Top 10 Security Vendors To Watch In 2015

Security Market Seeing Rapid Changes

The security industry is crowded with security startups eager to cash in on the hysteria created by a lengthy list of high-profile data breaches in 2014 and focus on advanced threats, designed to slip past network appliances and traditional endpoint security software. The security vendors on this list are fine-tuning their market and product strategies, and have the executive leadership and engineering talent behind them to execute on those plans. Nearly all of them have established a strong channel presence and indicated to CRN that the channel will continue to be an essential part of their go-to-market strategy. Here are the top 10 security vendors that could have a major impact on the industry.

10. Websense

CEO: John R. McCormack

Websense is one of a slew of longtime security vendors that are struggling to maintain relevance in a hot market for security technology that is dominated by security startups. Its new channel chief, John Starr, said the company is solving support issues and customer loss through its new professional services arm. It remains 100 percent committed to the channel and is relying on systems integrators and skilled regional partners to properly deploy its new line of appliances designed for threat detection, antimalware and data loss prevention. The company also added a customer marketplace to purchase and guide customers into implementing its SaaS-based platform and separate components that don’t necessarily require an on-site professional services engagement.

9. Sophos

CEO: Kris Hagerman

Sophos acquired Cyberoam and has been busy building out a fully integrated portfolio that connects its endpoint security platform, mobile device security, email and web security, and its unified threat management appliance with a console that appeals to managed service providers. The company's executive leadership is sticking to a strategy of increasing its market share of small businesses and midmarket companies. Its channel presence is growing, headed by channel veterans Michael Valentine and Kendra Krause, who are aiming to take business away from Fortinet, Dell-SonicWall and WatchGuard in the SMB market. Look for the battle to intensify between Sophos and Fortinet in the midmarket with Sophos in position to gain market share.

8. WatchGuard

CEO: Michael Kohlsdorf

Network security vendor WatchGuard has been moving into the upper midmarket with its line of next-generation firewalls. Company executives are not shy about the appliances being a value play for organizations. WatchGuard OEMs security technology from a variety of technology vendors and integrates it in its own line of red boxes. It struggled to do well against competitors with its new NGFW in NSS Labs testing in 2013. But the company rebounded with a favorable test conducted by NSS Labs last year.

WatchGuard competed well against Cisco Systems, Fortinet and Check Point Software Technologies in the test. All of the attention was paid to a struggling Palo Alto Networks, which corrected deficiencies that caused it to perform poorly in the test. To capture the upper midmarket, WatchGuard is investing in partner enablement and training, and weeding out those partners that don’t have the staff to get the necessary training and certifications.

7. RSA, The Security Division Of EMC

CEO: Joe Tucci

RSA has dropped its enVision security information event management platform to focus squarely on building out its platform around its NetWitness network traffic analysis platform. The company is pushing current enVision customers to move to RSA Security Analytics by the end of 2015 with extended support. The company is rebranding its Aveksa identity and access management (IAM) suite to Identity Management and Governance.

RSA acquired Aveksa in 2013 to add SaaS-based IAM to its portfolio. It also added the assets from SaaS-based SSO vendor Symplified through a fire sale last summer. It has endpoint forensics and advanced threat detection through its Ecat endpoint monitoring and forensics software. Its Silver Tail Systems acquisition gave it web fraud and threat-detection capabilities that go up against IBM-Trusteer, and engineers continue to build out capabilities there. Its portfolio includes the Archer governance, risk and compliance platform, federated identity, encryption, data loss prevention and authentication. If the company can win the minds of large enterprise IT security teams against some competition from Blue Coat, IBM and Hewlett-Packard, it can call its "Security Operations Center" solution strategy a success.

6. Palo Alto Networks

CEO: Mark D. McLaughlin

Palo Alto Networks continues to maintain a strong sales channel, and partners told CRN that they are happy with the vendor’s channel program and product strategy. The company addressed weaknesses that caused it to perform poorly against competitors in a bakeoff conducted by an independent testing firm last year. Palo Alto launched an endpoint protection service called Traps, based on the company's acquisition of Cyvera. Traps supports Windows systems and is deployed on-premises. Endpoint agents inject themselves in system processes when applications are opened on a client. They are designed to trigger and prevent an exploit from executing. Industry analysts said they will be monitoring adoption of Traps and further development of its capabilities.

