Small Vendors Issue Security Challenge To Large Competitors
Group of four says some competitors aren't providing acceptable protection against hackers.
Four vendors of application security products have created an alliance to challenge the ability of large-scale vendors--such as Check Point Software Technologies, Cisco Systems, Juniper Networks, McAfee, and Symantec--to protect customers from hacker attacks and other security breaches.
On Monday at the Computer Security Institute Conference in Washington, D.C., the CEOs of F5 Networks, Imperva, NetContinuum, and Teros challenged their larger rivals to join them in putting their products to the test before ICSA Labs, an independent information security product certifier. Their stated goal is to promote more consistent metrics for customers to evaluate products.
The situation, as these upstarts describe it, is a growing market for Web application security--which the Yankee Group tags at $2 billion over the next five years--and suspect claims from vendors about the capabilities of their products.
In a prepared statement, the foursome suggests that some vendors are selling security short. "We are united regarding the minimum criteria that any security product must meet to provide acceptable protection for mission-critical Web applications," the companies state. "We believe these minimums are not being met by many vendors, despite marketing claims that strongly imply such protection. The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data loss threats. Our goal is to pave the way for minimum standards that will ensure the safety of consumers as well as corporate and government environments on the Web."
The application security vendors "normally don't talk to each other," says Bob Walters, CEO of Teros. "But we came together to help improve the situation." Gene Banman, CEO of NetContinuum, notes that his company and its allies have built their businesses around better Web application security.
"It's pretty remarkable that these companies have come together," says James Slaby, an analyst with the Yankee Group. "It shows the difficulty of competing against entrenched incumbents."
The criticisms are accurate, Slaby says. The smaller, specialized vendors offer application-specific security that considers the context of external network requests, as opposed to generic packet filtering typically offered by the larger vendors. Slaby suggests that packet filtering is not enough to identify some attacks.
Even so, it may be tough for the specialized vendors to convince the market of their merits. "The buyers want to believe what the big guys are telling them," Slaby observes. He adds that the major players in the security market are probably aware of their deficiencies and may correct them through future development or by acquiring companies and their technologies.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.