IT Security Shifts From Reactive to Proactive
With security threats growing more sophisticated, the market for information security products is expected to boom over the next five years, led by security testing, IT outsourcing and data loss prevention offerings.
Market watcher Gartner Inc. (NYSE: IT) said this week the IT security market would top $81 billion this year, a 7.9 percent annual growth rate that is expected to remain in the 5- to 10-percent rate through 2020.
While the IT security market continues to be driven by approaches designed to prevent security breaches, Gartner reckons that IT security is evolving to become more proactive as security managers embrace real-time threat analysis and detection. Leading the way are security information and event management (SIEM) tools along with secure gateways designed to speed threat detection and response.
Indeed, Gartner estimated last month that sales of SIEM software used to support threat detection and response to security breaches rose by a whopping 15.8 percent year-on-year as it gained market traction via its real-time collection and analytics capabilities. The analytics software is used to sift through a wide variety of event and contextual data sources to provide an historical analysis of security breaches.
Overall, the market watcher said worldwide security software revenue jumped 3.7 percent over the previous year to $22.1 billion.
Gartner recommended balancing security spending between preventive and proactive approaches like SIEM. "Organizations are increasingly focusing on detection and response, because taking a preventive approach has not been successful in blocking malicious attacks," Elizabeth Kim, senior research analyst at Gartner, noted in a statement.
While so-called managed detection and response schemes are emerging, Gartner said markets such as consumer security software, secure email gateways and endpoint protection platforms are slowing due to commoditization. The analyst estimated in July that leading consumer vendors registered a collective decline in revenues estimated at 4.2 percent in 2015.
For now, public cloud adoption and the security concerns it brings are expected to have a relatively limited impact on IT security spending. Gartner estimates that cloud adoption will account for less than 10 percent of "firewall" spending through 2019 but is expected to rise by the beginning of the next decade as cloud access security brokers evolve beyond software-as-a-service adoption to include infrastructure and platform services.
Meanwhile, "firewall vendors will also have to deal with one of their main challenges for the next few years: decrypting Secure Sockets Layer at scale," Gartner noted.
Data loss protection schemes widely used for regulatory compliance and intellectual property protection is expected to fill security gaps over the next several years. Gartner estimates that up to 90 percent of enterprises will implement one form of the DLP approach by 2018.
In the interim, emerging tools such as entity and behavior analytics, machine learning and image analysis are being used to augment existing approaches. Those analytics tools are expected to increase the ability to detect and thwart IT security threats in real time, security experts note.