How To Evaluate An It Security Management Vendor



Similar documents
CIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader

BSM Definition, Drivers and Inhibitors

2003 Desktop Software Distribution Magic Quadrant

Patch management point solution. Platform. Patch Management Point Solution

SIEM and IAM Technology Integration

Management Update: Gartner s Large-Enterprise HRMS Magic Quadrant for 2002

EMEA CRM Analytics Suite Magic Quadrant Criteria 3Q02

Partner Relationship Management: 2003 Magic Quadrant

SAN Management Software Magic Quadrant

Management Update: Powerhouse Vendors Implement Document Management

2003 Enterprise Backup/Restore Magic Quadrant

MarketScope for IT Governance, Risk and Compliance Management, 2008

The Magic Quadrant Framework

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.

By 2007, 80 percent of enterprise communications purchase decisions will require support for unified communications (0.6 probability).

Magic Quadrant for Application Platform Suites, 2Q03

CIO Update: The Gartner Firewall Magic Quadrant for 2H02

Magic Quadrant for Security Information and Event Management

Magic Quadrant for Storage Services, 2Q05 25 May 2005 Adam W. Couture Robert E. Passmore

Vendor Classification

Market Trends in 2002 and 2003

Defining the PLM Magic Quadrant by Criteria and Use. We provide the methodology used in developing our product life cycle management Magic Quadrant.

Security and Identity Management Auditing Converge

Magic Quadrant for the IT Service Desk, 2003

Vendors strongly focused on WCM

Magic Quadrant for Security Information and Event Management

Magic Quadrant for a Fading PKI Market, 2003

Upheaval in the CRM Services Market

SSL VPN 1H03 Magic Quadrant

Management Update: Gartner s Updated Help Desk Outsourcing Magic Quadrant

Unified Communications MQ Selection Criteria for 2003

What Are Network Security Platforms?

Vertical Data Warehouse Solutions for Financial Services

Magic Quadrant for Security Information and Event Management

Magic Quadrant for Integrated Document Management, 2003

Management Update: Gartner s BI Magic Quadrant Update Sailing in Rough Waters

HP and netforensics Security Information Management solutions. Business blueprint

Business Applications and Infrastructure Entwined

How to Develop an Effective Vulnerability Management Process

Q1 Labs Corporate Overview

Ability to Execute. 1 von :55. What You Need to Know

Magic Quadrants for EBIS/Reporting and BI Platforms, 2H03

Firewall Market Trends

CIO Update: Gartner's Extranet Access Management Magic Quadrant for 2H02

Management Update: The Eight Building Blocks of CRM

PLM Eclipses CPC as a Software Market

Hierarchy of Needs for Content Networking

Magic Quadrant for Security Information and Event Management

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Magic Quadrant for Data Center Outsourcing, 4Q03

SSL VPN 1H03 Magic Quadrant Evaluation Criteria

APS/SES combination. Traditional package

2015 Global Identity and Access Management (IAM) Market Leadership Award

How To Buy Nitro Security

CIO Update: Legacy Modernization Magic Quadrant Helps in Providing Applications for Tomorrow

Management Update: How to Implement a Successful ERP II Project

MarketScope for IT Governance, Risk and Compliance Management, 2008

Simplify and Automate IT

Magic Quadrant for Security Information and Event Management

The PC life cycle configuration management Market Overview

TOTAL DATA WAREHOUSING:

Magic Quadrant for Global Enterprise Desktops and Notebooks

The 2H05 Magic Quadrant for managed

Job Scheduling Magic Quadrant Reflects New Challenges

WAGs Must Meet Multichannel Access Gateway Criteria

Server Vendors' High-Availability Services: Magic Quadrant

Magic Quadrant for Security Information and Event

Magic Quadrant for Corporate Telephony in EMEA, 2003

Vendor Ratings, VDR Nikos Drakos

QRadar SIEM and FireEye MPS Integration

CIO Update: Microsoft's Business Intelligence Strategy Is a Work in Progress

Changing the Enterprise Security Landscape

IBM Security IBM Corporation IBM Corporation

DATACENTER INFRASTRUCTURE MANAGEMENT SOFTWARE. Monitoring, Managing and Optimizing the Datacenter

