Web Threat Detection 5.0, the second major release under RSA for the former Silver Tail Analyst: Javvad Malik 24 Sep, 2014 It's almost two years to the day since RSA acquired Web-fraud detection vendor Silver Tail Systems. Since the acquisition, Silver Tail Systems has been rebranded to RSA Web Threat Detection, and version 5.0 represents the second major release of the product under the RSA banner. The 451 Take As more companies rely on Web applications to interact with and generate revenue from consumers, RSA Web Threat Detection is a product that would appear to be a good fit to meet market needs. However, being a somewhat niche offering that straddles security and fraud, the challenge is differentiating itself from other Web application protection products such as wide-area file services (WAFs). A challenge that with its resources, customer base and extensive portfolio, RSA is well equipped to address. Context RSA Security, acquired by EMC in June 2006 for $2.1bn, originally focused on public key encryption and authentication. The company has grown its product line via M&A (both before and after EMC scooped it up) to encompass antifraud (Silver Tail Systems, Cyota, Verid); enterprise security and information management (Network Intelligence); data-loss prevention (Tablus); network forensics (NetWitness); and governance, risk and compliance (Archer Technologies), among other areas. RSA added malware analysis to its portfolio via the acquisition of Silicium Security, and has been expanding both its threat intelligence and incident response services as well as in the Copyright 2014 - The 451 Group 1
authentication arena. Its Web Threat Detection offering primarily appeals to financial and e-commerce vendors. However, RSA states that it is beginning to see increasing success in appealing to companies that have large consumer portals or are relying more heavily on the Web as a customer engagement channel. Publicly traded EMC employs roughly 60,000 people worldwide, having 400 sales offices and partners globally. Products RSA Web Threat Detection v5.0 is the second major release since RSA acquired Silver Tail Systems and comes with numerous enhancements around visibility, detection and usage. The Web Threat Detection Data Stream provides granular information on each Web session. It can also integrate with other 'big-data' repositories for greater efficiency as well as undertaking cross-channel analysis to provide better fraud detection. In addition to previously supported visibility into mobile browser traffic, Web Threat Detection 5.0 now also provides visibility into traffic originating from mobile apps, with the ability to create rules on specific mobile application elements. Detection capabilities have also been enhanced, with better identification and management of threat groups. Real-time threat groups, as defined by Web Threat Detection, are pages visited by a bad actor, which could be a user or an IP. Features include real-time linking of potential threat groups and the ability to perform searches to identify Web sessions that are part of the threat group. RSA has also improved the usage of the product by introducing enhancements to searches that make different events available in drop-down lists to further enhance the ease of use during forensics data investigations. The analyst dashboard also sports a new user interface, which is designed to be a one-stop shop for analysts. Information is summarized, from where analysts can decide if deeper investigation is needed. Threat indicators available include click speeds, multiple IPs for a user, multiple geographic locations for a user, multiple user agents during a time period and suspicious server response codes. RSA plans to add further threat indicators to the list over time. In order to increase the flexibility for assigning users to different roles, Web Threat Detection Copyright 2014 - The 451 Group 2
introduces a new set of user roles, which include Basic, Systadmin, UserAdmin, RulesAdmin and TenantAdmin. Competition RSA Web Threat Analytics has probably little by way of direct like-for-like competition, which will place it in a position where it will likely be compared with several different areas and vendors. There is some capability overlap with NuData Security, although owing to RSA's extensive channel partner ecosystem, it is unlikely it will find itself in many head-to-head deals. Instead, we'll probably see consumers looking for apples to compare Web Threat Analytics against and end up with oranges and compare the wider anti-fraud space against such vendors as The 41st Parameter, BlueCava, Guardian Analytics, Iovation, Kount, ThreatMetrix, F5 (Versafe) and IBM (Trusteer), many of which will also compete against RSA Adaptive Authentication. From a broad buyer perspective, threat intelligence providers will also be looking to gain market share from the same budget. In particular, those vendors that aim to provide financial organizations with information about 'spear phishing' attacks and account takeover notifications, such as Lookingglass Cyber Solutions, AnubisNetworks, Arbor Networks and Seculert. While the number of use cases for Web Threat Detection will continue to grow, it will still be largely perceived as being a niche offering that has likely not earned its own line item in corporate budgets. We envisage Web Threat Analytics will, from a budget perspective at least, compete against a mature WAF market that includes vendors such as Imperva, IBM (Proventia), Radware, Barracuda Networks, Alert Logic, F5, StillSecure, Akamai, Trustwave, HP (Tipping Point), Bayshore Networks, Fortinet, CloudFlare, SonicWALL and Juniper Networks. The level of competition will vary widely depending on company security maturity and the level of awareness RSA can raise about its offering to demonstrate it being complementary to WAFs rather than a replacement. SWOT Analysis Strengths Weaknesses Behavior-based analytics is on the rise both as an alternative, but also complementary to rules and alerts. Providing this level of detail at the Web traffic level is a feature not many other companies can provide. This, coupled with the extensive RSA product portfolio with which it can integrate, puts Web Threat Detection in a good position. Companies will likely not have specific budget allocated toward Web threat detection capabilities; RSA will need to demonstrate the value it can provide above and beyond traditional technologies such as WAF. Opportunities Threats Copyright 2014 - The 451 Group 3
The number of companies that rely on Web applications as the sole or majority source of revenue is growing. As such, there are ample opportunities for RSA to serve a broad client base alongside its existing offerings. Threat intelligence and security analytics are markets with not only considerable overlap, but are more mature and robust markets. Without the right messaging or value proposition, RSA may find Web Threat Detection a small voice struggling to be heard. Copyright 2014 - The 451 Group 4
Reproduced by permission of The 451 Group; 2014. This report was originally published within 451 Research's Market Insight Service. For additional information on 451 Research or to apply for trial access, go to: www.451research.com Copyright 2014 - The 451 Group 5