2012 Infonetics DDoS Prevention Appliances Analysis 2nd Edition

DDoS Prevention Appliances Biannual Worldwide and Regional Market Share and Forecasts: 2nd Edition

Analysis December 7, 2012

TABLE OF CONTENTS

TOP TAKEAWAYS: DDOS PREVENTION WILL REACH $272M IN 2012 ....................................................... 1

MARKET SIZE AND FORECAST ANALYSIS: DDOS PREVENTION APPLIANCE REVENUE PASSES $70M IN 3Q12 ................................................................................................................................................... 2

LONG-TERM FORECAST: CARRIER TRANSIT MARKET LOSING SHARE TO MOBILE NETWORKS AND DATA CENTERS.............................................................................................................................................. 3

GEOGRAPHIC ANALYSIS: NORTH AMERICA LEADS, APAC AND CALA GROW MOST ..................................... 5

MANUFACTURERS AND MARKET SHARE ANALYSIS: ARBOR NETWORKS MAINTAINS LEAD ........................ 7

TECHNOLOGY ROADMAP........................................................................................................................ 10

MARKET DRIVERS ................................................................................................................................. 11

DDOS RISK PROFILE .............................................................................................................................. 12

GOVERNMENT DRIVERS......................................................................................................................... 14

DEMAND-SIDE DATA.............................................................................................................................. 15

CATEGORY DEFINITIONS ........................................................................................................................ 16

This is a paid service intended for the recipient organization only; reproduction and sharing with third parties is prohibited.

Copyright © 2012 by Infonetics Research, Inc. All rights reserved. i



Copyright © 2012 by Infonetics Research, Inc. All rights reserved. ii

LIST OF EXHIBITS

EXHIBIT 1 WORLDWIDE DDOS PREVENTION APPLIANCE QOQ AND YOY COMPARISONS ............. 2

EXHIBIT 2 WORLDWIDE DDOS PREVENTION APPLIANCE REVENUE BY DEPLOYMENT LOCATION 4

EXHIBIT 3 WORLDWIDE DDOS PREVENTION APPLIANCE REVENUE BY CATEGORY..................... 5

EXHIBIT 4 DDOS PREVENTION APPLIANCE REVENUE BY GEOGRAPHIC REGION......................... 6

EXHIBIT 5 DDOS PREVENTION WORLDWIDE QUARTERLY REVENUE MARKET SHARE ................. 8

EXHIBIT 6 DDOS PREVENTION BY CATEGORY WORLDWIDE QUARTERLY REVENUE MARKET SHARE .................................................................................... 9

EXHIBIT 7 DDOS PREVENTION TECHNOLOGY ROADMAP .......................................................... 10

EXHIBIT 8 ANATOMY OF A DDOS ATTACK .............................................................................. 13


TOP TAKEAWAYS: DDOS PREVENTION WILL REACH $272M IN 2012

Revenue for DDoS prevention appliances is expected to continue to grow over 20% annually for the next three years, with a volatile mix of drivers continuing to interact, including:

• A never-ending onslaught of threat events, punctuated by the financial services attacks in September 2012

• Rampant Internet traffic growth

• Growing enterprise demand for DDoS prevention solutions

• Data center consolidation, data center upgrades, and the rollout of cloud infrastructure

• Massive mobile network capacity upgrades

• Deployment of managed DDoS services

Key data points:

• Revenue will reach $271.8M in 2012, up 29% from 2011

• DDoS prevention spending in data centers will pass traditional carrier transport spending in 2012, and the data center segment maintains a healthy 22% 2011–2016 CAGR.

• The mobile segment shows the most explosive growth (32.7% CAGR from 2011 to 2016) as it rides the compound wave of a transition to IP and data, massive increases in capacity, and a new role as a juicy and highly visible target for attacks.

• In 3Q12, North America accounted for 52% of DDoS prevention appliance revenue, followed by EMEA and Asia Pacific, with 19.2% and 22.6%, respectively, and CALA coming in a distant fourth at 6.5%, though CALA manages the highest growth from 2011 to 2016 as many carriers look to deploy their first serious DDoS mitigation solutions.

