ESG research points to a few growing trends in the enterprise security market:
Jon Oltsik, on Oct 17, 2017
One of the really cool parts about my job is that I get to see, meet, and hear from lots of experienced, focused channel leaders who are constantly trying to pull all the levers at their disposal: technology and product sets, program elements and options, resources and teams… in order to earn and receive more than their fair share of time and attention from IT partners of all types. And that’s not just any old IT partners, but the same ones who all the other b channel leaders are trying to gain time and attention from. It’s a tough job, but someone’s got to do it.
I spent a few days with Trend Micro last week at its Insight event here in Boston. While Trend is a $1 billion + global cybersecurity vendor, too many cybersecurity professionals still think of Trend as an Asian-based AV player. This perception is completely antiquated however, as Trend now offers:
In the course of my average work day, I try to read all the cybersecurity news I can. I came across a very good article in Forbes that looks at the cybersecurity opportunities for companies like IBM, Cisco, Dell, and others. The article points out that the market for cybersecurity products and services is estimated at $77b today, growing to $120b by 2020. That’s a lot of firewalls, AV software, and identity tokens!
ESG data shows that 57% of enterprises have either already switched to free antivirus software or are actively exploring the option. It makes some sense: Free AV programs have posted competitive efficacy rates against paid versions, and AV is increasingly viewed as an IT operations checkbox as opposed to a pure endpoint security control. There also seems to be a decreasing need to assign budget for AV. The thinking is that those dollars could instead be spent on newer technologies such as advanced endpoint anti-malware products, endpoint forensics, or endpoint analytics. For many organizations, ditching paid antivirus for a free product could be viewed as a sensible cost-cutting move.
RSA 2014 seems like ancient history and the 2015 event isn’t until next April. No worries, however, the industry is set to gather in the Las Vegas heat next week for cocktails, sushi bars, and oh yeah – Black Hat.
Now Black Hat is an interesting blend of constituents consisting of government gumshoes, Sand Hill Rd. Merlot drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on:
It wasn’t too long ago that Cisco was a dominant force in information security technology. The company was a market leader in firewalls, IDS/IPS, and e-mail security and was actively pushing products for endpoint security and SIEM as well as security “blades” for Catalyst switches. Heck, Cisco even articulated a bold vision of “self-defending networks” with security policy, enforcement, and intelligence all baked into the network.
Somewhere around 2008, however, Cisco security went into a prolonged slump. Cisco security products didn’t offer the performance of rivals like Crossbeam (now Blue Coat), Juniper, or McAfee. Cisco missed markets like next-generation firewalls, opening the door for savvy startups like FireEye, Palo Alto Networks, and Stonesoft. Cisco products such as the Cisco Security Agent (Okena) and MARS (Protego) were abject failures and discontinued by the company. Finally, Cisco’s security team itself imploded as management and engineering leaders fled San Jose for greener valley pastures.
In a Wall Street Journal article published earlier this week, Symantec SVP Brian Dye, is quoted as saying that “antivirus is dead.” Dye goes on to proclaim that “we (Symantec) don’t think of antivirus as a moneymaker in any way.”
I beg your pardon, Brian? Isn’t Symantec the market leader? Just what are you saying? In lieu of specific answers to these questions, the blogosphere and Twitter have become a grapevine of rumors – about Symantec, AV, etc. Panic and wild predictions abound. Dogs and cats living together in the streets . . .
Jon Oltsik, on Mar 20, 2014
Last year, ESG published a research report titled, Advanced Malware Detection and Protection Trends, based upon a survey of 315 security professionals working at enterprise organizations (i.e., more than 1,000 employees). In one question, ESG asked security professionals whether they agreed or disagreed with the following statement: “Commercial host-based security software (i.e., AV) is more or less the same as free security software.”
It turns out that 36% of security professionals either “strongly agree” or “agree" with this statement, while another 25% are sitting on the fence (i.e., they neither agree nor disagree with the statement).
Last week’s RSA Conference was a whirlwind of meetings, presentations, and unusual west coast rain storms. I’m not sure about the attendance numbers but it seemed especially busy – not surprising after the many cybersecurity events of 2013.
I met with around 40 different security vendors throughout the week and heard some encouraging news. Rather than crow about the latest technology fad or threat Du Jour, many security vendors are now focused on: