Joint IDC-The Channel Company Security Survey 2016

Robert Westervelt

Research Manager and

lead of IDC’s Data

Security practice.

Direct: 508.935.4331

Twitter: @rwestervelt

Rob Ayoub, CISSP

Research Director

Security Products and

Solutions, Networking

Security and Security

and Vulnerability

Management

Market Knowledge to Grow Your Business

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 2

IDC-The Channel Company Security Trends

Survey 2016

Threat Landscape & Security Maturity

Security Spending Priorities

Specialized Threat Analysis and Protection

Cloud Security

Guidance

Questions

Talking Points

HACKING

INDUSTRIAL

ESPIONAGE

NATION-STATE ACTIONS

CYBERCRIME

Intelligent Adversaries abound...

They keep on coming…

Feeling better… or worse?

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 5

Beware of “The Big Black Hole

Of Security Spending”…

How Mature Are We?

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 7

Security Survey Methodology

Copyright © 2015 The Channel Company, All rights reserved.

Web-based quantitative survey conducted by

The Channel Company

Fielded July 8 –

August 3, 2016

352 Overall Qualified Respondents

(Selling security hardware, security software and/or security services to clients)

Joint IDC-The Channel Company

Security Survey Objectives

© IDC Visit us at IDC.com and follow us on Twitter: @IDC 9

Measure Security channel

perceptions of opportunity in the

security industry

Identify top risks associated with

channel customer requirements

Identify top channel friendly vendors

that are seizing on enterprise IT

security spending opportunities.

63% 63%59%

56%54%

Data LossPrevention

Modern NetworkSecurity

Modern EndpointSecurity

Managed SecurityServices

Upgrade PC/LaptopSecurity Solutions

Top 5 Customer Priorities Over Next 12 Months

“The 2016

market

tells us…”

Security Spending Priorities:

10

Ransomware

is disrupting

business.

Attackers are

exploiting human

weaknesses.

Q: Thinking about your customers' security spending priorities during the next 12 months,

please rate each of the following on a scale of 1 to 5, where “1” means “Extremely Low

Priority” and “5” means “Extremely High - Top Priority.”

Focus Shifts To Endpoint, Data ProtectionMalware is

evading sig.

defenses

Security Spending Priorities:Focus Shifts To Endpoint, Data Protection

Highest Risks Top Priorities

% of respondents

indicating highest

customer risk areas.

Laptop,

Workstation Risks

Upgrade PC/Laptop Security Solutions

56%Modern Endpoint Security

Insider Errors/Lack of

Judgment

Data Loss Prevention

55%Modern Endpoint Security

Mobile Device RisksModern Network Security

43%

Web Security

Q: What are the top three (3) high-risk areas within your customer environments?

Q: What are the top three (3) cyber-attacks that your

customer networks are currently experiencing?

Top Corporate Network Cyberattacks

12

Specialized Threat

Analysis And Protection

Interest & Adoption Of Specialized

Threat Analysis & Protection

Endpoint STAP Products (Endpointmonitoring, system behavioral analysis to

detect advanced threats)

Boundary STAP Products (Sandboxingsolutions for suspicious file analysis)

Internal Network Analysis STAP Products(Netflow and network traffic analysis to detectand block botnet communication and attacker

movement within the corporate network)

6%

6%

5%

5%

3%

3%

12%

9%

6%

14%

24%

20%

23%

22%

28%

20%

17%

14%

19%

19%

23%

(Not at all Interested) 1 2 3 4 5 6 7 (Extremely Interested)

62%

58%

65%

Q: Please rate your customer’s interest and adoption in STAP products and solutions for advanced threat defense on a

scale of 1 to 7 where 1 means customers are Not At All Interested and 7 means customers are Extremely Interested.

Endpoint Visibility File Analysis

Boundary STAP

Detonates suspicious files

in a protected environment

to examine file behaviors.

Determines if file attempts

to change system settings

or communicate with

suspicious. Servers.

A virtual environment

mirrors an organization.

Internal Network

Analysis

Monitors network flow or

other traffic to discover

suspicious activity.

Network packets provide

source, destination and

application information.

Detect attacker recon

activity, discover internally

spreading malware, and

identify botnet

communication.

Specialized Threat Analysis & Protection

Endpoint STAP

Endpoint client with real-time

monitoring.

Analytics are often

performed at a central server

or in the cloud.

Does not rely on antivirus

signatures.

Behavioral analysis of

memory and application

operations.

15

Comprehensive Defense Strategy Against Modern Attacks

Network Visibility

Convergence

What Is Driving Interest In STAP?

13

4

2

16

Advanced

Threat Defense

Modernizing

Legacy Solutions

Data Breach

Spending

Compliance

Spending

66%

43%

43%

40%

STAP

Data Security

#1

17

Endpoint STAP

1. Cisco AMP Endpoint 49%

2. Symantec ATP Endpoint 48%

3. Palo Alto Traps 33%

4. Intel Security 26%

5. Check Point 18%

Carbon Black

Cylance

Crowdstrike

FireEye

Intel

Symantec

Cybereason

Cyphort

SentinelOne

Leaders by Revenue: Most Frequently Included in

Customer Evaluations

and/or Sales Engagements

Carbon Black Acquires Confer

Carbon Black & IBM

Cylance & Dell

FireEye Challenges

Intel, Symantec Catching Up

Landgrab

In Motion

Endpoint STAP: Blending Modern

And Traditional Detection Methods

© IDC Visit us at IDC.com and follow us on Twitter: @IDC

IP addresses

Domain names

File names, and hashes

Static Indicators – Attacker Behaviors

Behavioral patterns

Machine learning

User activity monitoring

File reputationApplication Whitelisting

Changes to the registry and file system

Detection and Alerting

Response/Forensics

Analysis

Command shell spawned from a

browser and used to modify settings.

Correlate attempts to create, delete or

modify events.

19

Boundary STAP

1. Cisco AMP Sandbox 40%

2. FireEye 29%

3. Palo Alto Wildfire 27%

4. Symantec ATP 26%

5. Sophos Sandstorm 18%

FireEye

Palo Alto Networks

Trend Micro

FireEye

Cisco

Check Point

Lastline

Leaders by Revenue: Most Frequently Included in

Customer Evaluations

and/or Sales Engagements

Palo Alto Adds Subscriptions

Trend Micro Acquires HP TippingPoint

Symantec Acquires Blue Coat

FireEye Challenges

Widely

Adopted

20

Internal Network Analysis STAP

1. Cisco-Lancope 67%

2. RSA Netwitness 56%

3. Blue Coat 48%

4. IBM QRadar 28%

5. Arbor Networks 14%

Cisco-Lancope

Fidelis Cybersecurity

IBM QRadar

RSA Netwitness

Symantec-Blue Coat

Arbor Networks

Vectra Networks

Leaders by Revenue: Most Frequently Included in

Customer Evaluations

and/or Sales Engagements

Hexis Sold in Fire sale

Cisco-Lancope Continued Success

Symantec Acquires Blue Coat

Dell Acquires EMC (RSA)

Core Security Buys Damballa

Evolving

Cloud Security

82% 43%60%

Adoption of Cloud Services

82% of Solution Providers

agreed or strongly agreed

that customers are adopting

secure cloud services such

as file sharing sites, SaaS

messaging solutions – Office

365, Google and others

Connecting, Securing

Mobile Workers

Security is the primary

reason after limited

performance (hard to type,

too small, tasks are too

slow, and so forth) for not

procuring tablets or 2-in-1s.

Increased Risk

60% agree or strongly agree

that adoption of cloud

services has significantly

increased risk throughout

customer organizations

Source: IDC –The Channel Company Security Trends Survey 2016

Cloud Security Adoption: Customer

Preferences

Q: What are your customer preferences for on-premises and

SaaS/cloud SECURITY solutions?

Prefer on-premise security solutions

37%

Prefer cloud

security solutions

21%

Prefer adopting a

hybrid security approach

42%

Cloud, mobility, and Big Data

adoption has increasingly impacted

enterprise’s security strategies.

They add complexity and drive

investments in IT infrastructure and

data protection.

The rising number of cyberattacks

and increasing complexities have

led to demand for managed security

services and more sophisticated

security solutions.

Guidance

Identity Mgt:

Managing Users

and other

sources

Threat Mgt:

Monitoring

activities and

events

Trust Mgt:

Designing

security policy

and process

Vuln. Mgt:

Hardening the

systems

3

4

2

1

25

Q: How Can Solution Providers Help Their Clients?

A: The Four Disciplines

Guidance: Become The Trusted Advisor

Vendor Partnerships: Now is a good time to get attention from

vendors as a landgrab is ongoing for modern endpoint and

network security market share.

STAP Caution: Everyone wants STAP but it is not for everyone.

Solution providers can not pigeonhole their customers into

advanced solutions that require skilled security specialists.

Identify next-generation antivirus solutions.

Risk Assessments, Managed Services: IT security skills

shortage requires solution providers to be the augmenters,

providing managed security services and professional security

services.

Create A Security Blueprint: Guide customers through the

security maturity curve. Consider frameworks, such as the “20

Critical Security Controls.”

Question

&

Answer

© IDC Visit us at IDC.com and follow us on Twitter: @IDC