Segmenting the IT security market: What you need to know

By | January 23, 2012

Posted in: Network Security Trends

There are only four segments to the protective IT security space. My detailed list of categories that I use to track the IT security industry has about 85 entries. But I have found it useful to think of IT security in four primary buckets. In my analysis, I focus a great deal on countering attacks so these categories leave out the products that provide IT operational capabilities such as governance, risk and compliance  (GRC). Here are the categories.

Network security. Dominated by the firewall but including IPS, network AV, secure web gateways, VPN,  data leak prevention (DLP) and beaconing detection.  Watch this space as many of the secondary product vendors introduce next generation firewall products this year.

Endpoint protection. Dominated by AV vendors but including DLP, full disk encryption, white listing, desktop firewalls and IPS.   Although the natural tendency is for end point protection to evolve into suites from the big vendors, new products are always being introduced by startups to address the latest attack methodologies.

Data protection. This is pretty much all about encryption but there are digital rights management (DRM) and information rights management (IRM) vendors as well. Full disk encryption (FDE) is growing rapidly as a way to prevent data leaks through accidental loss or deliberate theft of laptops and mobile devices.  The difficult part of data protection is management. How do you recover or revoke keys? How do you remotely wipe devices? Microsoft is targeting this market with BitLocker and their new BitLocker Administration and Management (MBAM) console, but standalone vendors still have the advantage in manageability, reporting and security.

Identity and access management. This category includes authentication mechanisms, directory management and provisioning vendors.  The directory business is dominated by Microsoft Active Directory, but the IAM vendors such as IBM, Oracle and yes, Novell, still have customers. AD, by the way, is Microsoft’s strongest hold on the enterprise space. Each of Microsoft’s products are replaceable, be it Office with Open Office or Google Docs, SharePoint with NewsGator, and each of their server products have effective competitors. But AD has taken over most enterprises and would be very painful to rip out.

This simplistic categorization of the IT security space is helpful in many ways. As an analyst, it gives me focus.  If you are an IT buyer or a new investor in the space trying to understand the myriad offerings, this model can help clarify your thoughts.

You May Also Be Interested In: