1. 1Info-Tech Research Group Vendor Landscape: Annual Security Roundup Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2013 Info-Tech Research Group Inc. Vendor Landscape: Annual Security Roundup The best solution providers do everything and do it well. Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© 1997 - 2013 Info-Tech Research Group

2. 2Info-Tech Research Group Vendor Landscape: Annual Security Roundup Security remains a highly consolidated market; only a few vendors continue to lead the pack. This evaluation determines the true security king. Introduction Enterprises seeking well-rounded, viable security partners that have the ability to provide security solutions across multiple categories to allow for streamlined administration. Enterprises with security use cases that may include: Network security, which includes anti- malware, network access controls, and firewall. Data security, which includes data leakage prevention, filtering, and encryption. Security management, which includes Security Information and Event Management (SIEM), as well as Mobile Device Management (MDM). This Research Is Designed For:This Research Will Help You: Focus on identifying security vendors with a comprehensive security portfolio based on security scenarios: network security, data security, and security management. Understand the capabilities that exist in those categories. Match vendors based on how their solution capabilities meet those needs.

3. 3Info-Tech Research Group Vendor Landscape: Annual Security Roundup Market Overview The security market was founded by continual leaders in the space, such as Symantec, Check Point, and McAfee. Innovation is rarely driven by these leaders, however. New solutions are generally introduced by small companies. The larger vendors often choose to invest in new capabilities by acquiring those smaller companies, rather than doing it themselves. This has resulted in a highly consolidated market. Amalgamated companies, such as Trustwave, are trying to compete in the field by bringing a number of smaller companies together under one corporate umbrella. Over the past few years, the market has consolidated with companies scooping up new start-ups in an attempt to stay on top of new solutions and maintain market dominance. Products are also expected to consolidate more fully. All-in-one solutions are favored by many organizations looking for a streamlined method of protecting their networks and data. Product administration continues to be streamlined as well. With the increase of all-in-one solutions comes singular management consoles to consolidate rule sets and alleviate administrative issues that IT staff may face. Vendors are also acknowledging the increasingly mobile nature of devices in enterprises. Vendors will continue to add mobile capabilities to their products to stay on top of this movement. Deployment methods are broadening beyond software, hardware, and self-managed services to include hybrid methods, and third-party managed services for increased flexibility and manageability. How it got here Where it’s going As the market evolves and threats multiply, the value in single-focus solutions begins to decline; the complexity of management outstrips any value offered by being the marginally-best solution in a market space. Increasingly, solution providers with broad portfolios of consolidated offerings provide better security, easier management, and greater cost-effectiveness.

4. 4Info-Tech Research Group Vendor Landscape: Annual Security Roundup The security space has been evolving in terms of product deployment options to adapt to the changing needs of organizations. Market Overview (continued) Vendors are recognizing that clients are looking to move their security tools to the Cloud, or simply don’t have the resources to manage large-scale solutions (such as SIEM in the second column, example below) in their IT departments. Small to mid- sized organizations tend to favor the hosted option, whereas larger organizations are looking for the hybrid option for the best of both worlds. Management Models Deployment Models On-PremiseHybridHosted Third Party Managed SIEM serviceSession Initiation Protocol (SIP) security gateway management service Reputation-based anti- malware service Hybrid After-hours SIEM monitoring service Secure remote access service After-hours Security Operations Center (SOC) service Self-Managed Traditional anti-malwareNetwork and proxy- based Web Content Filtering (WCF) service Cloud-based single sign-on (SSO) service Each combination of deployment and management options implies different system controls. For example, self- managed/on-premise implementations avoid third-party control requirements. In contrast, in a hosted environment with the solution fully managed by the vendor, requirements revolve around managing third-party risks. Hybrid options can enable greater flexibility for third-party risk management or operational efficiencies.

5. 5Info-Tech Research Group Vendor Landscape: Annual Security Roundup Annual Security Roundup Vendor selection / knock-out criteria: market share, mind share, and platform coverage Check Point. One of the most recognizable names in the market, it was one of the progenitors of the firewall space. Cisco. Although its main focus is not on security, Cisco has products in all three security categories, through acquisitions and its own solutions. Juniper. Historically a networking company that has developed a strong position in Unified Threat Management (UTM) and Next Generation Firewall (NGFW), and Network Access Controls. McAfee. A continued leader in the industry with a broad product portfolio, making it truly a “jack of all trades.” However, those products tend to be pricier options. Sophos. A strong competitor against larger vendors in the security space, with equally strong products and support. Symantec. The world’s largest security solutions provider keeps innovating to maintain market share. Trend Micro. A pioneer and leader in reputation-based scanning. It offers a focused portfolio primarily in data security. Trustwave. A vendor that has built its product portfolio through acquisitions, it has an extensive managed services offering. Websense. While it has a smaller product line than the larger vendors it competes against, it’s a strong competitor in the spaces in which it operates. Included in this Vendor Landscape: As security threats and their landscape increase and diversify, more and more products appear in the market. More products can mean increased management costs. Simplifying by reducing the number of security partners can be more efficient, provided the solutions meet your needs. For this Vendor Landscape, Info-Tech focused on those vendors with a product in each category: data and network security and security management, or two products in one of those categories.

