For Security & Risk Professionals
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market by Chris Sherman January 27, 2017
Why Read This Report Security professionals face a fragmented market when selecting enterprise endpoint security tools; current and emerging technologies each offer benefits and challenges, a different employee experience, and various levels of effectiveness, making the evaluation and purchasing process difficult. To help security pros thoroughly understand their product options, this TechRadar report explains the primary use cases, business value, and outlook for the 11 core enterprise endpoint security technologies.
Endpoint Security Is Critical In Defense Against Data Breaches Depending on the method of attack, the endpoint security stack will either be your first, last, or only line of defense; it’s important to get it right. Security Pros Seek A Balance Of Prevention And Detection Technologies Bloated AV solutions that rely on blacklisting can’t keep up with today’s advanced security threats, let alone tomorrow’s. Security pros are looking to combine proactive technologies that address the expanding end point attack surface with detection capabilities to catch what’s left over. Consolidation Of Technologies Will Lead To More Effective Suites Many of the technologies in this study will consolidate into single product offerings due to their complementary nature. Security leaders evaluating products on a high success trajectory — such as endpoint visibility and control (EVC) and application integrity protection — are best positioned to take advantage of these integrations, which will add breadth and depth to the solutions they purchase.
forrester.com
For Security & Risk Professionals
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market by Chris Sherman with Christopher McClean, Salvatore Schiano, Trevor Lyness, and Peggy Dostie January 27, 2017
Table Of Contents 2 Endpoint Security Protects Your Organization’s Most Valuable Assets 2 Overview: TechRadar For Endpoint Security Why Do These 11 Categories Appear In The TechRadar? 3 Endpoint Security TechRadar: Convergence Will Increase Effectiveness Growth: Enterprises See Potential In Advanced Prevention And Detection Technologies
Notes & Resources Forrester interviewed 80 vendor and user companies.
Related Research Documents The 2016 State Of Endpoint Security Adoption The Forrester Wave™: Endpoint Security Suites, Q4 2016 TechRadar™: Mobile Security, Q1 2016
Equilibrium: Foundational Technologies Are Focused On Threat Prevention Decline: Antimalware Is On Its Way Out Recommendations
24 Keep An Eye On The End Goal: Enabling A Dynamic Workforce 29 Supplemental Material
Forrester Research, Inc., 60 Acorn Park Drive, Cambridge, MA 02140 USA +1 617-613-6000 | Fax: +1 617-613-5000 | forrester.com © 2017 Forrester Research, Inc. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
Endpoint Security Protects Your Organization’s Most Valuable Assets Employee endpoints (i.e., laptops, PCs, smartphones, and tablets) are the interface between your employees and the corporate data and applications they need to do their jobs. Attackers understand this, and actively target employee endpoints as well as the server endpoints hosting corporate data. Security professionals have spent a considerable amount of time and money protecting network infrastructure with products such as next-generation firewalls and cloud security gateways, but most lack meaningful inspection of endpoint behavior, and many don’t protect mobile and off-network endpoints. Filling these gaps with the right endpoint security tools is critical because: ›› Endpoint security protects both your employees and their devices. Attackers target employee endpoints through malware and software exploits as well as employees themselves through social engineering schemes. The two are often brought together in attack campaigns targeting specific organizations, so modern endpoint security strategies need to involve technologies that protect against both. ›› Endpoint security prevents attackers from gaining access to sensitive servers. Servers are the crown jewels for attackers, holding the most valuable data of any endpoint form factor. In fact, 48% of security decision-makers whose enterprise firm suffered an external security breach in the past 12 months said a corporate server was targeted as part of the attack.1 For such high-risk assets, endpoint security provides an additional layer of protection against malware and exploits. ›› Endpoint security may be your only option when protecting employee endpoint data. The amount of sensitive data typically stored on employee endpoints makes them highly attractive targets.2 Many employees access and store sensitive content such as customer information, nonpublic financial data, intellectual property, and corporate strategy materials on their laptops. When dealing with local threats such as device theft and malware introduced off-network (and out of the purview of network security controls), endpoint security technologies may be your only line of defense.
