The Changing Infor­mation Security Solutions Landscape

In the face of increasingly valuable appli­cations, escalating threats, rising compliance pressures, more complex solutions, and a growing purchasing sophis­ti­cation that demands real business return on infor­mation security investments, the security solution landscape is rapidly shifting.

The straight­forward appli­cation of separate, best-of-breed security “point” solutions no longer is adequate. Both security technology and more effective overall IT management demand better integration in order to maximize security effec­tiveness and to contribute to the overall simpli­fi­cation and management of the IT fabric. “Consol­i­dation” is a word that’s frequently used by both vendors and users to describe the technical and customer solutions required to increase value while simplifying operation.

These forces are empha­sizing the system-level aspects of security: The integration and corre­lation of a broader source of event infor­mation; the definition and automatic evaluation of high-level policy defin­itions; the automation of as much of network and system operation as possible; the ability to system­at­ically evaluate security vulner­a­bilities under modeled threats; and intel­li­gently plan and evaluate potential mitigation and threat response strategies.

These driving forces are beginning to dramat­ically change the way security is interwoven into the infrastructure.


As network-connected and network-accessed appli­cations became an important appli­cation model and of increasing importance to business operations, the need for, and importance of security solutions (starting with firewalls) has just grown and grown. Despite the Dot Com meltdown and resulting IT recession, categories such as Firewalls and IDS saw revenues grow steadily throughout. New and rapidly growing categories such as Security Incident Management, Vulner­a­bility Management and Patch Management have emerged and taken off. Even though overall venture capital investment was low during these years, security-focused start-ups grabbed nearly $1B of new venture investment per year. Well funded by revenue growth and additional investment when needed, during these years we saw evolution within existing product lines in all dimensions – increased functionality and bandwidth throughput as well as price/performance improvement and cost reduction. In the same timeframe commu­ni­cations suppliers such as Cisco and Juniper, and the platform companies such as Microsoft, IBM and HP kept upping their security investments and awareness in response to growing customer importance.

Market Drivers

The five big drivers behind the changing security landscape are these:

  1. The increased value of infor­mation security assets being placed on IT systems and networks.
  2. The rapid growth in the use and importance of network-enabled, server-based appli­cations that neces­sarily service a geograph­ically distributed, multi-organization user population.
  3.  The ongoing pressure on CIO’s to increase the effec­tiveness of IT and at the same time make it more cost effective.
  4.  The growing threat posed by increasingly sophis­ticated, “zero day,” and multi-faceted threats.
  5.  The overall size of the security markets and the structural investments by major platform vendors (such as Cisco’s network management initiative and Microsoft’s broad security enhancement investment).

The Bigger Picture – Security Integration and Automation

While customers have been pleased with the business success, re-investment and rapid evolution in security best of breed products, they are simul­ta­neously dismayed by the growing complexity and stovepipe designs that often create as many problems as they solve and require ever increasing investments for staff education, system integration and operation. At the same time the business is making demands on the security team to contribute to initiatives like regulatory compliance or service level management. Point solutions that are islands to themselves are increasingly technically ineffective and too complex and expensive to own and operate.

IRG’s Security Advisory Service focuses on the rapidly changing security market in order to help our clients develop and improve their business strategies.

^ Back to top