Smart Shopper Rating Intrusion Detection Prevention Vendors Dr

Smart Shopper: Rating Intrusion Detection & Prevention Vendors Dr. David Taylor The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

The. Info. Pro’s (TIP’s) Background & Methodology l Created by alumni of Gartner, EMC, Giga, IBM & Bell Labs • Founder of Gartner, Soundview and Giga on the Board an investor l Transparency – “Voice of the Customer” intelligence, without bias or spin l IT Decision Makers at Global 2000 companies, pre-screened for domain expertise, are interviewed by TIP Researchers who collectively average 20 years of IT experience l Quantitative vendor ratings combined with in depth narrative commentary direct from buyers and investors l Customer spending plans, project plans, buying intentions, detailed by budget and by industry. Desired functionality, project timing and preferred vendors l TIP Triangulates the End User Value and Investor Confidence for the sector’s competitive landscape. The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Information Security Studies Overview Ø Studies: Wave 1: Wave 2: Wave 3: Wave 4: Winter 2003 Summer 2003 Winter/Spring 2004 Fall 2004 Ø Population: Wave 1: Wave 2: Wave 3: Wave 4: 164 175 198 220+ Ø Content: Ratings and commentary on vendors and products in 15 information security market sectors, including: - Anti-Virus, Anti-Spam (including Anti-Phishing) - Firewalls (including Application Proxy, Personal, Stateful and Packet) - Identity Management (including Provisioning, SSO and Directory) - Intrusion Detection & Prevention (including Host and Network-based) - Security Management (including SIM, ESM and SEM) - Security Services (including Vulnerability Assessment and Audit Services) - Wireless Security (including Wi. Fi and WLANs) - Management Tools (including Patch Management and Mgmt Dashboards) - Access Control (including Tokens, Certificates and Encryption) - Security Appliances The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Industry Breakdown The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Revenue Breakdown The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Number of Enterprise Employees Breakdown The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Most Needed Features, Services or Improvements Specific user demand for IDS/IPS integration The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Network Intrusion Detection Deployment Status The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Network Intrusion Prevention Deployment Status The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Host-based Intrusion Prevention Deployment Status The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Security Appliances Deployment Status The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Network & Host IPS and Host IDS are “Hot” Technologies The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

IDS & IPS Security Technologies In Use & In Plan Only 10% of users plan new deployments in 2005 Network IPS to grow from 28% in use to over 60% in use by YE 05 The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Commentary about the Transition from IDS to IPS “Perimeter IDS is old news. It doesn't work well and it doesn't stop the actual attack. ” (Systems Executive – Healthcare Technology Company) “We have IPS devices, but have them deployed only for detection right now. We want to watch them for a while and get a higher level of confidence in the prevention capabilities. We'll deploy for prevention in early 2005. ” (IT Manager – Midsize Insurance Company) “We pushed IPS deployment back from short-term to long-term plan since the last interview. We are actually looking at some of these vendors in our IDS space. I'm not certain that we will be ready for this in the near term, even as the market matures. ” (Information Security Advisor – F 1000 Insurance Company) “IDS is just a piece of the puzzle. Best we can do to prevent intrusions. The IPS technology isn't quite there yet. I think that there are three areas, IDS, Intrusion Management like patches, and IPS. I'm really looking for a firewall that can do IPS and do it nicely. ” (Manager of Enterprise Security – F 1000 Telecommunications Company) The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Top 10 Network IDS Vendors In Use or Being Considered The “Top 10” vendors were those named by users (without prompting) as in use or being considered for each project or technology No “Purple” = No Growth. Veri. Sign and Nokia are the only vendors in line for new IDS projects % of Firms Using / Planning Use the Vendor The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Top 10 Network IPS Vendors In Use or Being Considered Other Vendors Being Considered Include: Lancope Arbor Networks Counterpane Foundstone Mirage Networks Preventsys Qualys Sonic. WALL Tri. Geo % of Firms Using / Planning Use the Vendor The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Top 10 Host IDS Vendors In Use or Being Considered Other Vendors Being Considered Include: Apani Networks Big Cisco growth opportunity Check Point EI Sana Tri. Geo % of Firms Using / Planning Use the Vendor The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Top 10 Host IPS Vendors In Use or Being Considered Other Vendors Being Considered Include: Fortinet Bind. View EI Big Cisco growth opportunity Enterasys Microsoft Sana Symantec Tri. Geo Tripwire The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

IDS/IPS Customer Planned Spending Change for 2005 The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Vendor/Product Customer Ratings – 8 Open-ended Questions Is this vendor a strategic or a tactical vendor for your organization? What are this vendor's (or product's) top 1 -2 strengths, and why? What are this vendor's (or product's) top 1 -2 weaknesses? What feature(s) would you most like to see added to this product? About how much money did your enterprise spend with this vendor (for security) during 2004? Approximately how much (what percentage) will your spending with this vendor change next year? "Are you planning to switch from this vendor to another vendor? If so, to which vendor? " Would you consider outsourcing this to a managed service provider? If so, what vendor would you consider first? The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Vendor/Product Customer Ratings – 15 Ratings Criteria The company's brand or reputation Technical innovation Management's strategic vision Competitive positioning of the products or services Interoperability with other vendors Interoperability within the vendor's product line Product features / functionality Product manageability Product reliability Product quality Value for the money Sales force quality Delivery of products as promised Quality of technical support Ease of doing business with the company The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Wave 4 IDS/IPS Customer Ratings on 2 Strategic Criteria ISS is actually scoring better in Wave 4 than Wave 3, but this doesn’t show it “Snort works, but try getting support” is a common issue The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Wave 4 IDS/IPS Company Ratings Lots of commentary The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