Troux Configuration Management Software

QRadar SIEM and Zscaler Nanolog Streaming Service

Strategic Sourcing Magic Quadrant Criteria: An Explanation

Management Update: Selecting the Right ERP II Service Partner Is a Critical Success Factor

The Business Rule Engine 2003 Magic Quadrant

Magic Quadrant for Security Information and Event Management

Unlike the general notebook market, in which

Magic Quadrant for Security Information and Event Management

Social Intranets and the Supply Chain

Definition of the Market

Simplify and Automate IT

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

CA Systems Performance for Infrastructure Managers

EMEA CRM Analytics Suite Magic Quadrant 3Q02

Information Technology Policy

QRadar SIEM 6.3 Datasheet

Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

2012 North American Managed Security Service Providers Growth Leadership Award

Magic Quadrant for Pure-Play BPM, 2Q03

Tom Reilly President & CEO, ArcSight

First North American Magic Quadrant: CRM Suites for SMBs

Find the intruders using correlation and context Ofer Shezaf

The Four "A's" of Information Security

Securing your IT infrastructure with SOC/NOC collaboration

Software and Data Are Reshaping the Advertising Market

Transcription:

Markets, M. Nicolett Research Note 24 March 2003 The IT Security Management Magic Quadrant Lacks Leaders Vendors in the Gartner 1H03 IT Security Management Magic Quadrant are being driven by the need for real-time security data analysis and faster reactions to security incidents. Core Topic Security and Privacy: Security Tools, Technologies and Tactics Key Issue Which vendors will emerge as leaders in the information security domain? Strategic Planning Assumptions By 2006, 50 percent of IT security management point solution vendors will exit the market by acquisition or business failure (0.7 probability). By year-end 2004, at least three of the network and systems management and broad-scope security vendors will meet IT security management functional requirements for security device and IT Infrastructure elements (0.8 probability). Vendors in the IT security management market provide technology to meet the needs of IT security operations personnel who require real-time analysis of security data from network devices, servers, PCs and applications to mitigate internal and external security threats and document the state of enterprise IT security (see "The Emerging IT Security Management Market"). The core value proposition of IT security management is the correlation of security data from multiple devices and systems to enable better security assessment and more-rapid corrective action (see "IT Security Management Technology Evaluation Criteria"). IT Security Management Market Trends The primary drivers of this evolving market are: The failure of intrusion detection systems (IDSs) to separate real threats from the background noise of ineffective probes, false alarms and normal system changes The need for enterprises to discover, investigate and mitigate internal and external security breaches and policy violations The need for enterprises to document and manage the general state of IT security to satisfy audit and regulatory requirements For more information on the IT security management market, see "IT Security Management Market Drivers and Inhibitors." The IT security management market is made up of small, immature, privately held point solution vendors, as well as security and systems management software vendors that have large installed bases for their primary products and diversified revenue streams. This market has passed the stages of early evolution and is poised for rapid growth from 2003 to 2005. Gartner Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