• For 3Q12 total DDoS prevention appliance revenue, Arbor ranks first with 56.1% (up 1 point from 2Q12), followed by Radware at 8.9%.

• Major security vendors are integrating high-performance DDoS prevention into multifunction products that will go head to head with mid-range offerings from the dedicated DDoS appliance vendors; we haven’t seen a material impact of this integration yet, but it contributes to the decreasing growth we forecast in later years (2015–2016).

Gray shading denotes analysis updated since June 7, 2012


Copyright © 2012 by Infonetics Research, Inc. All rights reserved.

1


MARKET SIZE AND FORECAST ANALYSIS: DDOS PREVENTION APPLIANCE REVENUE PASSES $70M IN 3Q12

DDoS prevention appliances are the first line of defense for most service providers and large enterprises around the globe looking to protect themselves from brute-force attacks on network or resource availability, and with the unprecedented number, size, and coverage of DDoS attacks over the last 24 months, vendors who build DDoS prevention solutions have seen and continue to see a significant increase in demand.

CY11 revenue was $210.6M, up 43% over CY10, and CY12 revenue is expected to be up another 29% over CY11; strong growth continues in 2012 as attacks intensify (punctuated by a very deliberate set of attacks aimed at US financial institutions in September) and the world works to pull itself out of a global recession; 2012 worldwide revenue will likely be around $272M, which is nearly 30% above 2011. Looking at the more recent quarterly market performance data, revenue was up 8.9% between 2Q12 and 3Q12 (the market totaled $70.7M in 3Q12), and revenue will grow 31.7%, to $93M by 3Q13. By CY16, revenue will hit $485.6M, a 2011-2016 CAGR of 18.2%. The table below shows QoQ and YoY comparisons for units and revenue.

Exhibit 1 Worldwide DDoS Prevention Appliance QoQ and YoY Comparisons

DDoS Prevention Appliance Revenue and Units % Change

CY10 CY11 2Q12 3Q12 2011 vs

2010 3Q12 vs

2Q12

Revenue ($M) $147.2 $210.6 $64.9 $70.7 43.0% 8.9%Units (K) 2.0 2.9 0.9 1.0 47.3% 8.0%

We cover broad market drivers later in this report, but put simply, the key drivers for increased investment in DDoS prevention solutions include:

• The increasing volume of highly visible attacks, including a mix of politically motivated attacks, state-sponsored electronic warfare, social activism, organized crime, and good old fashioned pointless mischief and mayhem, driven by the easy availability of bots/botnets for hire and easily distributed crowd-sourced attack tools (like LOIC, originally created by Anonymous to attack the Church of Scientology)

• Internet traffic growth, which has driven major carriers to upgrade their backbone infrastructure to increase capacity, driving a need for increased capacity DDoS prevention solutions

• Enterprise demand for DDoS prevention solutions, either fulfilled by rolling out their own protection infrastructure, or buying managed services from providers who consume prevention solutions and build services for the end customer

• Data center consolidation, data center upgrades, and the rollout of the cloud infrastructure that will underpin the next generation of cloud services; large data centers and cloud providers are highly visible targets who must protect their own infrastructure and the customers who trust them to host data and applications




2


• Mobile network upgrades, which many mobile providers are making to deliver 3G and 4G services and meet the demand for broadband data for mobile devices, are forcing providers to add new layers of network protection and increase their overall security processing capacity; backhaul networks alone are adding orders of magnitude more capacity, driving the need for new DDoS solutions

• Managed DDoS mitigation services; in addition to purchasing DDoS solutions to protect their own infrastructure, many carriers around the globe are buying DDoS products to build out managed services for their customers, and specialized hosted DDoS service providers (like Prolexic) are gaining popularity with enterprise customers looking for DDoS prevention but lacking the expertise or capital to deploy their own

In the July 2012 edition of this report, our forecast for 3Q12 was $66.2M; 3Q12 actual was $70.7M, which is 6.8% above our forecast. Looking at the long-term forecast, our initial 2016 forecast was $421.6M, which we have increased by 15.2% to $485.6M. This is only our second edition of this bi-annual report and we continue to tune our forecast model. We’re not expecting to make significant changes (more than 5%) in the next edition of the report.

