Markets

Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.

Overview

Business Applications

Cybersecurity

Data Management, Analytics & AI

Infrastructure, Cloud & DevOps

Services

Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.

Overview

Insights

Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.

Insights
Contact Us

Insight

  • Examining and Addressing Threat Detection and Response Challenges

    ·

    Jon Oltsik

    GettyImages-899861704Detecting and responding to cyber-threats quickly can mean the difference between a cybersecurity annoyance and a costly data breach. This makes threat detection and response a critical business requirement.

    Given this, you’d think that threat detection and response would be well resourced with highly-tuned processes running as efficiently as a Swiss watch. Unfortunately, this is far from true. According to ESG research, threat detection and response is fraught with numerous issues. Here is a list of the top 5 threat detection and response challenges, according to 372 enterprise cybersecurity and IT professionals:

    (more…)

  • Clumio Joins The Club

    ·

    Christophe Bertrand

    GettyImages-967494496ESG research shows that cloud data protection has hit the stratosphere, with a significant acceleration in the past three years. Organizations see cloud as having a positive impact on their data protection strategies in general, and backup data is increasingly shifting to cloud. Cloud-based VMs are also perceived to be more resilient than on-premises. Founded in 2017, Clumio was built in the public cloud and is headed by Poojan Kumar, Clumio CEO, ex Oracle Exadata Co-founder, Pernix Data CEO, and Nutanix VP Engineering and Products. Investors include some well-known names in the industry. The company announced $51 million in funding. This combination of investors, funding, and experienced leadership is worth noting, as I am sure competitors have. 

    (more…)

  • Black Hat 2019 Insights: 8 Key Cybersecurity Market Observations

    ·

    Doug Cahill

    There was a lot to take in at Black Hat 2019 in Las Vegas. Fortunately, Enterprise Strategy Group covered a lot of ground with our expanded team of analysts. With the dust now settling from Black Hat 2019, ESG analysts share some takeaways from the event in this Enterprise Strategy Group On Location Video, including:

    1. How the event itself has changed.
    2. Security analytics and operations lessons.
    3. The emergence of elastic cloud gateways (ECGs).
    4. Securing the identity perimeter starts with basic hygiene.
    5. A holistic approach to Secure DevOps.
    6. The 5 components of XDR.
    7. New approaches to mitigating BEC attacks.
    8. The need to define MDR and clarify it as a form of a monitoring service.

    It was great to see and catch up with so many friends last week. We look forward to staying in touch with key findings from Enterprise Strategy Group’s cybersecurity research projects and more.

  • If I Were the CEO of Broadcom

    ·

    John Grady

    broadcom-ceoMy colleague Jon Oltsik had a running blog series entitled “If I Were the Next CEO of Symantec” that he updated every few years when new leadership was introduced. With the recent announcement of Broadcom’s intention to purchase Symantec’s enterprise business unit for $10.7 billion, I thought I would beat him to the punch and create a new blog series, “If I Were the CEO of Broadcom.”

    Of course, I’m not a silicon analyst, so my recommendations will be limited to the security side of Broadcom’s business. However, if I were the CEO of Broadcom and my goal was to optimize Symantec’s portfolio and properly leverage my investment, here are a few of the things I would focus on:

