signature settings and automated the deployment of IPS changes. With the Active Countermeasure Intelligence (ACI) Platform, risk collection agents can interact with various third-party-vendor risk tools in an organization's environment to gather information about vulnerabilities, software weaknesses, malware in the network, endpoints, applications, Web properties and other components. All of this information is fed into the newly developed ACI Recommendation Engine through a family of risk-input APIs. The ACI Recommendation Engine can connect to countermeasures using control agents and design a mitigation plan. Using policy-driven workflow, the ACI Platform can then mitigate the risks by directing the countermeasure controllers to execute specific remedies that can be customized depending on an individual client's risk appetite. In a nutshell, it's an IPS overlay that allows customers to make more informed decisions on how to dial up and dial down blocking and prevention. The thought of having an intelligent device gather data and make changes to live security controls may have some security practitioners screaming Skynet and running for the hills. Critical Watch claims that this is a capability that many clients welcome, allowing them to rapidly address potential vulnerabilities in a short time. What really interests us about the product is the fact that it works across the different layers. A vulnerability may exist in the Web layer, but the most Copyright 2012 - The 451 Group 2

appropriate countermeasures may exist within the network layer, or in the data layer. Knowing how disparate different support teams can be within some organizations, this adds a degree of cohesiveness to overall operations that has generally been lacking. This intelligence can lead to better risk decisions, and as a result the value lies in an increased ability to orchestrate the security process from detection through to mitigation. In addition to the Recommendation Engine, Critical Watch has also launched Basecamp Labs, a dedicated research team to identify and evaluate vulnerabilities and develop countermeasures. You would be right in thinking this sounds a lot like IBM's X-Force. But where X-Force develops countermeasures specifically for IBM products, Critical Watch takes the ambitious approach to be vendor-neutral, developing countermeasures for all supported products, which should keep the eight-strong team busy. However, we feel Critical Watch will need to convince customers of the benefit Basecamp can provide over existing feeds and sources. Strategy Critical Watch does not sell to end customers, opting to sell through indirect channels, licensing and OEM agreements. We believe this approach will provide dividends in the long run, since rather than going head-to-head with the likes of established SIEM vendors, it has sought to develop an offering that would be complementary, providing an active element that doesn't typically exist. Making it relatively easy for OEM partners to license their technology, it has developed its product in a modular fashion, allowing each component to be licensed individually. So if a vendor only wanted to utilize the Recommendation Engine for use with their own products, they could do so. So far this strategy is working as claimed by an extensive, yet undisclosed, partner list. Going forward, the question is: will Critical Watch generate more revenue by continuing to license its modules, or will the whole package make sense as an acquisition by a larger entity? As long as Critical Watch can continue to provide enhanced functionality at a price point that prohibits companies from developing their own variants, it should remain in a strong position to pursue either path, but it will have to fight off an ever-increasing range of competitors. Competition Critical Watch feels as though it operates in a distinct manner and, therefore, doesn't compete with vendors like IBM X-Force or SIEM vendors such as HP ArcSight, Q1 Labs, RSA (EMC), Symantec, LogLogic, NitroSecurity, eiqnetworks, LogRhythm, TrustWare, TriGeo, Tenable Network Security, Splunk, Tripwire, AlienVault and others, since its products complement the vendor offerings by Copyright 2012 - The 451 Group 3

providing a level of analytics that is otherwise unavailable, making it more useful for complex customers who may have traditionally struggled with effective risk management. However, Critical Watch will have to continually battle actual and perceived competition against a variety of IT, enterprise and financial GRC product offerings, as well as SIEM providers who delve into the security analytic and intelligence space, such as 21CT, Alert Logic, Click Security, LockPath, Palantir Technologies, Pervasive Software, the Packetloop platform, Red Lambda and SenSage. There are several vendors jumping on the security analytics and intelligence bandwagon. Critical Watch will need to work to differentiate its offering from others. SWOT Analysis Strengths Weaknesses By linking data across the network, data, application and Web layers, Critical Watch provides a level of analytics on top of vanilla SIEM, which makes it much more useful for complex customers who may have traditionally struggled with effective security risk management. Perhaps the biggest challenge Critical Watch faces is convincing enough vendors that they can add functionality to their products and bring value to their clients for less cost and effort than it would take to develop themselves. Otherwise, SIEM vendors may develop the capabilities in-house. Opportunities Threats In an attempt to move up the ladder, SIEM vendors may look to acquire Critical Watch to enhance their presentation and reporting layers to replicate EMC/RSA's Archer acquisition. There are many GRC players out there, and confusion between IT GRC, enterprise GRC and financial GRC products, as well as SIEM products and analytics providers, continues to muddy the waters. Critical Watch and other players will need to fend off encroaching competitors and educate customers accordingly. Copyright 2012 - The 451 Group 4

Reproduced by permission of The 451 Group; 2011. This report was originally published within 451 Research s Market Insight Service. For additional information on 451 Research or to apply for trial access, go to: www.451research.com Copyright 2012 - The 451 Group 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information