Overview: TechRadar For Endpoint Security To help security professionals plan their next five years of investment, Forrester investigated the current state of the 11 most important endpoint security technology categories. We examined past research, surveyed 40 experts in the field, and experimented with early versions of many endpoint security products. We also fielded surveys with 40 current and prospective endpoint security customers, covering each of the TechRadar categories. We used this data to assess four factors for each of the included TechRadar categories: 1) current business value; 2) potential to add more business value in the future (i.e., the overall trajectory, from minimal success to significant success; 3) current market maturity (i.e., “ecosystem phase”); and 4) time to reach the next stage of maturity.3
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
2
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
Why Do These 11 Categories Appear In The TechRadar? This report includes only technologies that are focused on enterprise endpoint security. In selecting which endpoint security technologies to evaluate, we applied the following criteria: ›› They have been deployed by enterprise customers for at least a year. We only included technologies that have been tried and tested by our enterprise clients. Recently released or betastage technologies were not included, because the available data would be limited. ›› They protect employee endpoint and/or server environments. Every one of the 11 technologies can be used to protect both employee endpoints and servers; we did not include products designed to protect smartphones, tablets, or IoT devices. While products that secure and manage these devices are merging with those for traditional endpoints (laptop, PC, server) the current markets are very different today. Forrester covers these technologies in a separate TechRadar report.4
Endpoint Security TechRadar: Convergence Will Increase Effectiveness As the numbers of new malware variants and methods of obfuscation rise, blacklist-based antimalware technologies have become less effective at protecting employee endpoints and servers. Security professionals now often turn to competing endpoint security technologies to either augment or replace their failing antimalware solutions, but it’s not always clear which technologies they should consider due to the highly fragmented nature of the market.5 In mapping the future of the endpoint security technology ecosystem, we found that (see Figure 1): ›› Threat detection-focused tools have received the most interest from customers. Threat prevention technologies such as whitelisting, privilege management, application execution isolation, and application integrity protection are more mature than detection tools. Users and industry experts are also more confident in the business value and effectiveness of threat prevention technologies today. However, detection-focused tools traditionally used by advanced forensics teams are now beginning to be deployed in automatic containment modes with much lower staffing requirements. This has led to an increased level of buyer interest in detectionfocused tools over the past two years, especially among smaller enterprises where skilled security staff is more difficult to hire and retain. If their false-positive rates continue to decrease, expect detection-focused technologies to follow a higher trajectory of success over the next 10 years than prevention-focused tools. ›› Technical integration is yielding more effective suites. Some of the competing technologies in the market are consolidating, which will ultimately lead to more breadth and depth of protection from single products. For example, inspections of user and application behavior have usually been performed in isolation by separate technologies, but the two are beginning to integrate in ways that will offer more advanced insight in future solutions. At the same time, prevention-focused tools such as antimalware and application integrity protection are beginning to pull in detection-focused
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
3
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
capabilities (endpoint visibility and control and user behavior monitoring and analytics) and vice versa. With these integrations, future suites will be able to automatically identify malicious user and application behavior and contain it without the involvement of skilled security analysts. ›› Compliance still drives adoption of older technologies. Antimalware, patch management, and secure configuration management enjoy continued adoption due to compliance mandates such as PCI and HIPAA and prevention best practices. Security buyers complain that these technologies are ineffective against advanced attacks but are required nonetheless. One security leader called antimalware a “necessary evil”; another referred to patch management as “a prerequisite for any prevention strategy.” Customers believe that the business value of each depends on their effectiveness at stopping known and unknown threats with limited impact on user experience.
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
4
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
FIGURE 1 TechRadar™: Endpoint Security, Q1 ’17
Trajectory:
Time to reach next phase:
Significant success Moderate success Minimal success
1 to 3 years
5 to 10 years
3 to 5 years
>10 years
Patch management
High Business value-add, adjusted for uncertainty
10 years
Endpoint vulnerability management will likely remain in the Equilibrium phase for the next 10 years and beyond as organizations continue to struggle with vulnerable third-party applications and operating systems.
Trajectory (known or prospective)
Moderate success
Forrester expects endpoint vulnerability management to follow a path of moderate success.