    • Retire or divest legacy and non-core products: There are areas of the Symantec portfolio that may have made perfect sense at one time but no longer do. Much of this is due to the long (and inconsistent) acquisition history of the company. These product lines represent a small part of the business and, in many cases, limited growth opportunities. Symantec may be better off moving on from them.
      • Network Performance (Blue Coat) and Endpoint Management (Altiris) fall outside of the cybersecurity realm and don’t add a lot of incremental value to the company.
      • Control Compliance Suite (CCS) doesn’t have the breadth of more full-scale risk management platforms like RSA Archer, and has lost ground to smaller players like Tripwire.
      • VIP, Symantec’s two-factor authentication solution, has seen enhancements over the last few years in an attempt to break into the B2C space, but with CA’s Identity suite already under the Broadcom umbrella and limited B2B traction, I’d expect some changes here.
    • Continue to invest in the Integrated Cyber Defense approach: ICD is Symantec’s platform architecture and represents an important opportunity moving forward. ESG research has shown that 62% of organizations would consider using a single security vendor for the majority of their security solutions, with efficacy, automation of processes, and operational efficiency being top reasons why. Symantec’s ICD vision puts it in contention to compete for these organizations’ business. Yet further development is required to expand its platform support through the rest of its portfolio, including the cloud, and increase its analytics capabilities. If this happens, Symantec will have a very compelling story to share with its customer base.
    • Build deeper integrations between SWG, CASB, and DLP: Symantec has been a market leader in SWG for years but was behind the curve with the shift to cloud. That’s finally been addressed, but the vendor needs to leverage its advantages in CASB and DLP in order to not miss another seismic market shift. ESG has talked about the emergence of elastic cloud gateways, which fully integrate SWG, CASB, and DLP functionality (among other capabilities) in a cloud native, highly scalable platform that provides a globally distributed yet locally accessible experience to users. Symantec has the tools to be a key player in this space, but more work needs to be done both to integrate the products and push the huge ProxySG installed base into the cloud with Symantec rather than a competitor.
    • Maintain a presence in email security: It seems like from a solution perspective this is fast becoming one of the forgotten areas of cybersecurity, even though it continues to be the preferred threat vector for attackers. Some of this can be attributed to O365 adoption and the built-in controls Microsoft offers. Yet like with all cloud services, there’s room for native controls and third-party solutions. Symantec has a robust offering here, accounting for filtering, advanced threat detection and response, isolation, and user awareness training. Symantec’s lost a good deal of ground to Proofpoint in this space, but these products provide important telemetry to the rest of the portfolio and will represent a key aspect of any platform strategy.
    • Allow services to flourish: Symantec has done most of the hard work of building a strong services organization that boasts consulting and incident response, managed services, and threat intelligence. It’s expanded into the MDR realm recently as well, as that space continues to drive massive amounts of interest. Services is a lower margin business, so some changes may be coming to better fit the Broadcom operating model. But Symantec has been smart about its’ investments here, and the services portfolio gives it differentiation from many competitors. Also, ESG research has found that outside of having a full SIEM product, organizations think that having threat intelligence feeds/analytics and managed services are some of the most important analytics capabilities for enterprise-class vendors.
    • Focus on the enterprise, without neglecting the upper mid-market: This will not be Broadcom’s strategy, but I’ll call it out anyway. There’s clearly an opportunity to cross-sell Symantec into the Broadcom strategic enterprise base (via CA). There’s also still expansion possible within existing Symantec accounts, both as the ICD vision comes to fruition and through ensuring the SEP installed base is fully utilizing all related products (i.e., EDR and SEP Mobile). However, some of the fastest growing cyber security companies are focusing further down market—not in the SMB, but to midsize and small enterprises. While we know it’s less expensive to sell to an existing customer than win a new one, Symantec has had limited success in this space for years and it represents another avenue to growth. To grow within the enterprise, you either need a new technology that has few or no competitors, or great technology to displace existing vendors. If Broadcom fully delivers on Symantec’s ICD vision, it can succeed in the enterprise—but in parallel, it should be looking to expand its potential customer base.

    Symantec has good technology and a well-known brand but has seen sluggish growth for years. The Blue Coat acquisition had promise, but ultimately failed to deliver the success financially. Symantec is desperate for an injection of operational excellence, which Broadcom can clearly provide. However, for the business to truly succeed there needs to be additional investment—not necessarily through acquisition, but through the realization of the ICDx vision and further product enhancements to deliver the full value of the portfolio. Once the deal closes, Broadcom should quickly and clearly provide specifics on the future of the portfolio to protect Symantec’s installed base. Security is a competitive space, and customers won’t sit back and wait while uncertainty swirls.

  • Perceptions of Black Hat 2019

    ·

    Jon Oltsik

    GettyImages-817486362About this time every year, the cybersecurity industry heads to “summer camp” in Las Vegas, heading to BSides, Black Hat, and/or DefCon. I attended Black Hat last week along with many members of the ESG cybersecurity team. Here are a few of my takeaways:

    1. The “vibe” has changed. There used to be a clear difference between Black Hat and its larger cousin, the RSA Conference. RSA has become an industry show where you talk about business relationships, M&A activities, and VC investments. Alternatively, Black Hat was always a practitioners’ show where the buzz centered on exploits, IoCs, and defensive tactics. Alas, billions of security dollars are taking its toll on poor Black Hat – there was a definite “hurray for the industry” vibe, fraught with banal cocktail parties, Merlot-drinking VCs, and ambulance-chasing vendors. The industry needs a cold shower to remember that its job is protecting critical digital assets, not celebrating 10-baggers. (more…)

  • Flash Memory Summit 2019: What’s Next and What’s Missing in the Future of Flash (Video)

    ·

    Scott Sinclair

    This week, I was in Santa Clara, California for my annual pilgrimage to Flash Memory Summit (FMS). While I was there, I got a few moments during a very busy week to stand in front of a camera with my colleague, Mark Peters, and discuss this year’s summit, as well as the latest news.

    Before I get to the new tech, I feel I must address the big question: “Is Flash Memory Summit still as important as it once was?” With flash memory becoming the de facto standard for data storage now, do we need a separate event for flash? Isn’t everything storage-related about flash now?

    If you look at the video, you will see a busy show floor packed with attendees. While the show certainly has evolved to more of an internal industry discussion and collaboration on flash, rather than an end-user conference, the conversations at FMS are no less valuable.

    Business’s demand for data performance is insatiable. Modern businesses are built on data, and every innovation that reduces the latency involved with data access, whether PCIe 4.0, NVMe, NVMe over fabrics, or persistent memory, offers a valuable edge for IT.

    And few workload trends illustrate this incredible demand for data performance more than the rise of machine learning. Nearly half of the keynote presentations at FMS 2019 had some reference to artificial intelligence (AI) or machine learning in the title. FMS is not just about flash storage; it is about taking flash to the next level to transform your business.

    With all this new technology, there is something missing, though, and not just from FMS but from IT as well. It is appropriate that artificial intelligence was a dominant topic at FMS this year, because it is another type of intelligence that needs to increase its presence in modern IT. What is lacking in modern IT is a sufficient level of detailed workload intelligence at the infrastructure level.

    Will the innovations shown at FMS accelerate your application environments? Yes, probably. But by how much, and which investments offer the greatest returns? Should you leverage an NVMe-based storage system? This is probably a no-brainer. But what about persistent memory? What about both? Which will give you the biggest improvement?

    Now, flash storage vendors have invested considerable time understanding how their technology will impact different workload environments. The problem, however, is that modern IT organizations often lack a detailed understanding of their own specific workload environments. This creates an intelligence gap. The scale of modern IT is becoming so large and the technology is evolving so rapidly that IT’s lack of the tools and the time necessary to understand the details of their specific workload requirements will likely become a major hurdle to new technology adoption.

    There is a wealth of new flash-based technologies poised to transform the data center. There is also a wealth of demand. Workloads, such as machine learning, are fueling a need for the low latency performance that these technologies offer. Seems like a perfect match. It is, just not quite. IT needs better tools to understand their specific workload ecosystems to maximize their return on the flash innovations just over the horizon. Solving this gap will be the difference between achieving an evolutionary, incremental performance improvement and capturing a transformational advantage.

  • WiFi is the New Dial Tone

    ·

    Bob Laliberte

    Pay_PhonesAnd responsible for creating positive experiences

    For almost a century we have relied on classic hardwired phones to conduct business, collaborate, and be more productive. From a work perspective, perhaps there are still a few out there who remember how getting off a plane was quickly followed by a trip to the bank of pay phones (see image, for those who have never seen one) to check for messages and make any required calls. When you went to the office, an essential piece of hardware was the hardwired telephone on your desk. The phone was critical because when you picked it up, it gave you a reassuring dial tone that let you know you were connected to the world.

    (more…)

  • Microsoft and Samsung Locking Into the Future of Work

    ·

    Mark Bowker

    mobile-workforceIf you tuned into Galaxy Unpacked 2019, you had the opportunity to be thrilled by all the Samsung announcements, but when Microsoft popped into the storyline and Satya Nadella jumped on stage, it became clear that Samsung (and Microsoft) are focused beyond the consumer market and locking into the corporate workforce. The Samsung and Microsoft partnership also validates that the powerhouses are geared up to compete against Apple, Goggle, and AWS.

