Buyer Beware: 2004 Vendor Report Card

1
Buyer Beware 2004 Vendor Report Card
Andrew Briney, Information Security
Magazine David Taylor, TheInfoPro (TIP)
2
2004 Priorities Survey
3

• TIP Wave 3 Study
• Feb-March 2004
• 175 decision-makers interviewed in 6 month
  waves
• Ave. interview 1 hr
• Ratings and commentary on 40 market sectors

4
2004 Priorities Survey

• 175 in-depth interviews
• SMEs Perimeter Focus, First-Generation Defense
• Fortune 1000 Portfolio Approach
• Even Distribution of Spending
• Focus on Intelligence, Granularity, Analytics

5
The Security Spending Priority is Infrastructure
for F500s Perimeter Security is a Higher
Priority for SMEs
2004 Budget Allocation
2003 Security Expenditure
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
6
2004 Priorities Survey

• Fortune 1000 Priorities
• Perimeter
• Application intelligence (IPS, App FWs)
• Layered security controls
• Infrastructure
• Provisioning
• Identity Management
• Wireless
• Management
• Patch Management
• Vulnerability Management
• Scorecard/Dashboard

7
Other Emerging Trends

• Infrastructure demand is driving interest in ESM,
  Single Sign-on ID Management
• - Users are seeking more architected solutions,
  but have a lot of homegrown management tools that
  require integration
• Spending on tactical security products narrowing
  to visible problems
• - Anti-Spam and patch management are high
  tactical priorities

8
Other Emerging Trends, II

• HIDS, HIPS, Secure Messaging, ID Management are
  other spending priorities
• - These are relatively open markets with few
  dominant vendors
• TippingPoint, Cisco NetScreen/Neoteris have the
  most exciting new products
• - High Exciting score is indicative of
  marketing and message effectiveness

9
Other Emerging Trends, III

• Head-to-head comparisons of Firewall and AV
  leaders show NetScreen slightly ahead of Cisco
  and Check Point, and Symantec ahead of NAI and
  Trend Micro
• - They dont make deals interoperability and
  sales quality are differentiators
• Vendors rated best by their customers on key
  indicators Product Quality and Delivery as
  Promised include NetScreen, Websense, VeriSign,
  Bindview and NAI.
• - Of the 12 ratings TIP gets on each vendor,
  these show differentiation well

10
Customers Plan to Spend More On Focused,
Sector-Leading Vendors
Percent of Customers
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
11
Perimeter Roadmap IPS, Secure Msg. and
Integrated Appliances Shine
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
12
Infrastructure Roadmap A Wealth of Projects
are Being Launched
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
13
Management Roadmap Homegrown Tools Lots of
New Spending
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
14
Percentage of Users PlanningImplementations in
the Next 6 Months
Which of these technologies do you plan to
implement in the next 6 months?
Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
15
Information Security Technology Heat
IndexSectors With the Most Immediate Needs and
Highest Spending and Preferred Vendors
TheInfoPro Study Security Wave 3 heat index
weights near term plans higher than long term
plans and weights the priorities of those
enterprises with larger budgets higher than those
with smaller budgets.
16
Intrusion Prevention Perimeter Preferred
Vendors for New Projects
TIPNetwork Quotes

• Just implemented ISSs new features. It's not
  bad. It is a little smarter and doesn't require
  the techie knowledge of an IDS. It is more
  intuitive. It's still in a trial state.
• We ripped Cisco out because of too many false
  positives. We replaced Cisco with Snort.
• We are not happy with Entrusts IPS solution.
  When we turn logging on, the load cripples the
  system..
• One of the reasons we like TippingPoint is that
  it's really more of a switch -- it checks at
  switch speeds. The design and architecture are
  built for speed and value.
• Check Points SmartDefense has an option that we
  purchased that does application inspection
  features.
• We use BlueCoat now, but we will look at the
  security appliance offerings for this
  functionality.
• Someone told us about this company from Israel,
  Vsecure. We supported their launch in the U.S.
  We like to use the younger companies as beta
  sites.

Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
17
Integrated Security Appliances Preferred
Vendors for New Projects
TIPNetwork Quotes

• There is absolute terror associated with a false
  positive because it can shut down our business.
  There are a couple of IPS devices we're looking
  at from Nokia with good heuristics and good
  packet inspection.
• Check Point is way too expensive. We have an
  appliance for ISS for IDS. We didn't buy it, we
  outsourced to them.
• We trust Symantec. Their appliance is reliable
  and we haven't had any breeches.as beta sites.
• We use BlueCoats security gateway product. We
  were using them for other functions. There is a
  lot of value in one appliance.
• We have SurfControl on an appliance for content
  management. I met them at a conference. It was
  easy to understand and their claims came through.
• I like Crossbeam because it's blade scaleable.
  It's one big chassis with a high speed backpane.

Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
18
Single Sign-On Preferred Vendors for New
Projects
TIPNetwork Quotes

• Netegritys SiteMinder works well. We havent
  used it a lot because it is expensive for the way
  it is licensed.We will do SSO in-house because we
  have a lot of proprietary applications we run.
• This is number one on my list of over-hyped
  technologies. If you use an AAA server and User
  Provisioning, in conjunction with enterprise
  LDAP, you can reduce your sign-ons to one or two.
  So, why spend your money on Single Sign-on?
• We use v-GO Single Sign-On from Passlogix. But
  there is a lot of hype on this -- it's not fully
  there yet.
• We'll move to a Microsoft solution. We've
  migrated away from Novell in almost every
  instance, which is a decision from above.
• IBMs Tivoli is a mature product. Though not
  perfect, they are a pretty close fit for less
  money.

Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
19
Enterprise Security Mgmt. (ESM) Preferred
Vendors for New Projects
TIPNetwork Quotes

• No one ties everything together. We have BigFix
  which does our patching, we use Foundstone that
  tells us Vulnerability, and Active Directory.
  Couldn't find anything to correlate all this
  meaningfully.
• The business drivers aren't there. The
  technology is fairly mature, but the ROI is hard
  to determine for it.
• We use NAIs ePolicy Orchestrator (ePO) -- we
  have it now, for anti-virus across the
  enterprise. We just found out today that their
  Threat Scan plug-in for ePO does network
  discovery and host vulnerability assessments. If
  ePO can do all this, it will become extremely
  valuable.
• We went with Intellitactics, based on a six to
  seven month project, including research, a
  Request for Comment, and a proof-of-concept for
  two months.
• Use Ecora for log management. Also for
  correlation alerts and errors. It won't blast
  out alerts needlessly.

Percent of Users
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
20
Top Security Vendors Reported to Have Exciting
New Offerings
TIPNetwork Quotes
Neoteris was acquired by NetScreen. The Neoteris
sales team pushed me in a direction that caused
me to look at other solutions. The sales team
wasn't on the up and up. But, they were best,
despite the sales team.
Cisco's working on, with other vendors including
Microsoft, the ability to automatically scan when
new machine gets plugged into a network
checking for policy and software-level compliance.
I would say, ZoneAlarm is exciting. Zone Labs is
a personal fire wall vendor. ISSs BlackICE is a
competitor. Both do web content filtering.
AirDefense with their wireless security.
CipherTrust with their IronMail spam protection.
It's a leap ahead of the other spam vendors.
Brightmail has been a significant improvement
over what we had before, an older version of
Trend Micro. I think that we got Brightmail in
just in time.
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
21
Firewall -- Head-to-Head Vendor Comparison
Cisco vs. Check Point vs. NetScreen
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
22
Anti-Virus -- Head-to-Head Vendor Comparison
NAI vs. Symantec vs. Trend Micro
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
23
Perimeter Security Vendor Ratings Comparison
Quality and Fulfillment
Interviewees rated the 3-4 vendors they know best
on 12 factors. The responses are divided into
equal quintiles, so there are the same number of
responses in group, from the 0 blue boxes through
4 blue boxes. 0 blue boxes is the lowest
quintile 4 blue boxes is the highest quintile.
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
24
Infrastructure Security Vendor Ratings
Comparison Quality and Fulfillment
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
25
Management Security Vendor Ratings Comparison
Quality and Fulfillment
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
26
Services Security Vendor Ratings Comparison
Quality and Fulfillment
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
27
Content Filtering Vendor Ratings Comparison
Quality and Fulfillment
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
28
Customers Planning to Switch From Their Current
Security Vendor
TheInfoPro Study Security Wave 3 (3/9/04) Based
on 188 Interviews. Not all interviewees answer
all questions, so individual question ns will
vary.
29
Customer Narratives on Their Security Vendors

• Check Point The problem with Check Point is
  that they have outsourced their sales to an OEM.
  The sales people here don't know anything about
  their product. They don't understand the delivery
  process or navigate the Check Point maze.
• Nokia Nokia looked to be the best at the time.
  We're conceptually looking at alternatives.
  Would like better integration with our network
  environment.

30
Customer Narratives on Their Security Vendors, II

• NetScreen Best in industry in an emerging
  technology. They weed out false positives faster
  and better than Check Point, and cost a bit
  less.
• TrendMicro Central console to manage deployment
  of latest scanner and virus pattern files.
  Weaknesses are their reporting -- it's hard to
  use their product to easily write a report about
  anti-virus activity in a meaningful way to give
  to management.

31
Customer Narratives on Their Security Vendors, III

• Symantec They catch all the viruses. They also
  have good name recognition. They do an excellent
  job of keeping signatures up-to-date. Their
  support and sales groups are weak. They have a
  habit of changing your contacts often and were
  very late to the game with the managed solution.
  
• Network Associates NAIs customer service is
  strong. They have clear product upgrade paths,
  as solid technical staff. Their software has
  improved from release to release. We find few
  bugs. We get little up-sell sales pressure from
  their VAR channel, and the people are easy to
  deal with. Their financials are a weakness.
  It's hard to justify them being strategic. We
  heard they were merging with ISS then they
  bought Intruvert.

32
Coming Up in DecemberProducts of the Year
33
Thank you.Questions, comments?