Vulnerability Management - How Market Trends and Changing Threats Will Shape the Future of the Market

Vulnerability Management: How Market Trends and

Changing Threats will Shape the Future of the Market

Chris Rodriguez

Industry Analyst, Network Security

December 9, 2010

Today’s Presenters

Chris Rodriguez, Industry Analyst, Network

Security

Frost & Sullivan

Jake Wengroff, Global Director, Corporate Communications

Frost & Sullivan

2

Frost & Sullivan

� Why So Much Interest? - Growth and Revenue Projections of the

Vulnerability Management Market

� Market Definitions and Segmentation

� How Did We Get Here? - Evolution of the Vulnerability Management

Market

� Growth by Sub-Market

� Why So Much Interest? - Growth and Revenue Projections of the

Vulnerability Management Market

� Market Definitions and Segmentation

� How Did We Get Here? - Evolution of the Vulnerability Management

Market


Focus Points

3


� Sub-Market Life Cycle Analysis

� Market Trends including Drivers and Restraints

� What’s next? Charting the Course of the Vulnerability Management

Market

� Key Market Participants

� Questions and Answers


� Sub-Market Life Cycle Analysis

� Market Trends including Drivers and Restraints

� What’s next? Charting the Course of the Vulnerability Management

Market

� Key Market Participants

� Questions and Answers

Growth and Revenue Projections of the Vulnerability Management Market

1,200.0

1,400.0

1,600.0

Reven

ues (

$ M

illi

on

)

10.0

12.0

14.0

16.0

Reven

ue G

row

th R

ate

(%

)

Revenues ($ Million) Revenue Growth Rate (%)

Total Vulnerability Management Products Market: Revenue Forecasts (World), 2006-2016

4

200.0

400.0

600.0

800.0

1,000.0

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

Reven

ues (

$ M

illi

on

)

0.0

2.0

4.0

6.0

8.0

10.0

Reven

ue G

row

th R

ate

(%

)

Note: All figures are rounded; the base year is 2009. Source: Frost & Sullivan

The vulnerability management market will achieve its highest growth rates in 2011.

Market Definitions and Segmentation

Total Vulnerability Management Products Market: Market Segmentation (World)

Vulnerability ManagementVulnerability Management

5

Source: Frost & Sullivan

Vulnerability AssessmentVulnerability Assessment

Patch Management

Patch Management

Application Security


Vulnerability IntelligenceVulnerability Intelligence


Vulnerability Assessment Sub-Market: Market Definitions (World)

Vulnerability Vulnerability


Patch Patch Application Application Vulnerability Vulnerability

6


Patch Management

Patch Management




• Network-based scans • Uncover and prioritize vulnerable endpoints• Product functionality expanding • Vendors integrating:

• database/application scanning• penetration testing• configuration management

• Network-based scans • Uncover and prioritize vulnerable endpoints• Product functionality expanding • Vendors integrating:

• database/application scanning• penetration testing• configuration management



Application Security Sub-Market: Market Definitions (World)


7


Patch Management

Patch Management




• Web application scanning• Security-based static source code analysis• Dynamic testing and/or static testing

• Web application scanning• Security-based static source code analysis• Dynamic testing and/or static testing



Patch Management Sub-Market: Market Definitions (World)


8


Patch Management

Patch Management




• Fix systems found to be vulnerable• Acquire and install missing patches and updates• Patching required for IT operations and security

purposes

• Fix systems found to be vulnerable• Acquire and install missing patches and updates• Patching required for IT operations and security

purposes



Vulnerability Intelligence Sub-Market: Market Definitions (World)


9


Patch Management

Patch Management




• Regularly updated subscription-based service• Feeds actionable and original vulnerability

reports• *Not yet included as a separate market segment

• Regularly updated subscription-based service• Feeds actionable and original vulnerability

reports• *Not yet included as a separate market segment


Evolution of the Vulnerability Management Market

New regulations such as FISMA require regular

vulnerability assessments

PCI DSS now demands use

of web application

security solutions

Vulnerability management finds

new points of integration, such

as with UTM

Total Vulnerability Management Products Market: Market Timeline (World), 2000-2010

Commercial penetration testing

software developed

Increased industry focus on

vulnerability intelligence

Increased focus on

securing end-points

10

2000 2002 2004 2006 2008 2010

The success of Internet Security Systems’ Internet Scanner prompts new competition

Configuration management now

integrated with vulnerability

management products

Companies founded to solve

the web application scanning challenge

Source code analysis

recognized as an important security

function


Growth by Sub-Market

Total Vulnerability Management Products Market: Sub-Market Size by Revenues (World), 2006-2016

The vulnerability management products market was valued at $698.0 million in 2009, and was divided among the following market segments as shown here.

1,200.0

1,400.0

1,600.0

Re

ve

nu

es

($

Millio

n)

Vulnerability Assessment Application Security Patch Management

11


0.0

200.0

400.0

600.0

800.0

1,000.0

1,200.0

Re

ve

nu

es

($

Millio

n)

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

Sub-Market Life Cycle Analysis

Total Vulnerability Management Products Market: Sub-Market Life Cycle Analysis (World), 2009

Patch Management

Mark

et

Valu

e


Vulnerability assessment has long been known as the critical first step in the security and risk management process.

Commercial, automated penetration testing is

Vulnerability Assessment

12


Mid GrowthDevelopment High Growth

Penetration Testing

Late Growth

Time

Customer awareness of the threat posed by insecure applications has improved and this market has strong potential for further growth.