    (more…)

  • HPE Continues Building Out Analytics and AI Portfolio with MapR Acquisition

    ·

    Mike Leone

    GettyImages-723500123The HPE buying spree continued Wednesday afternoon, as they scooped up big data vendor MapR. This comes on the heels of the recent BlueData acquisition, and to a lesser extent, Cray. And with each HPE acquisition, the strategy is clear as day – data is the crown jewel and HPE will help you gain value from it with a holistic approach that covers hardware, software, and services. HPE is becoming a one-stop shop for all things data, and they are prioritizing simplicity. They recognize that organizations are at different stages of their analytics and AI journeys, and need help every step of the way. By incorporating MapR technology, they’ll be capable of inserting themselves much earlier in the analytics and AI journey.

    (more…)

  • SOAPA Video with SAS Software (Part 2)

    ·

    Jon Oltsik

    Stu Bradley, VP of fraud and cybersecurity intelligence, recently stopped by the Enterprise Strategy Group video studio to participate in our SOAPA video series. In part 2, Stu and I discuss:

    • Cybersecurity analytics readiness. SAS talks about analytics readiness, so I pressed Stu on what the company means. Stu spoke about preparing core security analytics models that act as a foundation and can be adjusted and fine tuned for new types of threats. In other words, SAS Software works to guide customers through the cyber analytics lifecycle so they can gain business value early and often.
    • SOAPA is all about modularity in terms of how different data types, analytics engines, and security operations platforms interoperate, working together to generate incremental value. SAS Software participates in many ways – at the data level, at the run-time analytics execution layer, and with an analytics workbench. Stu also talked about the cybersecurity skills shortage and its impact on security analytics. SAS Software’s goal is to arm SOC teams with strong cybersecurity analytics regardless of their experience or skills level.
    • The future of SOAPA. Stu agrees that most organizations are in an infancy stage regarding SOAPA. This puts the burden on technology vendors to provide out-of-the-box analytics that can act as an underpinning for customers. Stu foresees a future around a new type of “AI,” analytics integration. In this case, companies will stitch together analytics models from multiple technologies into contiguous model sequences. SAS Software believes it can provide the platform “glue” to make this happen.

    Many thanks to Stu Bradley for participating in the ESG SOAPA video series. SAS Software adds a degree of analytics experience and thought leadership that really helps me push my thinking on SOAPA’s past, present, and future. 

  • Anticipating Black Hat 2019

    ·

    Jon Oltsik

    GettyImages-106623032Judging by this week’s Capital One breach and Equifax settlement, cybersecurity remains a topical if not ugly subject. The timing couldn’t be better for these unfortunate events. Why? Because the cybersecurity community will get together next week in Las Vegas for Black Hat and Defcon to discuss how to better deal with security vulnerabilities and improve threat prevention, detection, and response. 

    I’ll be there along with an assortment of my ESG colleagues. Here are some of the things we’ll be looking for: 