LONG-TERM FORECAST: CARRIER TRANSIT MARKET LOSING SHARE TO MOBILE NETWORKS AND DATA CENTERS

Exhibit 2 shows annual revenue for the DDoS prevention appliance market split by the four deployment locations we track, as well as the year-over-year growth for the total market (the red line). The DDoS prevention appliance market will get a great push through 2016, maintaining double-digit annual increases through our entire forecast.

Though vendors don’t directly report revenue by deployment location, they do provide good guidance, and we estimate the rest based on discussions with their customers and channel partners. The traditional carrier transport market (which leading vendor Arbor has dominated for nearly a decade) is currently the largest market by deployment location, but it has the lowest 2011 to 2016 CAGR (8.6%). The data center segment (enterprise and carrier, including hosted DDoS service environments) will pass carrier transport in 2012 though, and maintains a healthy 22% 2011 to 2016 CAGR. Enterprise deployments have grown particularly well in 2012 for several key vendors (including Arbor, who noted that they sold more of their enterprise mitigation solution in North America in the first year of its availability than they sold of their service provider mitigation solution its first year).

The mobile segment shows the most explosive growth (32.7% CAGR from 2011 to 2016) as it rides the compound wave of a transition to IP and data, massive increases in capacity, and a new role as a juicy and highly visible target for attacks. Mobile carriers are interested in protecting their networks as well as understanding what’s flowing across them, driving many to look at a combination of DDoS and standalone DPI solutions (which we track in our Service Provider Deep Packet Inspection Products service). Arbor alone announced mobile deployments at SK Telecom, Hunan Mobile, and Star Hub in the last 6 months.




3


Exhibit 2 Worldwide DDoS Prevention Appliance

Revenue by Deployment Location

$0

$50

$100

$150

$200

$250

CY09 CY10 CY11 CY12 CY13 CY14 CY15 CY16

Reve

nue

(US$

M)

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

Data center Carrier transport Mobile Government Revenue growth




4


The next chart shows the same segments as the annual forecast chart above, but expresses the data in terms of market share by segment. As discussed already, the inflection point between carrier transport and data center spending is this year, and mobile spending is making the impressive gain, though starting from a significantly smaller base.

Exhibit 3 Worldwide DDoS Prevention Appliance Revenue by Category

0%

10%

20%

30%

40%

50%


Perc

ent o

f Rev

enue

Carrier transport Data center Government Mobile

GEOGRAPHIC ANALYSIS: NORTH AMERICA LEADS, APAC AND CALA GROW MOST

In 3Q12, North America accounted for 52% of DDoS prevention appliance revenue, followed by EMEA and Asia Pacific, with 19.2% and 22.6%, respectively; CALA came in a distant fourth at 6.5%. The next chart shows the annual data for geographic distribution; the general trend is a gradual decrease (in share) in North America as other regions increase (as North America is several years ahead of the rest of the world investing in DDoS prevention solutions). CALA manages the highest 2011 to 2016 CAGR of the regions covered in the report, sitting at 52.6%. There are significant infrastructure upgrades happening in the carrier market in CALA, and in many cases carriers are investing in their first serious DDoS mitigation solutions, driving the strong growth we see in that region.




5


The largest vendor in this market (Arbor) is based in the US, but there are regional vendors serving enterprises and service providers in their home regions primarily, including GenieNRM in APAC and Andrisoft and Radware in EMEA. Though these vendors are significantly smaller than Arbor and some of the other North American vendors, we expect long-standing relationships and the desire to acquire security solutions in-region (particularly in APAC) could drive stronger growth for these vendors over the next 2 years.

