Title: Buyer%20Beware:%202004%20Vendor%20Report%20Card
1Buyer Beware 2004 Vendor Report Card
Andrew Briney, Information Security
Magazine David Taylor, TheInfoPro (TIP)
22004 Priorities Survey
3- TIP Wave 3 Study
- Feb-March 2004
- 175 decision-makers interviewed in 6 month
waves - Ave. interview 1 hr
- Ratings and commentary on 40 market sectors
-
42004 Priorities Survey
- 175 in-depth interviews
- SMEs Perimeter Focus, First-Generation Defense
- Fortune 1000 Portfolio Approach
- Even Distribution of Spending
- Focus on Intelligence, Granularity, Analytics
5The Security Spending Priority is Infrastructure
for F500s Perimeter Security is a Higher
Priority for SMEs
2004 Budget Allocation
2003 Security Expenditure
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
62004 Priorities Survey
- Fortune 1000 Priorities
- Perimeter
- Application intelligence (IPS, App FWs)
- Layered security controls
- Infrastructure
- Provisioning
- Identity Management
- Wireless
- Management
- Patch Management
- Vulnerability Management
- Scorecard/Dashboard
7Other Emerging Trends
- Infrastructure demand is driving interest in ESM,
Single Sign-on ID Management - - Users are seeking more architected solutions,
but have a lot of homegrown management tools that
require integration - Spending on tactical security products narrowing
to visible problems - - Anti-Spam and patch management are high
tactical priorities
8Other Emerging Trends, II
- HIDS, HIPS, Secure Messaging, ID Management are
other spending priorities - - These are relatively open markets with few
dominant vendors - TippingPoint, Cisco NetScreen/Neoteris have the
most exciting new products - - High Exciting score is indicative of
marketing and message effectiveness
9Other Emerging Trends, III
- Head-to-head comparisons of Firewall and AV
leaders show NetScreen slightly ahead of Cisco
and Check Point, and Symantec ahead of NAI and
Trend Micro - - They dont make deals interoperability and
sales quality are differentiators - Vendors rated best by their customers on key
indicators Product Quality and Delivery as
Promised include NetScreen, Websense, VeriSign,
Bindview and NAI. - - Of the 12 ratings TIP gets on each vendor,
these show differentiation well
10Customers Plan to Spend More On Focused,
Sector-Leading Vendors
Percent of Customers
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
11Perimeter Roadmap IPS, Secure Msg. and
Integrated Appliances Shine
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
12Infrastructure Roadmap A Wealth of Projects
are Being Launched
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
13Management Roadmap Homegrown Tools Lots of
New Spending
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
14Percentage of Users PlanningImplementations in
the Next 6 Months
Which of these technologies do you plan to
implement in the next 6 months?
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
15Information Security Technology Heat
IndexSectors With the Most Immediate Needs and
Highest Spending and Preferred Vendors
TheInfoPro Study Security Wave 3 heat index
weights near term plans higher than long term
plans and weights the priorities of those
enterprises with larger budgets higher than those
with smaller budgets.
16Intrusion Prevention Perimeter Preferred
Vendors for New Projects
TIPNetwork Quotes
- Just implemented ISSs new features. It's not
bad. It is a little smarter and doesn't require
the techie knowledge of an IDS. It is more
intuitive. It's still in a trial state. - We ripped Cisco out because of too many false
positives. We replaced Cisco with Snort. - We are not happy with Entrusts IPS solution.
When we turn logging on, the load cripples the
system.. - One of the reasons we like TippingPoint is that
it's really more of a switch -- it checks at
switch speeds. The design and architecture are
built for speed and value. - Check Points SmartDefense has an option that we
purchased that does application inspection
features. - We use BlueCoat now, but we will look at the
security appliance offerings for this
functionality. - Someone told us about this company from Israel,
Vsecure. We supported their launch in the U.S.
We like to use the younger companies as beta
sites.
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
17Integrated Security Appliances Preferred
Vendors for New Projects
TIPNetwork Quotes
- There is absolute terror associated with a false
positive because it can shut down our business.
There are a couple of IPS devices we're looking
at from Nokia with good heuristics and good
packet inspection. - Check Point is way too expensive. We have an
appliance for ISS for IDS. We didn't buy it, we
outsourced to them. - We trust Symantec. Their appliance is reliable
and we haven't had any breeches.as beta sites. - We use BlueCoats security gateway product. We
were using them for other functions. There is a
lot of value in one appliance. - We have SurfControl on an appliance for content
management. I met them at a conference. It was
easy to understand and their claims came through. - I like Crossbeam because it's blade scaleable.
It's one big chassis with a high speed backpane.
