Based upon lots of ESG research, some enterprise cybersecurity technology trends are emerging:
- Large enterprises are actively consolidating the number of vendors they do business with. This puts some of the point tools vendors at risk as CISOs sign up for enterprise licensing agreements and try to maximize ROI by using more tools from a few select vendors.
- Enterprises are seeking to integrate point tools into a cohesive technology architecture. Like ESG’s security operations and analytics platform architecture (SOAPA) concept, large organizations are actively integrating tools to bolster technology interoperability, improve security efficacy, and streamline security operations.
- All organizations need help. Yes, companies are still buying new security tools, but these new products are often accompanied by professional services. Additionally, many CISOs are now looking at cybersecurity through a portfolio management lens and figuring out which areas to outsource to MSSPs and SaaS providers.
Given these demand side behaviors, cybersecurity vendors are responding as quickly as possible by acquiring point tools players, integrating their technology wares into a SOAPA-like architecture, complementing products with managed services options, hiring professional services personnel, and creating partner ecosystems to attract other infosec technology services, and channel partners into their orbit.
So, which vendors are succeeding and truly fit the description of an enterprise-class cybersecurity vendor? Recently, ESG surveyed 176 cybersecurity and IT professionals to answer this question. Respondents were provided with a list of vendors and asked to choose those they would classify as enterprise-class cybersecurity vendors from the list (note: multiple answers were accepted). The top responses were as follows:
- 56% chose Cisco. Not surprising since many security pros came from the networking space and have a long history with Cisco. That said, Cisco has executed well beyond its networking core through acquisitions (Lancope, OpenDNS, Sourcefire, etc.), product integration, and an aggressive push into professional and managed services. Cisco’s biggest challenge? Convince the world that it offers more than just firewalls and IDS/IPS, so it can build long-term strategic relationships at the CISO and business level.
- 44% chose IBM. Armonk became a player when it purchased Q1 Lab in 2011, established QRadar as its technology hub, and surrounded its SIEM with a portfolio of spokes (AppExchange, Resilient, Watson, etc.). IBM also has a deep bench of global cybersecurity services professionals to supplement its technologies in a plethora of high skills areas. And while IBM continues to overdo its Watson for cybersecurity (and everything else) play, cognitive computing could have a profound impact on cybersecurity in the future. Despite some successes, many cybersecurity pros still view IBM as an outsider with a legacy focus on things like mainframe encryption and RACF. To break out, IBM needs to create more affinity with the infosec diaspora.
- 36% chose Symantec. Old yellow has many leading products including AV, network proxy (through Blue Coat), DLP, web security, email security, MSSP, etc. So, what’s the problem? Cybersecurity pros are familiar with Symantec’s logo and products but not its strategy, research, or integration initiative. Oh, and Symantec didn’t do itself any favors by churning through CEOs over the past few years and losing its market focus. The combined Blue Coat/Symantec is much stronger now and has made great progress with product integration, architecture, and deep machine learning research. For the next year or so, Symantec should concentrate on educating the market on its plans and progress.
- 34% chose McAfee. McAfee’s freedom from Intel comes with some strong assets. The company is getting good reviews on its new next-generation AV product, retains its sticky ePO base, and remains a surprising leader in network IDS/IPS. Of the vendors mentioned in this blog, McAfee has the best SOAPA story, anchored by its Open Data Exchange Layer (OpenDXL) – a middleware bridge creating a truly distributed software architecture. McAfee’s biggest obstacle is market momentum as it was nearly invisible to the cybersecurity community during the Intel years. Like Symantec, it needs to push a clear story through the cacophony of market noise.
While these vendors have the highest enterprise-class cybersecurity vendor mindshare, it’s important to remember that the cybersec market remains wide open with something like 1,200 vendors competing for around $90 billion in revenue. Others not mentioned here (Check Point, Fortinet, Palo Alto, Trend Micro, etc.) could easily join this list.
So, what will it take for one of these (or other) vendors to break from the pack and become a $5 billion enterprise-class cybersecurity leader by 2020? I’ll be blogging about this soon.