    • Network security platforms. While security appliances are far from dead, network security goes well beyond perimeter-based packet inspection of ingress/egress traffic. Alternatively, network security is evolving into a pervasive service inspecting and filtering traffic across physical data centers, virtual servers, and cloud-based workloads of all types. Think central management and distributed enforcement. Vendors like Check Point, Cisco, Forcepoint, Fortinet, Juniper, and Palo Alto Networks get this and are innovating in this direction. That said, how far along are they? Furthermore, are customers buying in or do they continue to look for “best-of-breed” network security technologies of various form factors? We’ll be asking these questions in Vegas conference rooms all week.
    • Endpoint security consolidation? Like network security, endpoint security tools are going through a similar amalgamation trend. Endpoint protection platform (EPP) vendors are integrating their endpoint capabilities into more capable platforms and expanding functionality into areas like device coverage, asset management, and EDR. As many EPP vendors innovate to differentiate themselves, the profile of EPP is changing rapidly. Leading vendors have level-set on providing integrated, cloud-delivered multi-layer prevention, detection, and response capabilities combined with managed detection and response (MDR) services, but new services and capabilities are rapidly emerging. We’ll be watching for new announcements about deeper integrations with other security tools, new capabilities for protecting cloud workloads, mobile, and IoT, and extended risk management capabilities.
    • Managed detection and response – it’s all about the people. I know I sound like a broken record, but the cybersecurity skills shortage continues to impact every decision CISOs make. Case in point, detecting and responding to threats like Ransomware, phishing, and exploits. Now a lot of the discourse around threat detection will center on threat intelligence synthesis, artificial intelligence, and machine learning (AI/ML) baked into products and services but all the TI in the world and the best ML doesn’t reduce the funnel or accelerate threat detection alone. What does? Experience, processes, and automation. In other words, the human stuff. Yup, humans can reason, see anomalous behaviors that are not apparent to the machines, and then program technology brains for future detection and response actions. Service providers can also work with the cybersecurity staff to map the adversary goals in a way that structures our thinking and response – as in, to the MITRE ATT&CK Framework (MAF), for example. Finally, humans must manage other humans. In this case, enterprise cybersecurity professionals must have the right structure and skills to manage third-party MDR providers effectively. ESG loves technology as much as anyone, but we’ll be looking to find the smartest and most helpful MDR services people next week. 
    • Serverless security – the new frontier. Cloud: Serverless functions, or function-as-a-service (FaaS), such as AWS Lambda, Azure Functions, and Google Cloud Functions are becoming more prevalent components of modern cloud-native applications built on a microservices architecture. Because serverless itself is an abstract concept, the associated threat model and security approaches are ambiguous. So, what’s different about serverless? Serverless shifts more of the security responsibility to two parties – the external cloud service provider (CSP) and the internal developer. This changes the shared responsibility model where CSPs are now on the hook for securing the server instances that run the functions, as temporal as they may be. The consumers of these services, absent access to a network tap or the ability to install an agent, needs to gain visibility and control over their use of serverless functions. By shifting left into the development stage, DevOps teams must continuously discover API calls in source code and assess how those APIs are being used at build-time (i.e., with respect to authentication, authorization, encryption of data in motion and more). Logging an audit trail of service-to-service activity and the use of Runtime Application Self-protection (RASP) closes the continuous loop to protect the entire serverless API lifecycle. Do cybersecurity professionals and security technologies get this? We’ll be poking around at Black Hat to find out.
    • Security analytics innovation and confusion. A few years ago, security analytics was synonymous with SIEM (security information and event management), but no longer. Security analytics now includes areas like network traffic analysis (NTA), security data lakes, UEBA, threat intelligence platforms (TIPs), etc. Savvy CISOs are playing with many of these but they also want cooperative security analytics where technologies interoperate, complement, and add value to one another. Once security analytics provide high-fidelity data (i.e., alerts, risk scores, etc.) organizations also want to act upon this data through security operations platforms. This is the essence of ESG’s SOAPA (security operations and analytics platform architecture). Yes, there’s tremendous investment and innovation in this area but users are royally confused by the pace of change and market hyperbole. Do they go with a one-stop shop like IBM or Splunk? Do they use open-source software like BRO/Zeek, the ELK stack, or Hadoop? Do they deploy SOAPA on-premises or seek out a cloud-based alternative from the likes of Devo, Google (Chronicle/Backstory), Microsoft (Azure Sentinel), or SumoLogic? I’ll be talking to a lot of SOC analysts at Black Hat to research and help answer these questions.

    Despite the heat, crowds, and miles of walking each day, Black Hat is one of my favorite weeks of the year. By the end of the event, I feel like I’ve just gotten a graduate degree in cybersecurity – each year. If you see me or one of my ESG colleagues at Black Hat, make sure to say hello and let us know what you’re up to. Cybersecurity is a collection activity – even in Sin City, it takes a village. 

  • Elastic Cloud Gateways and Other Thoughts Before Black Hat 2019

    ·

    John Grady

    As Black Hat 2019 quickly approaches, I couldn’t help but think back to the tail-end of my previous life attending industry conferences as an analyst covering network security. By 2014, you couldn’t get a conversation with a user on the show floor if you were a firewall vendor that didn’t offer robust application control. Palo Alto Networks had successfully shifted the industry focus to application layer inspection and next-generation firewalls had all but been accepted as the default standard for network protection. This transition addressed the fundamental shift in internet usage affecting the way we live and work. Traditional Layer 3 and 4 scanning could not provide the visibility and control over Layer 7 traffic required to protect the modern enterprise. Of course, at the time it was the need for control over applications like Facebook, Twitter, and YouTube driving the change. But it clearly foreshadowed the upcoming transition to cloud application usage.

    (more…)