5. Cisco Systems

CEO: John Chambers

Cisco Systems lost Chris Young, a noted industry executive, to Intel Security last year. Young helped oversee Cisco's $2.7 billion acquisition of Sourcefire. The acquisition gave Cisco intrusion-prevention capabilities, and visibility and endpoint protection for the detection of so-called advanced threats. The networking giant acquired risk management and IT security consulting firm Neohapsis in December in an effort to bolster its customer support operation. Cisco faces competition from FireEye, which established a services arm with its $1 billion acquisition of Mandiant.

4. Hexis Cyber Solutions

President: Chris Fedde

Security vendor Hexis is probably one of the least known vendors on this list, but its advanced threat-detection technology combined with automated incident response is enough of a differentiator that makes it stand out against security startup competitors.

The company was borne out of several acquisitions made by KeyW Corp., which specializes in cybersecurity for the federal government. It applies analytics to the Sensage security information event management engine to augment its monitoring and detection capabilities. The HawkEye G platform combines Sensage with two other technology acquisitions, Rsignia and Dilijent, for analyzing packet activity, network monitoring, analysis and threat intelligence. The company faces a lot of competition in the commercial market, but it has strong adoption in the defense and intelligence community.

3. Tanium

CEO: David Hindawi

Last year, organizations scrambled to address open source vulnerabilities in a variety of network devices. It's Tanium's goal to solve the problem of identifying and addressing configuration weaknesses and software vulnerabilities on systems and servers whether or not they are connected to the corporate network. It also adds threat intelligence and analytics for threat-detection capabilities.

The company founders were the creators of BigFix, the IT management platform acquired by IBM in 2010. In an interview with CRN, Tanium CSO Chad Fulgham explained the company's peer-to-peer architecture to deploy patches and updates, as well as create custom software packages to distribute new software to managed endpoints. The company created an "indicator of compromise funnel" that consumes data from network appliances, and can check desktops and laptops against them in seconds. The Rules-based connection manager uses a big data Hadoop engine and acts as a repository to identify issues and kill malicious processes. The company said it can deploy a single patch to all systems in 15 minutes or less. The platform supports Windows, Mac and Linux systems and engineers are still working on a mobile strategy.

2. Symantec

CEO: Michael A. Brown

Symantec is an obvious choice for vendor to watch in 2015. The company announced breakup plans, separating its storage and security products into two separate publicly traded companies. While most people associate Symantec with its Norton antivirus suite, the company has spent billions acquiring and maintaining market-leading security technologies. Company executives have signaled that it would be focusing on security analytics, based on its huge global install base. Symantec announced this month that it would hire engineers and technical staff from Narus from Boeing, which has been developing a data analytics platform.

The company also can call itself a data-protection company, pointing to its acquisition of PGP for encryption, VeriSign for its digital certificate business and Vontu for data loss prevention. It also has a strong mobile security portfolio with the acquisition of Odyssey Software for mobility management and Nukona for mobile application wrapping. Industry observers said they will be watching what becomes of the company once the separation is complete at the end of 2015.

1. Blue Coat Systems

CEO: Greg Clark

CRN has selected Blue Coat Systems as the company to watch based on its ongoing product strategy and executive management in charge of building out and tying together the various security components that it acquired in recent years. The company scored a victory in that department by hiring Mike Fey from Intel Security. Fey orchestrated the broad integration of Intel Security’s McAfee arm. He oversaw the creation of a data exchange layer called Threat Intelligence Exchange to bridge the communication between networking and endpoint pieces of the platform. Blue Coat is expecting him to do the same with its products and even hinted at further acquisitions to fill in the gaps. One major gap, according to industry analysts, is the lack of an endpoint component in the Blue Coat portfolio. In addition to its web security, SSL VPN and unified threat management appliances at its core, Blue Coat has Solera Networks, a network packet-recording appliance that rivals RSA NetWitness and is a favorite of digital forensics investigators. It also acquired Norman Shark for suspicious file analysis. Industry analysts are watching to see whether Fey can bridge the components into a fully integrated portfolio.