Exhibit 4 DDoS Prevention Appliance Revenue by Geographic Region

0%

10%

20%

30%

40%

50%

60%


Per

cent

of R

even

ue

North America EMEA APAC CALA




6


MANUFACTURERS AND MARKET SHARE ANALYSIS: ARBOR NETWORKS MAINTAINS LEAD

For 3Q12 total DDoS prevention appliance revenue, Arbor ranks first with 56.1% (up 1 point from 2Q12), followed by Radware at 8.9% and Narus at 7.1%, respectively; GenieNRM and Andrisoft round out fourth and fifth with 3.1% and 0.3%, respectively. There are other major vendors in this space whose share we aren’t reporting yet, including Cloudshield, Intruguard, RioRey, and Corero (formerly Top Layer); as this service continues we expect to be able to break out revenue for those vendors as well. That said, Arbor is the clear leader in this market, and has maintained dominant market share for years; though as we’ll see in the discussion of market share by deployment location, there are openings for share change.

The overall performance of this market and the vendors in it will be challenged by the widening availability of hosted/SaaS solutions (though providers who offer them have to acquire mitigation technology to run their services), and the introduction of new integrated platforms that include DDoS prevention as a feature. Arbor and Alcatel Lucent announced a combined offering in January 2012 that couples ALU routers and a specialized DDoS mitigation blade from Arbor, and though Arbor will recognize revenue for this service, it’s unclear how the availability of an integrated product affects the long-term growth potential for their standalone products. Another vendor, F5, launched a specialized data center firewall product based on their BigIP traffic management platform, and DDoS prevention is one of the cornerstone features of this product.

We expect other major security vendors to build and offer data center specialized security platforms that will integrate high-performance DDoS prevention, and these products will likely go head to head with mid-range offerings from the dedicated DDoS appliance vendors. We haven’t seen a material impact of these integration trends on the standalone DDoS prevention market yet, but parallel markets (particularly standalone IPS and standalone web/mail security, markets that are both plateauing right now) form the basis for the decreasing growth we forecast in the later years (2015/2016).

The percentage of units and revenue currently tracked in the "other" category is roughly 25%, primarily because we’re not yet breaking out share for the vendors listed above (all private companies).




7





8

Exhibit 5 DDoS Prevention Worldwide Quarterly Revenue Market Share

0%

10%

20%

30%

40%

50%

60%

70%

1Q11 2Q11 3Q11 4Q11 1Q12 2Q12 3Q12

Per

cent

of R

even

ue

Arbor Narus Radware GenieNRM Andrisoft


The table below shows the top three vendors in each of the deployment location segments we track in this report. Arbor leads overall, but their lead is less dominant once we look beyond the carrier transport sub-market. They have significant share in data center as well, and addressed a product hole with the release of their Pravail APS solution, but several other vendors (including Intruguard and RioRey, not shown in this table) have a strong focus on data center and good share position in that segment. Arbor has not focused on government business, and even with their dominant lead in the market overall, they don’t come up as the leader for government spending on DDoS prevention solutions in 3Q12. They’re focusing on higher-growth opportunities like mobile and data center, and though that seems like a good call overall, government customers tend to be loyal, and government contracts last a long time.

Exhibit 6 DDoS Prevention By Category Worldwide Quarterly Revenue Market Share

Worldwide DDoS Prevention Appliance Revenue Market Share (%)

4Q11 1Q12 2Q12 3Q12 CY10 CY11Carrier transport and wired broadband Arbor 74.2% 72.9% 68.4% 70.6% 72.1% 76.6%Radware 6.0% 6.2% 9.3% 8.0% 7.7% 5.4%GenieNRM 2.8% 3.0% 3.3% 3.1% 2.8% 2.7%Enterprise and carrier data centers Arbor 59.4% 59.1% 55.1% 57.1% 53.5% 60.6%Radware 4.5% 4.5% 6.1% 5.8% 7.1% 4.5%GenieNRM 1.1% 1.1% 1.1% 1.2% 1.3% 1.2%Government networks Arbor 20.1% 15.1% 19.1% 13.7% 14.4% 18.3%Narus 0.0% 0.0% 0.0% 0.0% 0.0% 0.0%Radware 14.5% 15.0% 21.6% 18.1% 21.7% 15.2%Mobile networks Arbor 50.6% 50.9% 51.2% 48.2% 29.8% 47.2%Narus 3.9% 3.5% 3.0% 3.4% 6.4% 4.1%Radware 11.0% 10.1% 14.4% 12.7% 20.2% 11.5%




9


TECHNOLOGY ROADMAP

Exhibit 7 DDoS Prevention Technology Roadmap

Up to 2001 2009-2012 2013 a

First major public attack hits Yahoo! in 2000; specialist products emerge in 2000/2001

Capacity reforce carriededicated s

2002-2008

Specialist providers continue developing platforms; Arbor grabs majority of SP/transport market; news of major attacks slows and there's little interest in development of new standalone solutions

Consolidation of data centers, binfrastructure, and rapid expansinetworks drive the need for DDothose environments; new vendormarket with solutions targeting mtraditional transport network bus

Network/security product manufacturers embed DDoS into firewalls/IPS/ro

Prolexic Technologies is founded in 2003; develops a hosted DDoS solutigambling sites; builds out hosted solution offering to make DDoS preventicustomers of all sizes

2009-2012 the busiest period inDDoS attacks; availability of easand politically, socially, and finamotivated attacks bring DDoS to

nd Beyond

quirements rs to buy olutions, but

down-market demand drives hosted services, integrated solutions, and low-end/virtual appliances

uildout of cloud on of mobile S solutions for s enter the

ore than the iness

uters

on for online on available to

history for y-to-use tools, ncially the forefront




10


MARKET DRIVERS

The state of the global economy factors into all of our forecasts, and our take on the overall health of the economy and its impact on enterprise and service provider spending can be found in Fundamental Telecom-Datacom Market Drivers, a PDF available in Infonetics Research's service portal section for this report.

Without a doubt, the number-one driver for the DDoS prevention market is the attacks themselves. Most major vendors operate threat labs and publish regular reports on threats, and the threat landscape is getting bigger, more complex, and scarier at an alarming rate. From the September ’12 US bank attacks to the Iranian elections, Wikileaks, and the Anonymous army attacking anything with a whirring fan, DDoS attacks have been big news for the last two years. The rise of botnets and easy-to-use tools (like LOIC) for launching attacks means that there are more DDoS attacks pushing greater volumes of traffic, initiated by a wider variety of attackers than ever before. There is no indication that the pace of innovation in the creation of attacks and the ingenuity that drives the distribution of those threats will ever slow down, and so prevention solutions need to continue to evolve as well

Many service providers worldwide are financially healthy despite a harsh global economy, and are building out networks to support massive increases in data and IP traffic. New network buildouts drive the need for new security investment, and demand in data centers and mobile backhaul networks in particular is driving significant spending in new high-end security solutions for a wide variety of protection mechanisms, including DDoS prevention. Service providers have the largest infrastructure to protect, and directly touch the end customers, and as a result service provider networks see most of the DDoS attack traffic, and providers represent the bulk of the spending on DDoS prevention products.




11


The move toward cloud-based solutions and SaaS the security market, which gained mainstream attention with Google's acquisition of Postini in 2007, has already been a key driver for the deployment of DDoS appliances. Many small, medium, and even large enterprises, and many small to medium service providers (particularly hosting providers) don’t have the money or resources to build their own DDoS prevention infrastructure. In 2003, Prolexic Technologies was founded with the aim of providing cloud-based DDoS protection for the online gaming market (one of the favorite targets of DDoS attacks at the time), and has since evolved into a full-service hosted DDoS service provider selling to enterprises and service providers alike. While on the surface, solutions like the one Prolexic offers would appear to cut in to the market for appliances, the truth is that hosted solutions are always built on underlying technology that is often built and sold by the vendors tracked in this service.

DDOS RISK PROFILE

There are three basic types of issues form the risk profile that most enterprises and service providers use to determine when (and how much) to invest in a given security solutions. The ability of a solution to address these risks is the primary determining factor in the financial success and long-term viability of the commercial market for that solution. The three categories of risk are:

• Loss of data is the first risk category; typical data-loss prevention solutions range from data encryption to intrusion prevention and access control. For an organization to invest in security to prevent loss of data, they must have valuable data to protect, and they must understand the monetary value of that data; as a result, investing in security to prevent data loss is a priority for a subset of all organizations around the world.

