World Vulnerability Assessment Products Markets
Frost & Sullivan, July 2008, Pages: 58
Vulnerability Assessment Products (VA products) identify the devices that exist on an enterprise's network, and then cross-reference those devices with the network's configurations, patch levels, operating systems, and applications in order to isolate vulnerabilities that could be exploited by hackers. The scope of this research excludes penetration testing services and application security products. VA products can be network-based or host-based, and agent-based or agent-less.
Market Overview
Increasing Security Threats Drive Market Growth
Information and communication technologies have become the backbone of global business and the world economy. Consequently, the importance of network security has been highlighted by numerous high-profile security breaches in recent years. These attacks have not only inflicted billions of dollars worth of damages, but also sparked increased investments in network security products. Vulnerability assessment products correct the underlying flaw that cyber attacks are based on, rather than attempt to block a specific attack or type of attack. This method has been tremendously successful and as a result, numerous government and industry-specific regulations have been developed that directly require a vulnerability assessment solution.
However, the vulnerability assessment market is nearing maturity and showing symptoms of becoming a commodity. As compared to other tumultuous network security markets, the general definition of a vulnerability assessment product is well agreed upon. In addition, customer expectations are well established, leaving little room for deviation. 'In order to avoid becoming a commodity, vendors must compete on factors other than price,' notes the analyst of this research service. 'Vendors should attempt to find a different aspect of their solution on which they can differentiate and coordinate marketing efforts around.'
Government and Industry Regulations Promote Best Practices in Network Security
The vulnerability assessment market has been growing largely due to government and industry regulations that establish a set of security best practices and configurations. The better-known examples of these regulations are the PCI DSS, HIPAA, and Sarbanes-Oxley Act. These regulations have also been driving growth in this market internationally, as the United States is a critical trade partner for many countries. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) are the international, non-government standards organizations that published ISO/IEC 27002:2005. ISO 27002 provides best practices recommendations for securing information systems including risk management, access control, compliance, and other factors. ISO 27002 has increased the adoption of vulnerability management solutions around the world with national equivalents in Brazil, Uruguay, Australia, New Zealand, the Netherlands, Denmark, Sweden, Spain, the United Kingdom, Estonia, and Japan.
Overall, the world vulnerability assessment products market grew from an estimated $250.8 million in 2006 to $297.5 million in 2007. This represents an annual growth rate of almost 18.6 percent, indicating that this market remains well within the parameters of a strong growth market. This promising forecast is further reinforced by the calculated growth rate for the overall forecast period of 18.8 percent, which would place the market size at just below $1 billion by 2014. 'Among the end-user verticals, the financial vertical accounted for 19.3 percent of the total market revenues in 2007,' says the analyst. 'This vertical has traditionally been a first adopter of network security technologies due to the high value of the data that it continually processes, stores, and transmits.'
The following technologies are covered in this research:
- Intrusion detection system/intrusion prevention system (IDS/IPS)
- Secure sockets layer virtual private network (SSL-VPN)
- Firewalls
- Network admission control (NAC)
- Unified threat management (UTM)
- Endpoint-security
- Content filtering