6. 6Info-Tech Research Group Vendor Landscape: Annual Security Roundup When evaluating a security portfolio, focus on critical security tools Traditional firewall is integrated with additional features for an all-in-one solution. UTM / NGFW Anti-malware protects endpoints against viruses, spyware, and other harmful code. Anti-Malware MDM manages mobile devices such as smartphones, and the applications they hold. MDM SIEM analyzes security alerts as they happen from the network hardware and applications. SIEM Product Criteria Weighting Helps secure network by enforcing access controls, while also monitoring for threats. NAC DLP monitors data to prevent unauthorized use and controls the spread of information. DLP Allows and blocks users from viewing certain websites. Filtering Encryption protects data locally, and when it is in transit via networks. Encryption Product Evaluation

7. 7Info-Tech Research Group Vendor Landscape: Annual Security Roundup The following vendors were evaluated for their involvement in both areas under security management. Security management vendors have a strong presence in SIEM and MDM Why Scenarios? In reviewing the products included in each Vendor Landscape TM, certain use cases come to the forefront. Whether those use cases are defined by applicability in certain locations, relevance for certain industries, or as strengths in delivering a specific capability, Info- Tech recognizes those use cases as Scenarios, and calls attention to them where they exist. 3 2 Security Management Solutions/Providers 1 Exemplary Performers McAfee’s NitroSecurity SIEM solution scores well for its attractive and intuitive user interface. Its MDM solution scored points for its security focus, namely its advanced apps security options for Android and its visibility into app permissions. Symantec’s SIEM solution offers the broadest base of deployment types, from software to managed service offerings. Its MDM solution offered basic capabilities such as document management and supporting a variety of mobile platforms. For an explanation of how Scenarios are determined, see Information Presentation – Scenarios in the Appendix.Information Presentation – Scenarios

8. 8Info-Tech Research Group Vendor Landscape: Annual Security Roundup The following vendors were evaluated on their product offerings in two or more of these areas. Network security vendors feature products in UTM/NGFW, anti-malware, and NAC Why Scenarios? In reviewing the products included in each Vendor Landscape TM, certain use cases come to the forefront. Whether those use cases are defined by applicability in certain locations, relevance for certain industries, or as strengths in delivering a specific capability, Info- Tech recognizes those use cases as Scenarios, and calls attention to them where they exist. Exemplary Performers One of the largest network infrastructure vendors, Juniper’s solutions are easily integrated with each other, due to its JUNOS operating system that runs across all of its product lines. McAfee has solid products in this space, even if they are not necessarily stand-outs – whether it is due to a lack of advanced features or price. However, McAfee’s ability to integrate all of its products is a key advantage. A true competitor and continued champion in the spaces of UTM and anti-malware, Sophos is giving larger vendors a run for their money with its strong solutions backed by support and channel options. 3 1 Data Security Solutions/Providers 2 For an explanation of how Scenarios are determined, see Information Presentation – Scenarios in the Appendix.Information Presentation – Scenarios

9. 9Info-Tech Research Group Vendor Landscape: Annual Security Roundup The following vendors feature product offerings in all three areas. Data security vendors cover areas such as DLP, filtering, and encryption Why Scenarios? In reviewing the products included in each Vendor Landscape TM, certain use cases come to the forefront. Whether those use cases are defined by applicability in certain locations, relevance for certain industries, or as strengths in delivering a specific capability, Info- Tech recognizes those use cases as Scenarios, and calls attention to them where they exist. Exemplary Performers A true “jack of all trades,” McAfee is a champion in both DLP and web content filtering. In both cases, they are still a pricier option, but in all three areas, its ability to integrate products under the ePO platform is key for mid-market organizations. A champion in DLP (and best overall value), with decent showings in the other areas, Trend Micro’s products ranged from basic to featuring multiple advanced capabilities, each with fair pricing. Trustwave has decent products in these areas, although they often lack in advanced features and are priced in the mid-to-high range. Trustwave’s advantage is its managed service offerings, which include managed encryption. 2 1 Data Security Solutions/Providers 3 For an explanation of how Scenarios are determined, see Information Presentation – Scenarios in the Appendix.Information Presentation – Scenarios