• The second risk category includes regulatory or compliance repercussions for not protecting electronic assets; in the absence of regulations or compliance, many companies may not choose to invest in security solutions for their valuable data; many vertical markets are affected by regulations (such as healthcare and finance), and there are other regulations that impact broader groups of organizations (PCI, SOX, or GLBA in the US). Even non-regulated industries can face compliance issues that impact security spending, as many companies are required to demonstrate a certain level of security for business licensing or insurance purposes; regardless, the threat of repercussions for not being compliant drives many organizations around the globe to invest in network security.

• The final risk category is the negative impact of availability/downtime problems; in our 2007 study The Costs of Network Security Attacks: North America 2007 we found that organizations lose an average of 0.5% to 2.5% of annual revenue due to security-related downtime. When online retailers go down, they lose revenue; when trading systems are attacked and traders cannot trade, they lose revenue. Businesses that have their websites defaced or forced out of commission can suffer intangible damage associated with brand and image. This risk is horizontal, as companies of all type and size are plagued by downtime associated with security attacks regardless of the value of their data or regulatory or compliance requirements.




12


DDoS prevention is only peripherally involved in protecting against loss of data, and as for regulatory/compliance requirements, in cases where availability is mandated as part of the regulation, then a DDoS solution can be deployed, but where DDoS really matters is loss due to downtime/lack of availability. DDoS attacks, are by name, an attempt to deny a service; that can be any number of services, denied for any purpose an attacker can dream up. The diagram below shows the basic structure of a DDoS attack.

Exhibit 8 Anatomy of a DDoS Attack

DDoS attacks are simple: flood a resource with traffic until that resource overloads and becomes non-functional. Some attacks require vulnerabilities in the end system, while others simply require brute force. The availability of rental botnets and simple tools has made it simple for anyone to launch an attack, and the scale of the attacks is growing rapidly. Most of the technical innovation in DDoS prevention is around meeting the ever-increasing performance requirements driven by large attacks.




13


In November 2011, Prolexic released information on an attack that they mitigated, saying that the attack targeted an e-commerce platform of a customer in Asia, and they estimated the attack was launched by 250,000 bots, which were making 15,000 connections per second and swamping the platform with 45G of traffic. Arbor has gone on the record to state that they observed an attack in 2010 that peaked at over 100G in traffic. In their 2011 Infrastructure Security report, Arbor (who has a great view of DDoS attack data and co-operation from most large carriers) reported a few very telling findings:

• Hacktivism and vanadalism were the most common DDoS attack motivators in 2011

• 10G attacks are fairly normal, and the largest attack noted during the survey period was 60G (down from 100G in the previous year); the peak went down a little, but the average attack got larger

• Attacks at the application layer are becoming more common, and more attacks use multiple vectors

• IPv6 attacks have been seen in the wild

• Most application layer DDoS attacks still target HTTP and DNS

• Nearly half of the service providers they surveyed said that stateful firewalls and/or IPS products have failed as a direct result of a DDoS attack

Though transport networks have been the core customers for DDoS prevention solutions in the past, large data centers and the new massive mobile data infrastructure being built around the globe will be clear targets and well, and will require solutions with incredible performance capabilities.

GOVERNMENT DRIVERS

Government transport networks and data centers are a relatively small but key segment of the DDoS prevention market, and many politically motivated attacks have been, and will continue to be aimed at government resources. As such, we look at overall government spending in security in the US and abroad as a way to track potential spending for DDoS prevention solutions.

The Cybersecurity act of 2012 (CSA2012) was defeated in the US Senate in August of 2012, and though the lack of government mandated security controls in the private sector has ramifications for the security product and service industry, the bill is likely to be retooled (with some changes to privacy stipulations) and re-introduced. Regardless of the status of CSA2012, the US federal government has a huge impact on security spending, and it appears that a tense election environment dampened what is typically a massive spending quarter (3Q is fiscal year-end for the government), with many vendors reporting lower-than-expected government revenue in 3Q12.




