This was an interesting year. We saw 22 participants in ten categories plus two new Hall of Famers. Our categories were Access Control, Perimeter Defense, Deception Networks, Virtualization and Cloud-Based Security, Data Protection, Cyber Threat Analysis and Intelligence, Next Generation Security Monitoring, Security Infrastructure and Risk and Policy Management. While these are, essentially, the same ones we used last year, we did add Deception Networks as a new category. We anticipate that there will be more changes next year.
We try to keep the categories consistent with what we see in the marketspace and with what we address in the group reviews over the years. That means that the categories are, potentially, in a constant state of flux. While that sounds chaotic, it really isn't. To avoid confusion and chaos, we may shift a product to a new category because the vendor has made enough changes to warrant the move. Good examples are next generation products that, before they updated to next generation algorithms, they fit neatly into a particular category. After the change they belong in Next Generation Security Monitoring. For that reason, you may see products in different categories from the ones that you expected based upon past years.
Another source of constant change is the size of the categories. For example, we see categories shrink for two reasons: we lose a vendor through acquisition or failure (rare), or through attrition into the Hall of Fame and out (once in the Hall of Fame the vendor becomes ineligible for future years in the innovators issue). We gain vendors because we learn of a new player that belongs – either through new discovery or noticing exceptional qualities during a group review, or because we have created a new group and populated it with new players. An example is Deception Networks.
Deception Networks is a very new category of security tool. It grew, conceptually anyway, from Honeypots and Honeynets. There only is a small number of vendors in the space. We selected two that we have been watching for over a year and we have found the to be mature and assuming a leadership role in the marketspace. We expect that we will see more next year as the product type matures.
However, this particular group is ripe for either consumption by a large company in another group resulting in the new product having the deception capabilities that once were a standalone product. The other possibility – equally likely in our view – is that vendors with deception included in another product will spin off the deception as a separate tool. In any event, Deception Networks is a category to watch over the next couple of years.
Another category to watch over the next couple of years is Perimeter Defense. This is a category that we predict will begin to shrink as the perimeter continues to shrink. We don't expect a lot of action for a couple of years, but that could be affected by next generation firewalls as they start to proliferate away from the perimeter and into the internals of the enterprise. This, really, is inevitable in part because organizations finally are accepting that VLANing is not good security. VLAN-hopping simply is too easy an attack.
We have said this before in prior years, and it bears repeating this year: the adversary is driving security innovation. We in the security space are forced to keep up with the bad guys and that is becoming increasingly challenging. On the other hand, the most highly publicized breaches are the result of really terrible security. Known vulnerabilities and known poor practices have persisted and opened organizations up to successful attacks. Perhaps, instead of considering only APTs we also should consider APVs (advanced persistent vulnerabilities). The operative word in that phrase is persistent. We used to have a tag line on our email signature: “If you keep on going where you've always gone, you'll end up where you've always been.” Vulnerabilities that have been reported publicly and have patches available should be patched. Way too often they are not. So, the outcome – as one would expect – is that they get compromised and we find ourselves hearing about a Sony or Equifax-sized breach on the evening news. To deal with this overwhelming number of very unsophisticated attacks we need really good tools that are not necessarily next generation… they just are good, solid, workmanlike tools with good, solid, workmanlike engineers using them. That includes not only vulnerability scanner but security and policy management systems as well.
With all of that in mind – from the better-known categories to the emerging ones – here is the innovator and Hall of Fame, Class of 2017. Enjoy… we did!
Please click HERE for the 2017 Industry Innovators.
Please click HERE for the 2017 Hall of Fame.