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
19
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
FIGURE 10 TechRadar™: Equilibrium Phase, Patch Management, Q1 ’17
Element
Categorization (if applicable)
Explanation
Definition
Patch management solutions scan for and deploy missing application and OS security patches as well as updates on an admin-defined schedule. Many offer built-in prioritization based on CVE scores and/or the level of risk as identified by the application vendors themselves. Solutions in this space tend to come from one of two groups: those that offer point product solutions and vendors of large endpoint security/management suites that include patch management functionalities. While most vendors rely on an endpoint agent to scan for/install missing patches, some of the newer solutions on the market rely on native operating system APIs instead and thus do not require an agent to exercise control.
Usage scenarios
Organizations deploy patch management solutions to remediate known vulnerabilities within their endpoint environment.
Vendors
BeyondTrust, Dell, IBM, Intel Security, Kaspersky Lab, LANDESK, Lumension Security, Promisec, and Symantec
Estimated cost to implement
High. While the initial acquisition cost of most patch management solutions are low, the technology’s success is highly dependent on admins to effectively prioritize patches yet to be deployed as well as testing prior to patch deployment. Because of these difficulties, patch management typically has an overall high cost of operation.
Ecosystem phase
Equilibrium
The patch management market is seeing only modest growth in adoption, but also few signs of decline.
Business value-add, adjusted for uncertainty
High
Buyers report that patch management is critical to business operations, and it has a medium-to-low negative impact on employee productivity. Successful deployments also increase the effectiveness of other endpoint security technologies by reducing the attack surface available to attackers.
Time to reach next phase
>10 years
Forrester expects patch management to remain in the Equilibrium phase for at least the next 10 years as organizations struggle with software exploits affecting their endpoint environment.
Trajectory (known or prospective)
Significant success
Forrester believes patch management will follow a significant success trajectory. As patch prioritization accuracy improves and integration with endpoint vulnerability management continues, the cost to deploy will decrease, further contributing to its success.
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
20
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
FIGURE 11 TechRadar™: Equilibrium Phase, Secure Configuration Management, Q1 ’17
Element
Categorization (if applicable)
Explanation
Definition
Secure configuration management tools ensure that endpoint configurations meet a set of predefined internal and external compliance requirements (such as PCI DSS or the Federal Desktop Core Configuration). Most solutions are able to report on endpoint configurations as well as remediate noncompliant settings as needed. Monitored areas often include OS/application feature settings, user accounts, user permissions, access controls, network protocols/interfaces, patch status, and security agent status.
Usage scenarios
Organizations deploy secure configuration management tools to limit the attack surface exposed on their endpoints as well as to satisfy both internal and external compliance mandates.
Vendors
Absolute Software, Dell, IBM, Lumension Security, Promisec, Qualys, Symantec, Tanium, and Tripwire
Estimated cost to implement
Low. Initial deployment and operational costs for secure configuration management tools are relatively low compared with other endpoint security technologies. They may be bundled as part of wider endpoint security or management suites.
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
21
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
FIGURE 11 TechRadar™: Equilibrium Phase, Secure Configuration Management, Q1 ’17 (Cont.)
Element
Categorization (if applicable)
Explanation
Ecosystem phase
Equilibrium
Adoption of secure configuration management tools shows signs of having plateaued. While compliance mandates requiring this technology persist, especially on static high-risk endpoints, many buyers looking to harden their endpoints against attack have shifted their focus to application-centric and data-centric threat prevention technologies. However, secure configuration management tools provide a baseline level of security on the endpoint, which benefits other security technologies by reducing the endpoint attack surface, increasing the effectiveness of subsequent layers of defense.
Business value-add, adjusted for uncertainty
Low
Secure configuration management, depending on the restrictiveness of the policies enforced, may inhibit productivity when employees are used to having more control over their endpoint environments. Most buyers report compliance mandates as the primary driver for its adoption, with very low potential for business transformation.
Time to reach next phase
3 to 5 years
Forrester expects secure configuration management to remain in the Equilibrium phase for the next three to five years before reaching the Decline phase. This shift to the next phase will be propelled primarily by a movement toward more application-centric and data-centric security technologies, which will limit the need for device-centric security tools such as secure configuration management.
