Top 10 High-Growth Cybersecurity Technologies

Risk Awareness Is Driving Cybersecurity Spending, Study Finds

The annual cost of cybercrime on businesses is estimated at $445 billion globally, according to a study conducted by the Center for Strategic and International Studies (CSIS), a Washington D.C.-based think tank. The study, commissioned by Intel Security (formerly McAfee), found that increased spending on network defenses and data protection reduces innovation and hiring at organizations, two significant ingredients in a healthy economy. The report highlighted data projections from research firm IDC, which identified a steep rise in cybersecurity spending over the past three years. The following 10 high-growth information security markets reflect businesses' growing interest in taking measures to defend against intellectual property theft and threats to sensitive customer data.

10. Corporate Endpoint Security

Antivirus may be considered an antiquated and inadequate way to detect threats, but businesses aren't abandoning it, according to the study. The market size for corporate endpoint security technologies shows an estimated increase of 10.1 percent from $3.2 billion in 2011 to $3.6 billion in 2013, according to the IDC data projections. Endpoint security is a requirement coupled with network security, encryption and other controls, said Bob Coppedge of Hudson, Ohio-based MSP Simplex-IT. Endpoint security platform makers have added mobile security capabilities, encryption and data loss prevention, Coppedge said.

9. Consumer Security Technology

The market for consumer-based antivirus and other security products grew an estimated 10.4 percent from $4.4 billion in 2011 to $4.9 billion in 2013, in line with corporate endpoint security, according to the IDC data projections. High-profile data breaches, including the recent credit card breach at retail giant Target, has helped increase public awareness of Internet risks. It is not just credit card fraud that is driving awareness, say security experts. A spate of password breaches at e-commerce firms has increased awareness as well, they say.

8. Web Security

The market for technologies designed to detect or prevent Web-based threats rose an estimated 10.9 percent from $1.9 billion in 2011 to $2.1 billion in 2013, according to the IDC data projections. The 2014 Verizon Data Breach Investigations Report, which analyzed 1,300 confirmed data breaches in 2013, found Web applications associated with nearly 500 of the breaches. Web-based attacks are a serious problem at the endpoint because businesses and consumers often fail to patch browser components and other software, leaving open vulnerabilities that attackers can target, said Robert McMillen, president of Portland, Ore.-based security solution provider All Tech 1.

7. Managed Security Services

The market for managed security services increased an estimated 16.7 percent from $9.6 billion in 2012 (when IDC began tracking the MSSP market) to an estimated $11.2 billion in 2013, according to the IDC data projections. The rise is due mainly to the outsourced monitoring of network-based security technologies and maintenance of outsourced email security products. Managed security services providers interviewed by CRN say growth initially was tied to meeting compliance mandates, but much of the growth in recent years has been in the midmarket where firms struggle to invest in personnel who can proactively monitor security systems and investigate alerts.

6. Policy and Compliance

The market for technologies associated with policy and compliance initiatives such as governance, risk and compliance (GRC) platforms rose an estimated 20.1 percent from $801 million in 2011 to $962 million in 2013, according to the IDC data projections provided in the report. GRC and other tools are designed to take a snapshot of the health of the corporate network and help prioritize where additional resources need to be allocated, said Kenneth Leeser, president of Needham, Mass.- based risk management consultancy and reseller Kaliber Data Security. Leeser and other providers say they are seeing interest from health-care organizations tracking initiatives to meet HIPAA requirements.

5. Vulnerability Assessment

The CSIS report said the low cost of identifying and exploiting flaws has made cyberattacks a lucrative business model for criminals. Some companes are attempting to make their corporate networks a more costly target. The market for vulnerability assessment services and tools increased an estimated 20.4 percent from $837 million in 2011 to $1 billion in 2013, according to the IDC market data projections. Using commercial and publicly available tools, businesses can identify and address vulnerabilities in critical systems before an attacker finds them. Companies can choose from conducting a vulnerability assessment that uncovers threats that can be exploited by a remote hacker or an assessment of internal systems and applications to spot weaknesses that can be misused by an insider, say solution providers.

4. Identity and Access Management

Stolen account credentials can make an attacker appear as a legitimate user on the network, and numerous reports have documented the rising value of passwords and other account data on the black market. Businesses are gaining interest in ways to bolster their identity and access management controls, fueling an estimated increase of 20.9 percent, going from $4 billion in 2011 to $4.8 billion in 2013, according to the IDC data projections. A variety of studies promote the deployment of two-factor authentication, a thorough review of and monitoring of user privileges, and auditing logon events to thwart attempted attacks or uncover suspicious activity. Properly deployed identity and access management solutions help businesses record access to systems, monitor for signs of compromised accounts and effectively provision users, said Michael Knight, chief technology officer of Greenville, S.C.-based Encore Technology Group.

3. Security Information Event Management

The market for security information event management platforms enjoyed an estimated 21.9 percent increase in growth from $1.3 billion in 2011 to $1.5 billion 2013, according to the IDC data projections. Solution providers that deploy and maintain SIEM platforms say compliance was a big driver for the technology, coupled with interest in breach and advanced threat detection methods. Traditional SIEM systems are still a mainstay, but larger companies increasingly are adding the data to Hadoop data analytics platforms to uncover patterns worth investigating, industry experts told CRN.

2. Next-Generation Firewall

The market for next-generation firewalls rose an estimated 43 percent from $2.2 billion in 2011 to $3.2 billion in 2013, according to the IDC data projections. Businesses are replacing legacy enterprise firewalls with new appliances equipped to support intrusion prevention, application control and other features, say solution providers. Check Point Software Technologies, Palo Alto Networks, Fortinet and Cisco are the market leaders, according to the 2014 Gartner Magic Quadrant report on enterprise firewalls issued by the research firm in April. Gartner said less than 20 percent of enterprises secure their Internet connections using next-generation firewalls and predicts a rise to 35 percent of the installed base by 2014 with 70 percent of new purchases being next-generation firewalls. Vendors also are releasing versions that can be deployed in virtual servers, Gartner said.

1. Forensics

The market for tools used by digital forensics investigators to examine the indicators, determine the scope of an attack, and trace an attacker's path back to the point of entry rose an estimated 67 percent from a $221 million in 2011 to $369 million in 2013, according to the IDC data projections. Larger companies are adding forensics capabilities to support incident response and be more proactive about understanding successful attacks on the network, said Mike Cotton, vice president of research and development at San Antonio-based Digital Defense, which specializes in conducting audits on risk assessments of corporate networks.