Too often an afterthought, or something that gets bolted on, security is starting to get a lot more attention, with a number of reports tracking this new interest. Current enterprise security is based upon disjointed organizations, manual processes, and an army of disconnected point tools, and needs a vast improvement in analytics, automation, efficacy, integration, and intelligence. Rather than suffer ‘death by a thousand cuts’, it appears that a lot of money is being thrown at security.
The scan, report, repeat model of the late ’90s is quickly going out the window, said Ron Gula, former NSA cybersecurity expert, and CEO at Tenable Network Security, in a recent interview. “Patch windows are shrinking, threats are proliferating, and continuous monitoring has been growing last couple of years.”
A recent survey of security professionals from Enterprise Strategy Group revealed that:
-42% believe that “keeping up with the latest threats and vulnerabilities” is “much more difficult” or “somewhat more difficult” than it was two years ago;
-39% believe that “keeping up with internal security skills” is “much more difficult” or “somewhat more difficult” than it was two years ago;
-38% believe that “overall security monitoring” is “much more difficult” or “somewhat more difficult” than it was two years ago;
-35% believe that “recruiting/hiring new security professionals” is “much more difficult” or “somewhat more difficult” than it was two years ago; and,
-33% believe that “managing disparate security point tools” is “much more difficult” or “somewhat more difficult” than it was two years ago.
The bottom line is that organizations finally seem to be realizing that they’ve been getting their butts kicked for the last 10 years, said Gula. The fact that there is awareness out there is a big change, he added.
“Things are so bad from a security point of view that they want this kind of control.” A lot of organizations, even the one who have been ‘popped’, just bury their heads, especially if there’s been no material loss. “However, control speaks the kind of language that auditors speak and security guys never spoke.”
One of the new spending reports put this year’s mobile device and network security market at $9 billion, but growth is forecast to exceed 20% compound annual growth for the next 7 years, in an IT market growing at 3-4% per year. Gartner offers a much lower forecast for the enterprise network security equipment market, but even at 7% CAGR over the next five years, that will still make it a $11.4 billion by 2017. Throw in services, and this market is expected to reach $67.2 billion in 2013, up 8.7% from 2012, and exceed $86 billion in 2016.
Last month IDC identified a new segment for the security market, Specialized Threat Analysis and Protection (STAP), which is targeted at advanced threats, and involves solutions scanning both inbound and outbound traffic for anomalies including botnet and command and control traffic. This segment is forecast to have a CAGR of 42.2% from 2012 through 2017 with revenues reaching $1.17 billion in 2017.
Infonetics just reported that while the standalone security market is stalling, the integrated security market is growing. The global network security appliance and software revenue totalled $1.6 billion in 2Q13, an increase of 4% sequentially, and integrated security appliances have gained share every quarter since 4Q11, and Infonetics is forecasting quarterly share gains through 2Q14. SaaS content security market will top $1 billion, while cloud security services is expected to exceed $9 billion by 2017.
“There’s never been a time when the world was more tuned-in to broad privacy and security issues, and with the recent revelations about the NSA’s PRISM surveillance program, consumers and businesses around the globe are re-evaluating their security posture, preferred vendors, and deployment strategies,” notes Jeff Wilson, principal analyst for security at Infonetics Research. “While it’s too early to say if the NSA debacle will have an impact on security spending, one trend in the security sector is clear: buyers are looking to consolidate security platforms wherever they can. The resulting contraction in standalone security products is directly attributed to 2 things: customers moving to integrated product solutions that support the functions of the original standalone products with adequate performance and security, and customers transitioning away from product-centric security rollouts to hosted/SaaS solutions.”
Columbia, MD-based Tenable, which just announced that its SecurityCenter Vulnerability, Risk and Compliance Management solution — comprised of SecurityCenter, Nessus, Passive Vulnerability Scanner, and Log Correlation Engine products — has achieved VMware Ready status, currently helps secure more than 17,000 organizations. The company has also just announced the availability of PVS 4.0 as a standalone product to monitor networks in real-time, in a non-intrusive manner.