Trajectory (known or prospective)
Minimal success
Forrester expects secure configuration management to follow a trajectory of minimal success.
Decline: Antimalware Is On Its Way Out Blacklist-based antimalware enjoys the highest adoption among all the endpoint security technologies in this study, but it is also the only one in decline.8 As more advanced technologies to prevent and detect malware begin to prove themselves, enterprises should consider low- to no-cost antimalware solutions such as those provided by their OS vendor (such as Windows Defender) or vendor solutions where blacklisting is an integrated feature: ›› Antimalware (see Figure 12). Endpoint antimalware is deployed to stop the execution and propagation of known and unknown malware (viruses, trojans, worms, spyware, etc.). These tools collect signatures of known-bad files, store them in a blacklist, and block subsequent attempts by blacklisted files to run within the user environment. The technology is in decline due to poor effectiveness against unknown or heavily obfuscated malware as well as fileless malware. Malware blacklisting capabilities will continue to be available as a feature of future endpoint security solutions but will be combined with advanced technologies such as application integrity protection © 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
22
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
and endpoint visibility and control. Vendors in this space include AVG Technologies, Cisco, ESET, F-Secure, Intel Security, Kaspersky Lab, Lumension Security, Malwarebytes, Microsoft, Sophos, Symantec, Trend Micro, and Webroot.
FIGURE 12 TechRadar™: Decline Phase, Antimalware, Q1 ’17
Element
Categorization (if applicable)
Explanation
Definition
Antimalware solutions attempt to prevent the storage and execution of malicious code on the endpoint using a combination of signature blacklists (for previously seen malware) and generic signatures (for unknown malware). Malicious executables may include viruses, trojans, worms, spyware, ransomware, and adware.
Usage scenarios
Endpoint antimalware is deployed to stop the execution and propagation of known and unknown malware (viruses, trojans, worms, spyware, etc.). It works by collecting signatures of known-bad files, stored within what is known as a blacklist, then blocking subsequent attempts by blacklisted items to run within the user environment. Typically, both exact matches and near-matches are blocked using combinations of active and passive heuristics.
Vendors
AVG Technologies, Cisco, ESET, F-Secure, Intel Security, Kaspersky Lab, Lumension Security, Malwarebytes, Microsoft, Sophos, Symantec, Trend Micro, and Webroot
Estimated cost to implement
Medium. While upfront costs for antimalware are relatively low compared with other endpoint security options (generally around $10 to $25/endpoint/year), the low effectiveness for this type of protection typically leads to high operational costs when dealing with remediation tasks for threats missed by the technology.
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
23
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
FIGURE 12 TechRadar™: Decline Phase, Antimalware, Q1 ’17 (Cont.)
Element
Categorization (if applicable)
Explanation
Ecosystem phase
Decline
Antimalware has been declining in adoption for the past five years as newer, more effective solutions take hold within the market. The adoption rate will continue to drop unless new innovations can improve the accuracy with which endpoint antimalware solutions identify unknown or zero-day malware. Customers report frustration with the technology and often cite regulatory compliance mandates as a sole driver for continued operation of antimalware within their environments.
Business value-add, adjusted for uncertainty
Low
While antimalware is critical for business operations that fall under certain compliance mandates, customers report limited potential for business transformation. Long scan times can slow down user devices, leading to an unsatisfactory user experience and reduced business value. Buyers report low effectiveness at stopping new threats or zero-day malware, which ultimately leads to increased operational costs and remediation time, as well as disruption to business processes.
Time to reach next phase
3 to 5 years
Antimalware will remain in the Decline phase for the next three to five years as other endpoint security technologies gain in popularity. Malware blacklisting will likely continue as a feature within future endpoint security solutions but will be combined with advanced technologies such as application integrity protection and endpoint visibility and control.
Trajectory (known or prospective)
Minimal success
The potential for business transformation and criticality to business success are perceived as low. The low expectation of business need keeps the potential trajectory on one of minimal success.