There are signs of general convergence on a core set of capabilities. We expect significant market consolidation, primarily through the acquisition of point solution vendors by larger systems and security management vendors that lack core capabilities in this area. During 2006, we expect the IT security management market to be pressured by the removal of one of its primary drivers: the failure of IDS. During this period, we expect broad market acceptance of security platforms that provide intrusion prevention capabilities to replace first generation IDSs. We present Gartner's 1H03 IT Security Management Magic Quadrant in Figure 1. Figure 1 1H03 IT Security Management Magic Quadrant Challengers Leaders Ability to Execute IBM Tivoli Symantec NetIQ Computer Associates BindView Addamark Technologies Micromuse NetForensics Network e-security Intelligence Intellitactics OpenService ArcSight GuardedNet As of March 2003 Niche Players Visionaries Completeness of Vision Source: Gartner Research IT Security Management Magic Quadrant Evaluation Criteria Gartner's Magic Quadrant is a graphical portrayal of vendor performance in a market segment, based on viability, service/support, features and functionality, and technology. Ability to Execute: A vendor's ability to execute is how well Gartner expects it to perform. Key criteria for a vendor's ability to execute include its: Installed base and distribution channel Financial parameters 24 March 2003 2

Speed to market and time in market Support reputation Completeness of Vision: An IT security management vendor's completeness of vision is how well its offerings match current and emerging market requirements. It is also an indicator of how Gartner expects the vendor to do in the future, based on where the market is headed. For the "features, functionality and technology" evaluation, we heavily weighted the ability to collect and correlate data from network security devices, based on the relatively high percentage of client calls with this particular focus. We also believe that the direction of the technology must also be the integration of network threat information with server vulnerability assessment and policy compliance data. A smaller percentage of client calls have a focus on the analysis of data collected from the IT infrastructure and application layers (for example, nonsecurity devices, servers and applications); however, we have also assigned a high weight to this requirement, because the losses associated with internal security breaches exceed those from external intrusions. It is important to note that the most complete IT security management function with respect to the server and application layers is provided by a few of the larger network and systems management and broad scope security software vendors. Other technology-oriented evaluation criteria include: Correlation Scalability Real-time monitoring and displays Historical analysis and reporting Imbedded knowledge Magic Quadrants are meant to provide an understanding of vendor positioning and to set vendor performance expectations. Enterprises should not look to any one quadrant when selecting a vendor. Appropriate vendors might be found in each of the quadrants, not only the Leaders quadrant, and some vendors may be appropriate for only specific vertical markets. Leaders Gartner's 1H03 IT Security Management Magic Quadrant does not position any vendor as a leader. To be a leader with respect to completeness of vision, an IT security management vendor must provide aggregated and correlated historical reporting/analytics and real-time event management for the 24 March 2003 3

security device layer and the infrastructure layer (at least the network and host elements) for heterogeneous sources, packaged as an integrated offering; advanced correlation; proven scalability; and host analytics that satisfy audit, policy compliance and vulnerability assessment requirements. The evaluation of a vendor's ability to execute includes financial viability, the size of its installed base, installed base growth rate, visibility on enterprise evaluations and shortlists, support, product function and match of technology to market requirements. Visionaries The Visionaries Quadrant is populated with a number of IT security management point solution vendors that share a common set of strengths and challenges. Point solution vendors have well-developed correlation and network security device coverage, and they are challenged to leverage their venture capital funding to grow to critical mass and profitability. When compared to their larger competitors, the total installed base of a typical point solution vendor is small, but many point solution vendors have larger installed bases for IT security management products than their large competitors. NetForensics has the largest installed base and revenue stream of the vendors in the Visionaries quadrant. It has a long-standing partnership with Cisco Systems, which brings NetForensics into accounts that require security management. Cisco's recent acquisition of Okena (see "Cisco to Buy Okena, Try to Compete in Security Software") raises flags that Cisco will look to have an organic security management offering. NetForensics has been challenged by newer point solution vendors that provide broader network device support and more of a real-time orientation to event management. e-security has been in the IT security management market for a long time. It has recently embedded the Security Focus database to provide security intelligence data in the context of an incident response. The vendor supports the rapid integration of new data sources through its agent builder technology, which can be used by customers to define new sources. It is attempting to capitalize on a sales relationship and technology integration with Hewlett-Packard (HP) and HP's OpenView product. The differentiating characteristics of Intellitactics are its real-time graphical displays of threat activity, fully integrated reporting and the propensity of its installed base to integrate in-house data sources through an application programming interface. ArcSight is a relatively recent entrant with a small installed base that is well-funded and highly visible in the IT security market. Like Intellitactics, ArcSight has a taxonomy for correlation and real-time graphical threat displays. In contrast to e-security and Intellitactics, ArcSight's primary method of data source integration is rapid vendor-side agent 24 March 2003 4

