Docstoc

Storage Decisions 2003

Document Sample
Storage Decisions 2003 Powered By Docstoc
					Buyer Beware:
2004 Vendor Report
Card

Andrew Briney, Information Security Magazine
David Taylor, TheInfoPro (TIP)
2004 Priorities Survey
TIP Wave 3 Study

• Feb-March 2004
• 175 decision-makers
interviewed in 6 month
“waves”
• Ave. interview: 1 hr
• Ratings and
commentary on 40
market sectors
  2004 Priorities Survey
 175 in-depth interviews

 SME’s: Perimeter Focus, First-Generation Defense

 Fortune 1000: “Portfolio Approach”

 Even Distribution of Spending

 Focus on Intelligence, Granularity, Analytics
The Security Spending Priority is Infrastructure for
F500s; Perimeter Security is a Higher Priority for SMEs
  2004 Budget Allocation




                                                                                                             2003 Security Expenditure


                           TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
 2004 Priorities Survey
Fortune 1000 Priorities:
 Perimeter
   •   Application intelligence (IPS, App FWs)
   •   Layered security controls
 Infrastructure
   •   Provisioning
   •   Identity Management
   •   Wireless
 Management
   •   Patch Management
   •   Vulnerability Management
   •   Scorecard/Dashboard
Other Emerging Trends

Infrastructure demand is driving interest in ESM, Single
 Sign-on & ID Management
  - Users are seeking more “architected” solutions,
   but have a lot of homegrown management tools
   that require integration

Spending on tactical security products narrowing to
 “visible” problems
  - Anti-Spam and patch management are high
   “tactical” priorities
        Other Emerging Trends, II

 HIDS, HIPS, Secure Messaging, ID Management are
  other spending priorities
  - These are relatively “open” markets with few
    dominant vendors

 TippingPoint, Cisco & NetScreen/Neoteris have the most
  “exciting” new products
  - High “Exciting” score is indicative of marketing
    and message effectiveness
        Other Emerging Trends, III
 Head-to-head comparisons of Firewall and AV leaders
  show NetScreen slightly ahead of Cisco and Check Point,
  and Symantec ahead of NAI and Trend Micro
  - They don’t make deals; interoperability and sales
    quality are differentiators

 Vendors rated best by their customers on key indicators
  Product Quality and Delivery as Promised include:
  NetScreen, Websense, VeriSign, Bindview and NAI.
  - Of the 12 ratings TIP gets on each vendor, these
    show differentiation well
Customers Plan to Spend More On
Focused, Sector-Leading Vendors




                                                                                                                                         Percent of
                                                                                                                                         Customers

     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Perimeter Roadmap:
IPS, Secure Msg. and Integrated Appliances Shine




                                                                                                                                                    Percent of
                                                                                                                                                    Users

     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Infrastructure Roadmap:
A Wealth of Projects are Being Launched




                                                                                                                                                    Percent of
                                                                                                                                                    Users

     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Management Roadmap:
Homegrown Tools & Lots of New Spending




                                                                                                                                                    Percent of
                                                                                                                                                    Users

     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Percentage of Users Planning
Implementations in the Next 6 Months




                                                                                                                        Which of these technologies
                                                                                                                        do you plan to implement in
                                                                                                                        the next 6 months?



                                                                                                                                                    Percent of
                                                                                                                                                    Users

     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Information Security Technology Heat Index:
Sectors With the Most Immediate Needs and Highest Spending
and Preferred Vendors




        TheInf oPro Study Security Wave 3 heat index weights near term plans higher than long term plans and weights the priorities of
        those enterprises with larger budgets higher than those with smaller budgets.
Intrusion Prevention – Perimeter:
Preferred Vendors for New Projects
                                                                           TIPNetwork Quotes:

                                                                             • Just implemented ISS’s new features. It's not bad. It is
                                                                               a little smarter and doesn't require the techie knowledge
                                                                               of an IDS. It is more intuitive. It's still in a trial state.
                                                                             • We ripped Cisco out because of too many false
                                                                               positives. We replaced Cisco with Snort.
                                                                             • We are not happy with Entrust’s IPS solution. When we
                                                                               turn logging on, the load cripples the system..
                                                                             • One of the reasons we like TippingPoint is that it's
                                                                               really more of a switch -- it checks at switch speeds. The
                                                                               design and architecture are built for speed and value.
                                                                             • Check Point’s SmartDefense has an option that we
                                                                               purchased that does application inspection features.
                                                                             • We use BlueCoat now, but we will look at the security
                                                                               appliance offerings for this functionality.
                                                                             • Someone told us about this company from Israel,
                                                                               Vsecure. We supported their launch in the U.S. We like
                                                                               to use the younger companies as beta sites.




                                                                                                                                                    Percent of
                                                                                                                                                    Users

     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Integrated Security Appliances:
Preferred Vendors for New Projects
                                                                           TIPNetwork Quotes:

                                                                             • There is absolute terror associated with a false positive
                                                                               because it can shut down our business. There are a
                                                                               couple of IPS devices we're looking at from Nokia with
                                                                               good heuristics and good packet inspection.
                                                                             • Check Point is way too expensive. We have an
                                                                               appliance for ISS for IDS. We didn't buy it, we
                                                                               outsourced to them.
                                                                             • We trust Symantec. Their appliance is reliable and we
                                                                               haven't had any breeches.as beta sites.
                                                                             • We use BlueCoat’s security gateway product. We were
                                                                               using them for other functions. There is a lot of value in
                                                                               one appliance.
                                                                             • We have SurfControl on an appliance for content
                                                                               management. I met them at a conference. It was easy
                                                                               to understand and their claims came through.
                                                                             • I like Crossbeam because it's blade scaleable. It's one
                                                                               big chassis with a high speed backpane.




                                                                                                                                                    Percent of
                                                                                                                                                    Users

     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Single Sign-On: Preferred Vendors for New Projects
                                                                           TIPNetwork Quotes:

                                                                             • Netegrity’s SiteMinder works well. We haven’t used it a
                                                                               lot because it is expensive for the way it is licensed.We
                                                                               will do SSO in-house because we have a lot of
                                                                               proprietary applications we run.
                                                                             • This is number one on my list of over-hyped
                                                                               technologies. If you use an AAA server and User
                                                                               Provisioning, in conjunction with enterprise LDAP, you
                                                                               can reduce your sign-ons to one or two. So, why spend
                                                                               your money on Single Sign-on?
                                                                             • We use v-GO Single Sign-On from Passlogix. But there
                                                                               is a lot of hype on this -- it's not fully there yet.
                                                                             • We'll move to a Microsoft solution. We've migrated
                                                                               away from Novell in almost every instance, which is a
                                                                               decision from above.
                                                                             • IBM’s Tivoli is a mature product. Though not perfect,
                                                                               they are a pretty close fit for less money.




                                                                                                                                                    Percent of
                                                                                                                                                    Users

     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Enterprise Security Mgmt. (ESM):
Preferred Vendors for New Projects
                                                                           TIPNetwork Quotes:

                                                                             • No one ties everything together. We have BigFix which
                                                                               does our patching, we use Foundstone that tells us
                                                                               Vulnerability, and Active Directory. Couldn't find anything
                                                                               to correlate all this meaningfully.
                                                                             • The business drivers aren't there. The technology is
                                                                               fairly mature, but the ROI is hard to determine for it.
                                                                             • We use NAI’s ePolicy Orchestrator (ePO) -- we have it
                                                                               now, for anti-virus across the enterprise. We just found
                                                                               out today that their Threat Scan plug-in for ePO does
                                                                               network discovery and host vulnerability assessments. If
                                                                               ePO can do all this, it will become extremely valuable.
                                                                             • We went with Intellitactics, based on a six to seven
                                                                               month project, including research, a Request for
                                                                               Comment, and a proof-of-concept for two months.
                                                                             • Use Ecora for log management. Also for correlation
                                                                               alerts and errors. It won't blast out alerts needlessly.