Recommendations
Keep An Eye On The End Goal: Enabling A Dynamic Workforce The practice of endpoint security is evolving; security professionals must have a deep understanding of employee business workflows on each endpoint in order to quantify the risks posed by these devices and protect them appropriately. Implementing technologies that limit these risks without impacting user workflows (and, ultimately company revenue) should be the focus for your long-term strategy. To accomplish these goals, you should: ›› Map out your addressable attack surface to determine endpoint risk levels. What devices and applications do your employees use to get work done? Which endpoints have access to sensitive data, and what is the estimated value of this data in real dollars? How likely is it that an attacker
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
24
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
will target those endpoints and what is the potential impact security controls can have on the speed of business operations? These questions will all be part of the risk equation that will guide your current and future security tool investments. More importantly, they will also guide policy by uncovering the minimum level of security required on each endpoint. ›› Focus on tools that support business and employee workflows. After you understand the risks associated with each endpoint device and application, look for technologies to mitigate those risks to an acceptable level — there may be several for each type of risk. Some require little expertise to run and are quite effective at stopping malware and/or exploits, such as application whitelisting and secure configuration management, but these also come with a negative impact to user experience. This may be acceptable on high-risk remote employee endpoints and servers, but it may be overkill in other situations, such as highly dynamic developer machines or knowledge worker devices. In these situations, less draconian measures like endpoint visibility and control and user behavior analytics might be better options. ›› Prioritize vendors that will benefit the most from future consolidation. As this study shows, there are many areas where consolidation will likely lead to more effective suites. For instance, as signature-based antimalware products decline, new suites that offer integrated application integrity protection and behavioral detection (both process and user-based) will see increased adoption over the next three to five years. To get the most value from your endpoint security purchases, prioritize vendors (such as Carbon Black, Dell, IBM, Intel Security, Symantec, and Trend Micro) offering integrated threat prevention, detection, and response technologies.
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
25
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
Engage With An Analyst Gain greater confidence in your decisions by working with Forrester thought leaders to apply our research to your specific business and technology initiatives. Analyst Inquiry
Analyst Advisory
Webinar
To help you put research into practice, connect with an analyst to discuss your questions in a 30-minute phone session — or opt for a response via email.
Translate research into action by working with an analyst on a specific engagement in the form of custom strategy sessions, workshops, or speeches.
Join our online sessions on the latest research affecting your business. Each call includes analyst Q&A and slides and is available on-demand.
Learn more.
Learn more.
Learn more.
Forrester’s research apps for iPhone® and iPad® Stay ahead of your competition no matter where you are.
Supplemental Material Online Resource The underlying spreadsheet that exposes all of Forrester’s analysis of each of the 11 categories in the TechRadar (Figure 1) is available for download. Survey Methodology Forrester’s Global Business Technographics® Security Survey, 2016, was fielded in March to May 2016. This online survey included 3,588 respondents in Australia, Brazil, Canada, China, France, Germany, India, New Zealand, the UK, and the US from companies with two or more employees. Forrester’s Business Technographics ensures that the final survey population contains only those with significant involvement in the planning, funding, and purchasing of business and technology products and services. Research Now fielded this survey on behalf of Forrester. Survey respondent incentives include points redeemable for gift certificates. © 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
26
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
Data Sources Used In This TechRadar For each included TechRadar category, Forrester used a combination of three data sources to analyze the current ecosystem phase, business value adjusted for uncertainty, time to reach next phase, and trajectory: ›› Expert interviews, questionnaires, or online surveys. Forrester interviewed via phone interviews and online surveys experts on each category, including scientists in labs, academics, developers, and evangelists. Forrester received feedback from a total of 40 experts. ›› Product demonstrations. We asked vendors to conduct demonstrations of their product’s functionality. We used findings from these product demonstrations to validate details of each vendor’s product capabilities. ›› Customer and user interviews, questionnaires, or online surveys. Forrester interviewed current and potential customers and users via phone interviews and online surveys for every