IDS/IPS Customer Commentary “Symantec was chosen because it was our corporate standard. We have a corporate license with good conditions. We're more or less happy with it. We want improvement in reporting so that we know how many cleaned files are in a box. Other aspects are good. ” (Information Systems Manager – Industrial Manufacturing Company) “From a cost standpoint, the Open Source products are becoming almost as good and reliable for a lot less money from an IDS standpoint. ” (Information Systems Manager – Industrial Manufacturing Company) “ISS is a leader in this [IDS/IPS] market, though other IDS vendors will tell you that they are the top dog. ISS is starting to expand into other security areas like firewall IPS and filtering, but they are doing it smartly. ” (Security Architect – Telecom & Technology Company) The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Wave 4 IDS/IPS Product Ratings Lots of commentary The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Wave 4 IDS/IPS Product Ratings / Pricing issues The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

IDS/IPS Customer Comments About Their Vendors/Products “We have the Network Intrusion Detection device from Cisco. I prefer Network-based IDS. We've had it over two years. We can set it to shun all ranges of IP addresses. ” “Snort is a best of breed IDS product, despite not coming from a traditional vendor. Price is right and the application has scaled up with our needs. ” (Federal US Government Agency) “We bought Intru. Vert, before they were gobbled up by Mc. Afee. They won the bake-off based on our architecture. They were the best fit into our architecture compared against Symantec and someone else. ” “We bought ISS because they are the leader in the market. They've been out there for awhile. It fits requirements. We're also using Qualys for hostbased. ” The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Wave 4 IDS/IPS – Corporate Ratings Summary The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

IDS/IPS Customer Comments About Their Vendors/Products “[After testing various products, we found] the Enterasys Dragon product was one of the best IDS products out there. It worked with our network and could handle the extreme volumes, when we were out testing. Other systems would fail in a few minutes because they couldn't handle the volume. ” “We bought the Okena Storm. Watch, before Cisco bought Okena, but we're looking to replace it. With Okena, it's either all IDS or IPS, but with others you can kind of mix them a little bit, based on rules. We're looking at Sourcefire and ISS products. ” “We bought a commercial version of Sourcefire’s freeware because we had a mandate that we couldn’t use free products. We'll change to free products as management now allows us to use freeware. We made a lot of inroads last year with Open Source software. ” The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Wave 4 Product Ratings – Product Ratings Summary / The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Investor Commentary About IDS/IPS Vendors “Check Point's strategy was a combination of good and bad – strong in its core and bad in emerging markets. It was behind companies like Net. Screen. It was Check Point's share to lose and it lost it. It is now regaining by introducing new products, changing pricing strategies and re-engaging the channel. In short, the company is re-inventing itself with new products, successful sales execution, partnering, and filling in gaps. The company is up and coming and this is not fully reflected in the stock. It is going after small and medium size businesses with Intrusion Prevention, and opportunities to provide a deeper level of security. In its core, it will grow in line with the market. ” “Cisco’s move to put the security into the network is a winning strategy because it doesn’t make sense that network equipment is sold without being secure. Cisco’s entry puts pressure on Check Point and others. At the end of the day, network hardware companies that hardwire security onto the switch and the software companies that offer suites will be left standing. ” The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Investor Commentary About IDS/IPS Vendors “ISS has introduced a good innovative product line in Proventia, with faster throughput and many less false detections. Intrusion Detection was a disappointment earlier and products were not as robust as they are now. This will be a growth area in 2004 and 2005. We have confirmation data that the sector will grow because Check Point and others recently introduced products. Even Nortel is introducing product. ” “Mc. Afee had so many restatements that I don’t trust management. Maybe statements going forward are clean, but I will need to see this for awhile. They just restated a few months ago and it impacted as late as 2003 because revenues from 2001 and 2002 got pulled into 2003. It had a minor effect on 2003, but was still an issue. ” The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

Conclusions & Recommendations l Network IDS is still growing, but reaching a saturation point at 81% in use. l Specific user demand for IDS/IPS integration and dissatisfaction with IDS will drive the IPS market, and stabilize (but not eliminate) IDS demand. l Both Network and Host-based IPS are “hot” technologies, and so is HIDS. l Nearly 50% of users say they don’t plan to implement Security Appliances. l Cisco and ISS are in use and/or under consideration for more Network and Hostbased IPS projects than others, as users seek integrated and appliance-based products. l Customers planning to spend more on Cisco, Juniper/Net. Screen and others, but ISS and Nortel customers say they’re planning to spend less on these vendors. l Cisco, Juniper/Net. Screen and RSA received the strongest corporate ratings from current customers; ISS and Open Source received the weakest corporate ratings. l Juniper, RSA and Check Point received the strongest product ratings from current customers; ISS and Open Source received the weakest product ratings. The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+

This presentation contains confidential information which is the property of The. Info. Pro and is given to the recipient pursuant to a confidential relationship between the recipient and The. Info. Pro. Such information shall not be copied, disclosed to others, or used for any purpose other than that for which is given, without the written permission of The. Info. Pro, Inc. The. Info. Pro™ & logo are registered trade marks and property of The. Info. Pro, Inc. © 2004 The. Info. Pro, Inc. All Rights Reserved. 645 Madison Avenue, 22 nd Floor, New York, NY 10022 P > 212 -672 -0010 F > 212 -688 -6598 E > Info@The. Info. Pro. net theinfopro. net The. Info. Pro Security Study – Wave 3 n=198; Wave 4 n=161 (to date); Final Wave 4 n=220+