development. GuardedNet has focused on ease of deployment and out-of-the-box functionality. The vendor is noted for its integrated service ticketing system and Host Investigative Toolkit. OpenService's ThreatManager is based on the OpenService NerveCenter event management technology, and the vendor is selling into the NerveCenter installed base. OpenService is one of the few vendors with advanced features for health and welfare monitoring for popular security appliances. Network Intelligence is unique in its focus on appliance-based security management solutions. Multiple appliances can be deployed for horizontal scalability, and query-based correlation is supported across appliances. Challengers IBM Tivoli is unique among the vendors in the Challengers quadrant in that its Risk Manager product has support for a large number of network security devices. The vendor has an opportunity to leverage its sizable Tivoli Management Environment installed base and also to sell the product as a stand-alone offering. Challenges include low visibility with security operations decision makers and a reputation for products that require extensive customization. NetIQ has welldeveloped server-centric security management products and has recently acquired PentaSafe Security Technologies, which had development initiatives under way in the areas of real-time correlation and network security device data collection. NetIQ is in the process of integrating the two sets of technologies. Symantec is in the midst of development initiatives that will soon provide a critical mass of IT security management function. The vendor already has a strong vulnerability assessment tool (Enterprise Security Manager), a framework for technology integration, and a well-developed incident management workflow (Incident Manager) that integrates Security Focus and additional content from Symantec's security research organization. Symantec must complete the late-stage development and testing of the Cyberwolf technology integration, which will provide network security data coverage. Because Symantec also provides many security technologies, there is the potential for internal pressure to focus on the management of its own products at the expense of competing products that must also be managed. Micromuse has leveraged its scalable event management and data collection infrastructure to provide a network-oriented security management product, but is challenged to build its small installed base and provide moreimbedded security knowledge. Computer Associates International has a broad portfolio of security products, and its etrust Security Command Center is in beta testing. The product will integrate current CA security technology (etrust Audit and etrust Policy Compliance) and CA common services (event 24 March 2003 5

management, repository and correlation) with a new security portal and additional data collectors. Niche Players Vendors occupy the Niche Players quadrant for a variety of reasons. BindView is very strong in aspects of IT security management, such as deep and comprehensive reporting of server configuration and policy compliance. Although BindView products can collect network security device log data, there is a lack of real-time monitoring and data correlation capabilities. Addamark Technologies is unique in its focus on security analytics against very large and compressed historical log information, but it has no support for real-time monitoring. Not Appearing in the Magic Quadrant HP's OpenView is widely used for managing network devices, but HP has not demonstrated an ability or desire to expand into the security management market. BMC Software has user provisioning and access management products, but it does not provide an IT security management function. Ponte Communications and Solsoft provide solutions for controlling security devices but don't provide any analysis capabilities. Cisco and Check Point Software Technologies provides limited IT security management functions for its own products. Microsoft does not provide IT security management products, but we expect the Microsoft Security Products group to develop function in this area. Internet Security Systems (ISS) SiteProtector provides log aggregation and correlation for ISS and a limited number of third-party products, but ISS does not position SiteProtector as an IT Security Management solution. Bottom Line: When evaluating IT security management vendors and tools, enterprises should consider the event management and data analysis requirements for protecting their perimeter, as well as their internal systems and applications. No one vendor provides complete functionality for all of these areas, but the market is rapidly converging on a common set of functions that apply to security devices, IT Infrastructure and applications. Therefore, enterprises should select IT security vendors whose products demonstrate a clear path to integrated management of IT security. 24 March 2003 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information