TechRadar category to understand their current and prospective uses and their impact on the customers’ businesses and the users’ work. Forrester received feedback from a total of 40 customers and users. The Forrester TechRadar Methodology Forrester uses the TechRadar methodology to make projections for more than a decade into the future of the use of an ecosystem of technologies or services most important to support the effective execution of a given business use case or function. We make these predictions based on the best information available at a given point in time. Forrester intends to update its TechRadar assessments on a regular schedule to assess the impact of future technical innovation, changing customer and end user demand, and the emergence of new complementary organizations and business models. Here’s the detailed explanation of how the TechRadar works. ›› X-axis: Divide ecosystem maturity into five sequential phases. TechRadar categories move naturally through five distinct stages: 1) creation in labs and early pilot projects; 2) survival in the market; 3) growth as adoption starts to take off; 4) equilibrium from the installed base; and 5) decline into obsolescence as other categories take their place. Forrester placed each of the 11 Endpoint Security categories in the appropriate phase based on the level of development of its ecosystem, which includes customers, end users, vendors, complementary services organizations, and evangelists.9 ›› Y-axis: Measure customer success with business value-add, adjusted for uncertainty. Seven factors define a TechRadar category’s business value-add: 1) evidence and feedback from implementations; 2) the investment required; 3) the potential to deliver business transformation; 4) criticality to business operations; 5) change management or integration problems; 6) network effects; and 7) market reputation. Forrester then discounts potential customer business value-add for uncertainty. If the TechRadar category and its ecosystem are at an early stage of development, we have to assume that its potential for damage and disruption is higher than that of a better-known category.10
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
27
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
›› Z-axis: Predict the time the category will take to reach the next ecosystem phase. Security and risk professionals need to know when a TechRadar category and its supporting constellation of investors, developers, vendors, and services firms will be ready to move to the next phase; this allows them to plan not just for the next year but for the next decade. Of course, hardware moves more slowly than software because of its physical production requirements, but all TechRadar categories will fall into one of five windows for the time to reach the next ecosystem phase: 1) less than one year; 2) between one and three years; 3) between three and five years; 4) between five and 10 years; and 5) more than 10 years.11 ›› Curves: Plot categories along one of three possible trajectories. All TechRadar categories will broadly follow one of three paths as they progress from creation in the labs through to decline: 1) significant success and a long lifespan; 2) moderate success and a medium to long lifespan; and 3) minimal success and a medium to long lifespan. We plot each of the 11 most important technologies for endpoint security on one of the three trajectories to help security professionals allocate their budgets and research time more efficiently.12 The highest point of all three of the curves occurs in the middle of the Equilibrium phase; this is the peak of business value-add for each of the trajectories — and at this point, the adjustment for uncertainty is relatively minimal because the category market is mature and well-understood. ›› Positions on curves: Where possible, use this to fine-tune the z-axis. We represent the time a TechRadar category and its ecosystem will take to reach the next phase of ecosystem development with the five windows above. Thus, categories with more than 10 years until they reach the next phase will appear close to the beginning of their ecosystem phase; those with less than one year will appear close to the end. However, let’s say we have two TechRadar categories that will both follow the moderate success trajectory, are both in the Survival phase, and will both take between one and three years to reach the next phase. If category A is likely to only take 1.5 years and category B is likely to take 2.5 years, category A will appear further along on the curve in the Survival phase. In contrast, if categories A and B are truly at equal positions along the x-, y-, and z-axes, we’ll represent them side by side. Vendor Companies Interviewed For This Report We would like to thank the following companies who generously gave their time during the research for this report. AppSense
Bromium
Armor Defense
BUFFERZONE Security
Avecto
Carbon Black
BeyondTrust
Cisco
Bitdefender
Cloudera
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
28
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
CounterTack
Nexusguard
CyberArk
Outlier Security
Cybereason
Palo Alto Networks
Cylance
Promisec
Digital Guardian
Red Canary
ESET
RES Software
Fidelis Cybersecurity
RSA
FireEye
Sasa Software
Hexis Cyber Solutions
Sophos
IBM
Symantec
Intel Security
Tanium
Invincea
Trend Micro
Kaspersky Lab
Tripwire
LANDESK
Webroot
LogRhythm
Ziften
Endnotes Source: Forrester’s Global Business Technographics Security Survey, 2016.
1
See the Forrester report “The State Of Enterprise Mobile Security, Q2 2015: Strategies Continue To Focus On Mobile Apps.”
2
For further details on the TechRadar methodology, refer to the Supplemental Material section of this document and our report introducing this type of research. See the Forrester report “Introducing Forrester’s TechRadar™ Research.”
3
See the Forrester report “TechRadar™: Mobile Security, Q1 2016.”
4
See the Forrester report “The Forrester Wave™: Endpoint Security Suites, Q4 2016.”
5
It’s no mystery that antivirus (AV) technologies are fighting a losing battle against an increasingly sophisticated malware threat landscape. Attackers often penetrate user endpoints with new malware that eludes the AV detection. As a result, security professionals must consider a different approach, one that doesn’t rely solely on an increasingly hard-to-manage signature blacklist. In its various forms, application control delivers a much-needed value proposition for endpoint protection. See the Forrester report “Application Control: An Essential Endpoint Security Component.”
6
Data wrapping claims to allow protection of corporate data from any device regardless of whether that data is at rest or in transit across the device, network, and application layers. An up-and-coming technology in the mobile security space, data wrapping, offers many benefits, mainly transparency and control over corporate data spanning the entire
7
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
29
For Security & Risk Professionals
January 27, 2017
TechRadar™: Endpoint Security, Q1 2017 Consolidation Will Lead To A Less Fragmented Market
data life cycle, and a better user experience for employees who can’t even detect the presence of the technology on their devices. While this technology is certainly promising, it has some implementation hurdles and costs to take into consideration. To learn more, see the Forrester report “Brief: Data Wrapping Promises Strong Mobile Data Security And A Positive User Experience.” See the Forrester report “The 2016 State Of Endpoint Security Adoption.”
8
Note that the five phases are not of any prescribed length of time. For the typical ecosystem profiles for each of the five phases, see Figure 3 in the introductory report. See the Forrester report “Introducing Forrester’s TechRadar™ Research.”
9
We outline the detailed questions we ask to determine business value adjusted for uncertainty in Figure 4 of the introductory report. See the Forrester report “Introducing Forrester’s TechRadar™ Research.”
10
Forrester will include relatively few categories that we predict will take more than 10 years to reach the next ecosystem phase. Expect to see these 10-year-plus categories only in the Creation phase for fundamental innovations and in the Equilibrium and Decline phases for categories on the “significant success” trajectory. We provide details on how we predict the amount of time that a given TechRadar category will take to reach the next phase of ecosystem evolution in the introductory report. See the Forrester report “Introducing Forrester’s TechRadar™ Research.”
11
We provide detailed information and examples of how we predict the amount of time that a TechRadar category will take to reach the next phase of ecosystem development in the introductory report. See the Forrester report “Introducing Forrester’s TechRadar™ Research.”
12
© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law.
[email protected] or +1 866-367-7378
30
We work with business and technology leaders to develop customer-obsessed strategies that drive growth. Products and Services ›› ›› ›› ›› ›› ››
Core research and tools Data and analytics Peer collaboration Analyst engagement Consulting Events
Forrester’s research and insights are tailored to your role and critical business initiatives. Roles We Serve Marketing & Strategy Professionals CMO B2B Marketing B2C Marketing Customer Experience Customer Insights eBusiness & Channel Strategy
Technology Management Professionals CIO Application Development & Delivery Enterprise Architecture Infrastructure & Operations ›› Security & Risk Sourcing & Vendor Management
Technology Industry Professionals Analyst Relations
Client support For information on hard-copy or electronic reprints, please contact Client Support at +1 866-367-7378, +1 617-613-5730, or
[email protected]. We offer quantity discounts and special pricing for academic and nonprofit institutions.
Forrester Research (Nasdaq: FORR) is one of the most influential research and advisory firms in the world. We work with business and technology leaders to develop customer-obsessed strategies that drive growth. Through proprietary research, data, custom consulting, exclusive executive peer groups, and events, the Forrester experience is about a singular and powerful purpose: to challenge the thinking of our clients to help them lead change in their organizations. 117399 For more information, visit forrester.com.