                                                                                                                                                    Percent of
                                                                                                                                                    Users

     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Top Security Vendors Reported to Have “Exciting” New Offerings

                                                                                        TIPNetwork Quotes:
                                                                                          Neoteris was acquired by NetScreen. The Neoteris sales
                                                                                          team pushed me in a direction that caused me to look at
                                                                                          other solutions. The sales team wasn't on the up and up.
                                                                                          But, they were best, despite the sales team.


                                                                                          Cisco's working on, with other vendors including
                                                                                          Microsoft, the ability to automatically scan when new
                                                                                          machine gets plugged into a network – checking for policy
                                                                                          and software-level compliance.


                                                                                          I would say, ZoneAlarm is exciting. Zone Labs is a
                                                                                          personal fire wall vendor. ISS’s BlackICE is a competitor.
                                                                                          Both do web content filtering.

                                                                                          AirDefense with their wireless security. CipherTrust with
                                                                                          their IronMail spam protection. It's a leap ahead of the
                                                                                          other spam vendors.


                                                                                          Brightmail has been a significant improvement over what
                                                                                          we had before, an older version of Trend Micro. I think
                                                                                          that we got Brightmail in just in time.



     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Firewall -- Head-to-Head Vendor Comparison:
Cisco vs. Check Point vs. NetScreen




    TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Anti-Virus -- Head-to-Head Vendor Comparison:
NAI vs. Symantec vs. Trend Micro




    TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Perimeter Security Vendor Ratings Comparison: Quality
and Fulfillment




                                                                                                                 Interviewees rated the 3-4 vendors
                                                                                                                 they know best on 12 factors. The
                                                                                                                 responses are divided into equal
                                                                                                                 quintiles, so there are the same
                                                                                                                 number of responses in group,
                                                                                                                 from the 0 blue boxes through 4
                                                                                                                 blue boxes. 0 blue boxes is the
                                                                                                                 lowest quintile; 4 blue boxes is the
                                                                                                                 highest quintile.



    TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Infrastructure Security Vendor Ratings Comparison:
Quality and Fulfillment




    TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Management Security Vendor Ratings Comparison:
Quality and Fulfillment




     TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Services Security Vendor Ratings Comparison: Quality
and Fulfillment




    TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Content Filtering Vendor Ratings Comparison: Quality
and Fulfillment




    TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Customers Planning to Switch From Their Current Security Vendor




    TheInfoPro Study Security Wave 3 (3/9/04) Based on 188 Interviews. Not all interviewees answer all questions, so individual q uestion n’s will vary.
Customer Narratives on Their Security Vendors

 Check Point: “The problem with Check Point is that they
  have outsourced their sales to an OEM. The sales people
   here don't know anything about their product. They don't
   understand the delivery process or navigate the Check
   Point maze.”

 Nokia: “Nokia looked to be the best at the time. We're
   conceptually looking at alternatives. Would like better
   integration with our network environment.”
         Customer Narratives on Their Security
         Vendors, II

 NetScreen: “Best in industry in an emerging technology.
  They weed out false positives faster and better than Check
  Point, and cost a bit less.”

 TrendMicro: “Central console to manage deployment of latest
  scanner and virus pattern files. Weaknesses are their
  reporting -- it's hard to use their product to easily write a report
  about anti-virus activity in a meaningful way to give to
  management.“
            Customer Narratives on Their Security
            Vendors, III

 Symantec: “They catch all the viruses. They also have good name
  recognition. They do an excellent job of keeping signatures up-to-date. Their
  support and sales groups are weak. They have a habit of changing your
  contacts often and were very late to the game with the managed solution. “
 Network Associates: “NAI’s customer service is strong. They have clear
  product upgrade paths, as solid technical staff. Their software has improved
  from release to release. We find few bugs. We get little up-sell sales
  pressure from their VAR channel, and the people are easy to deal with. Their
  financials are a weakness. It's hard to justify them being strategic. We heard
  they were merging with ISS & then they bought Intruvert.”
Coming Up in December…
Products of the Year
Thank you.

Questions, comments?

				
DOCUMENT INFO