Patching has long been a necessary function for IT management, but has been hindered primarily by free solutions.

penetration testing is gaining legitimacy and has tremendous potential for future growth.

Market Drivers

Evolving Technology

Increases Attack VectorUnmanageable

Number of Vulnerabilities and

Patches

Total Vulnerability Management Products Market: Market Drivers (World), 2009

13

Vendors Gain Traction by

Reducing Capital Expenditures

Increased Customer Awareness of Security

Issues and Threats

New and Existing Regulatory Compliance

Requirements

Integrated and Flexible Product Lines Improve Business Case


Market Driver: New and Existing Regulatory Compliance Requirements

Payment Card Industry Data Security Standard HIPAA/HITECH

National Institute of Standards and Technology California Security Breach Information Act

14

Gramm-Leach-Bliley Act Federal Information Security Management Act

North American Electric Reliability Corporation European Legislation

Market Driver: Integrated and Flexible Product Lines Improve Business Case

Evolving Technology



Patches


15




Issues and Threats


Requirements



Market Driver: Increased Customer Awareness of Security Issues and Threats

StuxnetStuxnet

Timeline of Major Malware Outbreaks (World), 2000-2010

KoobfaceKoobfaceSQL

Slammer/Welchia/ Sobig/Blaster worm

SQL Slammer/Welchia/ Sobig/Blaster worm

ZlobZlobILOVEYOUILOVEYOU

16

2000 2002 2004 2006 2008 2010

ConfickerConfickerMyDoom/ Sasser

MyDoom/ Sasser

Code RedCode Red MocmexMocmex

Market Driver: Unmanageable Number of Vulnerabilities and Patches

Vulnerability Research Market: Number of Reported Vulnerabilities (World), 1995-2008

5,000

6,000

7,000

8,000

9,000

Vulnerabilities Reported

17


1995

1996

1997

1998

1999

2000

2001

2002

2003

2004

2005

2006

2007

2008

0

1,000

2,000

3,000

4,000

Vulnerabilities Reported

Year

Market Driver: Evolving Technology Increases Attack Vector

Evolving Technology



Patches


18




Issues and Threats


Requirements



Market Restraints

Security Viewed as a Cost Item

Point Products Provide Best-of-

Breed Functionality

Regulatory Compliance Distracts from Security Goals

Separation of IT Operations and

Security Teams in the Enterprise

Total Vulnerability Management Products Market: Market Restraints (World), 2009

19


Availability of Free and Open Source

SolutionsFear of Solutions that Introduce Further

Complexity

Expectations for the Vulnerability Management Market

Total Vulnerability Management Products Market: Forecasted Revenues (World), 2010-2016

800.0

1,000.0

1,200.0

1,400.0

Reven

ues (

$ M

illi

on

)

Static application security testing shifts to the QA/development teams. Dynamic testing integrated with vulnerability scanners.

Penetration testing

20

0.0

200.0

400.0

600.0

800.0

2010 2011 2012 2013 2014 2015 2016

Reven

ues (

$ M

illi

on

)

Distinct paths emerge for security and non-security related patch management solutions. Improved functionality in both areas drives growth.

increasingly integrated with vulnerability scanning technologies.

Vulnerability assessment integrates with endpoint security and UTM solutions.

Note: All figures are rounded; the base year is 2009. Source: Frost & Sullivan

Key Market Participants

• The vulnerability management market is led by companies such as Qualys, McAfee, and IBM.

• Vendors such as Secunia, Rapid7, and nCircle have been gaining in market share and help propel the market’s growth.

21

Conclusions

22

33

11

Advances in the Patch Management MarketAdvances in the Patch Management Market

Increased Focus on Web Applications and Penetration TestingIncreased Focus on Web Applications and Penetration Testing

Industry-wide Integration TrendIndustry-wide Integration Trend

22

33

44

Increased Focus on Web Applications and Penetration TestingIncreased Focus on Web Applications and Penetration Testing

Increased Focus on End-point SecurityIncreased Focus on End-point Security

55 Evolving Market with High Growth Potential Evolving Market with High Growth Potential

Questions?

23

Next Steps

� Request a proposal for or Growth Partnership Services or Growth Consulting Services to support you and your team to accelerate the growth of your company. ([email protected]) 1-877-GoFrost (1-877-463-7678)

� Join us at our annual Growth, Innovation, and Leadership 2011: A Frost & Sullivan Global Congress on Corporate Growth (www.gil-global.com)

24

� Register for the next Chairman’s Series on Growth(http://www.frost.com/growth)

� Register for Frost & Sullivan’s Growth Opportunity Newsletter and keepabreast of innovative growth opportunities(www.frost.com/news)

Your Feedback is Important to Us

Growth Forecasts?

Competitive Structure?

What would you like to see from Frost & Sullivan?

25

Emerging Trends?

Strategic Recommendations?

Other?

Please inform us by taking our survey.

Frost & Sullivan’s Growth Consulting can assist with your growth strategies

Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter

http://www.facebook.com/FrostandSullivan

http://www.linkedin.com/companies/4506

26

http://twitter.com/frost_sullivan

http://www.linkedin.com/companies/4506

http://www.slideshare.net/FrostandSullivan

For Additional Information

Jake Wengroff

Corporate Communications

ICT

(210) 247-3806

[email protected]

Craig Hays

Director of Sales

ICT

(210) 247-2460

[email protected]

27

Rob Ayoub

Global Program Director

ICT – Network Security

(210) 247-3808

[email protected]

Chris Rodriguez

Industry Analyst

ICT – Network Security

(210) 477-8423

[email protected]