14


Looking at the 2012 US federal budget, the Homeland Security Department wants $936M in 2012, down slightly from the $1.07B requested in 2011. The total federal security budget is hard to get a handle on, because it comes from many funding sources and is included in many initiatives. Other key departments, like the DOD, are increasing spending on security even as they look to decrease overall spending (with $3.4B being funneled through the Air Force to strengthen the US Cyber Command). This trend that mirrors behavior in many IT shops around the globe. The 2013 budget includes a request for new money for cybersecurity research, with the expectation that a significant portion of the $140M R&D budget will be earmarked for security research.

The US government has been hard at work updating cyberspace security policies, and made a critical symbolic statement: in July of 2011, the US Defense Department stated that cyberspace would be added as a fourth “operational domain” for the US military (the other three operational domains are air, land, and sea), and that the military will train special forces and add new technology to defend the United States from cyber attacks. Along with all the mainstream coverage of threat events, this broad statement from the military elevates the visibility of threat issues and helps ensure that the military, government, and private institutions will continue to make significant investments in security technology.

In addition to spending their own money, the federal government is pushing to have civilian agencies, such as the Department of Agriculture, follow new regulations based on practices at the Department of Defense and Central Intelligence Agency. They laid out the requirements in a document called “Recommended Security Controls for Federal Information Systems,” and highlights include:

• Civilian agencies will be required to segment information assets into 3 main risk categories (low, moderate, and high) and follow procedures to protect them

• Agencies are asked to endorse a preference for vendor products tested under Common Criteria guidelines

• Shareware and freeware would be prohibited in many cases, as would the use of instant messaging on public networks or remote access via dial-up

• Agencies deemed to have moderate-risk information assets might have to buy new products, such as security gear to prevent denial-of-service attacks

DEMAND-SIDE DATA

We verify our supply-side forecasts with our demand-side research, and work closely with vendors, service providers, chip and component manufacturers, and the channel to gather and validate actual data and market trends. This gives us a thorough, accurate picture of the market. We collected the following demand-side data over the last 12–18 months, which rounds out our VPN and firewall revenue and shipment data collection.




15


In Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey, our March 2012 survey of 101 medium and large organizations in North America that operate their own data centers, we found that:

• 60% are driven to deploy new security solutions by the need to upgrade to high speed network interfaces on their security appliances to match the upgrades that have happened in their switching infrastructure; 57% are driven by the need for security solutions with aggregate performance that matches their data center network performance.

• Though there has been significant discussion of DDoS attacks aimed at just about everyone (with data centers bearing the brunt), protection against new DDoS attacks isn’t high on the list of drivers for buying new solutions, though it’s very likely that the increasing throughput and sustained nature of many current DDoS attacks is forcing performance upgrades to existing DDoS protection systems.

• Nearly half of respondents indicate they already have a need for 40G ports on security gear now, and 47% say they’ll need 100G interfaces by 2014.

• Respondents expect to increase spending on data center solutions 58% on average from 2011 to 2012.

• Cisco, Symantec, and McAfee all have strong brand awareness among data center buyers.

CATEGORY DEFINITIONS

Below are the definitions for the equipment included in this service. Please also see Methodology in the market size/share/forecasts Excel file, located in the service portal section for this report.

DDoS appliances: Appliance platforms purpose built for detecting and stopping denial of service attacks of all types

Deployment definitions

• Enterprise and carrier data centers: DDoS appliances deployed to protect private enterprise data centers, managed DDoS service environments, carrier data centers, and IDC/cloud environments

• Carrier transport and wired broadband: DDoS appliances deployed to protect wired carrier transport and broadband networks

• Mobile networks: DDoS appliances deployed within mobile networks to protect against a wide variety of attacks on mobile networks and supporting infrastructure, including all mobile infrastructure devices, DNS servers, web portal and SMTP servers, Diameter servers, GTP tunnels, and SMS gateways

• Government networks: DDoS appliances deployed in government transport networks and data centers (including state and federal)




16





17

Analyst Contact

Jeff Wilson Principal Analyst, Security 408-583-3337 [email protected]

Documents

2012 Infonetics DDoS Prevention Appliances Analysis 2nd Edition