10. 10Info-Tech Research Group Vendor Landscape: Annual Security Roundup Vendor Landscape Methodology: Overview Info-Tech’s Vendor Landscapes are research materials that review a particular IT market space, evaluating the strengths and abilities of both the products available in that space, as well as the vendors of those products. These materials are created by a team of dedicated analysts operating under the direction of a senior subject matter expert over a period of six weeks. Evaluations weigh selected vendors and their products (collectively “solutions”) on the following eight criteria to determine overall standing: Features: The presence of advanced and market-differentiating capabilities. Usability: The intuitiveness, power, and integrated nature of administrative consoles and client software components. Affordability: The three-year total cost of ownership of the solution. Architecture: The degree of integration with the vendor’s other tools, flexibility of deployment, and breadth of platform applicability. Viability: The stability of the company as measured by its history in the market, the size of its client base, and its financial performance. Strategy: The commitment to both the market-space, as well as to the various sized clients (small, mid-sized, and enterprise clients). Reach: The ability of the vendor to support its products on a global scale. Channel: The measure of the size of the vendor’s channel partner program, as well as any channel strengthening strategies. Evaluated solutions are plotted on a standard two by two matrix: Champions: Both the product and the vendor receive scores that are above the average score for the evaluated group. Innovators: The product receives a score that is above the average score for the evaluated group, but the vendor receives a score that is below the average score for the evaluated group. Market Pillars: The product receives a score that is below the average score for the evaluated group, but the vendor receives a score that is above the average score for the evaluated group. Emerging Players: Both the product and the vendor receive scores that are below the average score for the evaluated group. Info-Tech’s Vendor Landscapes are researched and produced according to a strictly adhered to process that includes the following steps: Vendor/product selection Information gathering Vendor/product scoring Information presentation Fact checking Publication This document outlines how each of these steps is conducted.

11. 11Info-Tech Research Group Vendor Landscape: Annual Security Roundup Vendor Landscape Methodology: Vendor/Product Selection & Information Gathering Info-Tech works closely with its client base to solicit guidance in terms of understanding the vendors with whom clients wish to work and the products that they wish evaluated; this demand pool forms the basis of the vendor selection process for Vendor Landscapes. Balancing this demand, Info-Tech also relies upon the deep subject matter expertise and market awareness of its Senior and Lead Research Analysts to ensure that appropriate solutions are included in the evaluation. As an aspect of that expertise and awareness, Info-Tech’s analysts may, at their discretion, determine the specific capabilities that are required of the products under evaluation, and include in the Vendor Landscape only those solutions that meet all specified requirements. Information on vendors and products is gathered in a number of ways via a number of channels. Initially, a request package is submitted to vendors to solicit information on a broad range of topics. The request package includes: A detailed survey. A pricing scenario (see Vendor Landscape Methodology: Price Evaluation and Pricing Scenario, below). A request for reference clients. A request for a briefing and, where applicable, guided product demonstration. These request packages are distributed approximately twelve weeks prior to the initiation of the actual research project to allow vendors ample time to consolidate the required information and schedule appropriate resources. During the course of the research project, briefings and demonstrations are scheduled (generally for one hour each session, though more time is scheduled as required) to allow the analyst team to discuss the information provided in the survey, validate vendor claims, and gain direct exposure to the evaluated products. Additionally, an end-user survey is circulated to Info-Tech’s client base and vendor-supplied reference accounts are interviewed to solicit their feedback on their experiences with the evaluated solutions and with the vendors of those solutions. These materials are supplemented by a thorough review of all product briefs, technical manuals, and publicly available marketing materials about the product, as well as about the vendor itself. Refusal by a vendor to supply completed surveys or submit to participation in briefings and demonstrations does not eliminate a vendor from inclusion in the evaluation. Where analyst and client input has determined that a vendor belongs in a particular evaluation, it will be evaluated as best as possible based on publicly available materials only. As these materials are not as comprehensive as a survey, briefing, and demonstration, the possibility exists that the evaluation may not be as thorough or accurate. Since Info-Tech includes vendors regardless of vendor participation, it is always in the vendor’s best interest to participate fully. All information is recorded and catalogued, as required, to facilitate scoring and for future reference.

12. 12Info-Tech Research Group Vendor Landscape: Annual Security Roundup Info-Tech Research Group Helps IT Professionals To: Sign up for free trial membership to get practical solutions for your IT challenges www.infotech.com Quickly get up to speed with new technologies Make the right technology purchasing decisions – fast Deliver critical IT projects, on time and within budget Manage business expectations Justify IT spending and prove the value of IT Train IT staff and effectively manage an IT department “Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free: 1-888-670-8889