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
18Single Sign-On Preferred Vendors for New
Projects
TIPNetwork Quotes
- Netegritys SiteMinder works well. We havent
used it a lot because it is expensive for the way
it is licensed.We will do SSO in-house because we
have a lot of proprietary applications we run. - This is number one on my list of over-hyped
technologies. If you use an AAA server and User
Provisioning, in conjunction with enterprise
LDAP, you can reduce your sign-ons to one or two.
So, why spend your money on Single Sign-on? - We use v-GO Single Sign-On from Passlogix. But
there is a lot of hype on this -- it's not fully
there yet. - We'll move to a Microsoft solution. We've
migrated away from Novell in almost every
instance, which is a decision from above. - IBMs Tivoli is a mature product. Though not
perfect, they are a pretty close fit for less
money.
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
19Enterprise Security Mgmt. (ESM) Preferred
Vendors for New Projects
TIPNetwork Quotes
- No one ties everything together. We have BigFix
which does our patching, we use Foundstone that
tells us Vulnerability, and Active Directory.
Couldn't find anything to correlate all this
meaningfully. - The business drivers aren't there. The
technology is fairly mature, but the ROI is hard
to determine for it. - We use NAIs ePolicy Orchestrator (ePO) -- we
have it now, for anti-virus across the
enterprise. We just found out today that their
Threat Scan plug-in for ePO does network
discovery and host vulnerability assessments. If
ePO can do all this, it will become extremely
valuable. - We went with Intellitactics, based on a six to
seven month project, including research, a
Request for Comment, and a proof-of-concept for
two months. - Use Ecora for log management. Also for
correlation alerts and errors. It won't blast
out alerts needlessly.
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
20Top Security Vendors Reported to Have Exciting
New Offerings
TIPNetwork Quotes
Neoteris was acquired by NetScreen. The Neoteris
sales team pushed me in a direction that caused
me to look at other solutions. The sales team
wasn't on the up and up. But, they were best,
despite the sales team.
Cisco's working on, with other vendors including
Microsoft, the ability to automatically scan when
new machine gets plugged into a network
checking for policy and software-level compliance.
I would say, ZoneAlarm is exciting. Zone Labs is
a personal fire wall vendor. ISSs BlackICE is a
competitor. Both do web content filtering.
AirDefense with their wireless security.
CipherTrust with their IronMail spam protection.
It's a leap ahead of the other spam vendors.
Brightmail has been a significant improvement
over what we had before, an older version of
Trend Micro. I think that we got Brightmail in
just in time.
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
21Firewall -- Head-to-Head Vendor Comparison
Cisco vs. Check Point vs. NetScreen
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
22Anti-Virus -- Head-to-Head Vendor Comparison
NAI vs. Symantec vs. Trend Micro
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
23Perimeter Security Vendor Ratings Comparison
Quality and Fulfillment
Interviewees rated the 3-4 vendors they know best
on 12 factors. The responses are divided into
equal quintiles, so there are the same number of
responses in group, from the 0 blue boxes through
4 blue boxes. 0 blue boxes is the lowest
quintile 4 blue boxes is the highest quintile.
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
24Infrastructure Security Vendor Ratings
Comparison Quality and Fulfillment
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
25Management Security Vendor Ratings Comparison
Quality and Fulfillment
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
26Services Security Vendor Ratings Comparison
Quality and Fulfillment
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
27Content Filtering Vendor Ratings Comparison
Quality and Fulfillment
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
28Customers Planning to Switch From Their Current
Security Vendor
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
29Customer Narratives on Their Security Vendors
- Check Point The problem with Check Point is
that they have outsourced their sales to an OEM.
The sales people here don't know anything about
their product. They don't understand the delivery
process or navigate the Check Point maze. - Nokia Nokia looked to be the best at the time.
We're conceptually looking at alternatives.
Would like better integration with our network
environment.
30Customer Narratives on Their Security Vendors, II
- NetScreen Best in industry in an emerging
technology. They weed out false positives faster
and better than Check Point, and cost a bit
less. - TrendMicro Central console to manage deployment
of latest scanner and virus pattern files.
Weaknesses are their reporting -- it's hard to
use their product to easily write a report about
anti-virus activity in a meaningful way to give
to management.
31Customer Narratives on Their Security Vendors, III
- Symantec They catch all the viruses. They also
have good name recognition. They do an excellent
job of keeping signatures up-to-date. Their
support and sales groups are weak. They have a
habit of changing your contacts often and were
very late to the game with the managed solution.
- Network Associates NAIs customer service is
strong. They have clear product upgrade paths,
as solid technical staff. Their software has
improved from release to release. We find few
bugs. We get little up-sell sales pressure from
their VAR channel, and the people are easy to
deal with. Their financials are a weakness.
It's hard to justify them being strategic. We
heard they were merging with ISS then they
bought Intruvert.
32Coming Up in DecemberProducts of the Year
33Thank you.Questions, comments?