"Security Yearbook 2021" - Excerpt: Getting to Know the IT Security Industry

“Security Yearbook 2021” was published earlier this year by Richard Stiennon. This is an excerpt from Chapter 3.

The IT security industry is comprised today of over 2,600 vendors and an estimated 452,000 people working at those vendors. Of course, there are many, many more people who work in IT security, from level one analysts in a Security Operations Center (SOC), to systems administrators who ensure that the servers under their purview are configured as optimally as possible, to the directors, VPs, and Chief Information Security Officers (CISOs) who lead the way in both the meticulous effort of maintaining a defensible posture and warding off an ever-growing number of threat actors.

The architecture of security lends itself to a simple way to approach the industry. A layered defense at the levels of network, endpoint, identity, and data security provides an appropriate way to think about the industry as a whole. While large, mature vendors of security products may seek to encompass all of the sectors, it is rare for them to dominate a market in more than one major category.

There is a reason for that, which derives from the way IT security staff are specialized in these categories. Network security professionals have obtained their expertise studying network protocols, routing, DNS, and at least in the early days, the intricacies of telecom architectures. In the meantime, those in endpoint security have grown into their professions either from a system[1]centric focus on operating systems and applications, or from fighting the daily battle to ensure that virus signatures are up-to-date and systems properly patched. Data security practitioners are familiar with encryption, data governance, key management, and privacy concerns, while those who manage identities are expert in directory services, and myriad means of authentication.

In the modern enterprise with large security teams, this specialization has evolved over twenty years and purchasing decisions are made independently, with each team responsible for choosing the best solution for their areas of expertise.

It’s no wonder then that a firewall vendor that grew to success through a relentless pursuit of enterprise customers, enhancing their product to stay competitive, seeking always to claim the fastest throughput, the largest number of connections per second, the lowest latency, and the best management, would be well-versed in competing for the attention of network security teams, but completely lacking in the connections, messaging, or evolved products needed to sell an endpoint security solution to completely different teams. Cisco has tried and failed to get on the endpoint, even though it has had moments when it dominated in both networking and firewalls. Fortinet, a company that relentlessly introduces products of its own making into every hot segment of security, has never succeeded at gaining success on the endpoint. Only the still unproven strategy of attempting to be the single source of security products for larcustomers justifies a network security company like Fortinet investing in the research and development of its Forticlient software.

The endpoint security vendors have even more trouble trying to cross boundaries into network security. They have teams of hundreds if not thousands of developers who are expert in reverse engineering, malware capture and analysis, and deployment to endpoints. Because they have to continuously enhance their endpoint protections, their client software tends to get bloated and it consumes more and more of a desktop’s resources. Most end users of traditional endpoint security products have no great love for the products themselves. Frequent AV updates slow systems down and AV products are prone to false positives and generate continuous alerts. The AV admins have no great loyalty to the products they use and are always ready to listen to a vendor who promises a smaller footprint, fewer false positives, and better catch rates. If a vendor like Symantec, at one time the largest AV company with a market cap hovering around $14 billion on August 1, 2019 (with a jump to $16 billion after the announcement that Chinese chip maker Broadcom plans to acquire them), were to introduce a gateway security product, it would be met with derision by the network security teams within the enterprise. Network people are interested in avoiding slowdowns and false positives, and AV products are things that slow down performance. Symantec is a good example because it has tried many times to enter the network security space. The merger with Blue Coat was only the latest, and last, such attempt.

Network Associates is another example. The company was formed as a roll-up of a swath of security products and desktop management tools. One of those products, the Gauntlet Firewall acquired from Trusted Information Systems, was eventually end-of[1]lifed. It had only managed to penetrate the market to the tune of 3,000 customers by 2003 when NAI stopped support and turned those customers over to Secure Computing.

Identity and Access Management is a separate major category that resists efforts of vendors to include other products in their portfolios. This space had the additional burden of Microsoft entering the directory services market with Active Directory, a move that pretty much ended the opportunity for IAM vendors until recently, when a new crop of cloud services came about.

Finally, encryption. From the vibrant days of competition between RSA, SafeNet, Entrust, Gemalto, and hundreds of others, the space has consolidated somewhat and the products commoditized. Yet there are still 321 vendors in this major category, and each addresses the need for protecting data and making encryption ubiquitous.

It is this striation of security vendors into categories that follow the overall IT security defense posture of layered defense that assists the understanding of the space. Most vendors fall into one of the major categories.?

Part I of "Security Yearbook 2021” is a history of the IT security industry.?A web of innovation, successes, and failure. Stiennon breaks the growth into 16 major categories You’ll obtain a great sense of how the industry evolved. A resource for onboarding employees or to use in your funnel.Part II is directory of over 2600 vendors sorted in multiple ways, and 2020 M&A activity in the security industry.

Order now (bulk rates available): https://bit.ly/3sPC5Wb

“Security Yearbook 2021” is available only at the IT-Harvest site https://lnkd.in/gh889sR

?Richard Stiennon is well known in the cybersecurity arena as an analyst and as an author. Other works: “Cyberwar”, “There will be Cyberwar” and “Security Yearbook 2020”.?