资源描述
March 2019, IDC #US43699318e IDC MarketScape IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment Martha Vazquez THIS IDC MARKETSCAPE EXCERPT FEATURES RADWARE IDC MARKETSCAPE FIGURE FIGURE 1 IDC MarketScape Worldwide DDoS Prevention Solutions Vendor Assessment Source: IDC, 2019 2019 IDC #US43699318e 2 Please see the Appendix for detailed methodology, market definition, and scoring criteria. IN THIS EXCERPT The content for this excerpt was taken directly from IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment (Doc #US43699318). All or parts of the following sections are included in this excerpt: IDC Opinion, IDC MarketScape Vendor Inclusion Criteria, Essential Guidance, Vendor Summary Profile, Appendix and Learn More. Also included is Figure 1. IDC OPINION Distributed denial-of-service (DDoS) attacks are increasingly complex, and they frequently employ multiple attack types and strategies such as multivector attacks and diversionary attacks against a broad set of targets. Industry reports continue to illustrate that no one organization is safe. The DDoS attacks that were once solely focused on gaming and retail organizations have spread to target a wide variety of organizations of all sizes and industries. In a 2018 IDC survey, close to half of the respondents said they have experienced a DDoS attack, with over 50% of those organizations experiencing 110 times attacks in 2017. Organizations that are experiencing attacks conclude that not only are the attacks volumetric but they experience a combination of multivector, TCP-exhaustion, and/or application attacks. Even though DDoS prevention solutions are more mainstream solutions than even a few years ago, choosing the right vendor or service is challenging. Organizations have widely varying requirements, requiring all vendors and providers to offer highly customized solutions and extensive support services which in turn challenges vendors and service providers (SPs) to be highly effective in the management of their resources and to keep prices manageable for the organizations they are defending. Using the IDC MarketScape model, IDC compared 10 organizations that offer DDoS protection services and solutions and conducted in-depth interviews with these DDoS prevention providers and their customers. Through granular evaluations, IDC found that each provider possesses its owns strengths and weaknesses compared with a peer group, but the clear differences appear in both the current capabilities and future strategies. IDC believes that the following areas will drive the DDoS prevention market forward while providing vendors with the opportunity to hone a differentiated proposition: Provide advanced value-added features and capabilities such as real-time monitoring, threat intelligence, web application firewall (WAF), advanced analytics, forensics, proactive management, automation detection and mitigation, SSL traffic inspection, IP protection and cloud signaling techniques. Demonstrate pricing models that are flexible for the customer. Ensure flexible deployment options that work for the organization, which can provide a cloud-based approach, on-premises, or a combination of both such as the hybrid approach, which includes an integrated approach to sending traffic to the cloud either automatically or upon alert when the on-premises resources are exhausted. Provide scalable visibility and DDoS mitigation scrubbing capacity across the globe. 2019 IDC #US43699318e 3 Offer superior SLAs that provide quick and effective detection and mitigation capabilities. Provide customer portal and reporting capabilities. Demonstrate quick onboarding methods. Provide expertise, support, and experience. IDC MARKETSCAPE VENDOR INCLUSION CRITERIA IDC collected and analyzed data on 10 DDoS prevention vendors and providers within the 2019 IDC MarketScape for worldwide DDoS prevention solutions vendor assessment. While the market is broad and contains a variety of players in the market, IDC narrowed the field of participants for this study based on the following criteria: Revenue. Must consist of discrete DDoS revenue of at least $25+ million in services globally and $12 million for appliance vendors for 2017 Geographic presence: Had to consist of a global footprint with presence in multiple geographies Services/product. Had to consist of a full DDoS prevention and mitigation solution Customer base. Had to have a presence in the enterprise segment, with at least 100+ customers ADVICE FOR TECHNOLOGY BUYERS Organizations looking to conduct a thorough evaluation of DDoS prevention products and services face a daunting task. The marketplace is composed of vendors that sell on-premises DDoS prevention products or cloud-based services. Some of the included vendors are considered managed security service providers (SPs) that are managing products/cloud-based service, but they also include their own people, process, and procedure for mitigating DDoS attacks. IDC looks at the market from two angles, the products and services, and has seen the services market achieve higher growth, meaning that cloud-based service is becoming a very popular way to deploy DDoS prevention. Managed security SPs are gaining momentum in this space because of their focus on these areas and because of the predictable operation expense they offer to the buyer through managed services. But in the DDoS prevention market, partnerships are important, and managed security SPs will have to partner with vendors to provide DDoS prevention and mitigation to their own infrastructure and will then resell their services with their own intellectual property (IP) embedded, and in addition, managed security SPs can also integrate a hybrid approach with product DDoS vendors. Other cloud-based players in the market have established their IP service and deliver that as a cloud-based service. In any case, when an organization is evaluating and choosing a provider or vendor, its important to have the following key buying considerations in mind: Review advanced features and capabilities. With DDoS attacks rising in frequency and volume, product vendors, cloud providers, content delivery network (CDN) providers, managed security SPs, and internet service providers are gaining more interest and creating their own blend of DDoS mitigations. As a result, these providers and vendors continue to add more features and functionality into DDoS prevention solutions. DDoS prevention product companies have taken notice of the need for more extensibility and have adapted solutions to 2019 IDC #US43699318e 4 provide more scalability, features, and functionality into their products. Vendors also continue to add features such as threat intelligence (their own and the ability to integrate with third parties) advanced analytics, machine learning and advanced reporting, and automation capabilities. According to an IDC survey, respondents noted that the top 4 most important features for DDoS protection are real-time monitoring, integration of threat intelligence and advanced analytics, proactive management, and automated detection and mitigation. Vendors and providers are adding additional capabilities and services such as bot management, WAF, IPV6 support, cloud workload protection, SSL, and hybrid techniques (cloud signaling) to enhance visibility and strengthen their capabilities. Review global footprint. One important aspect for buyers to review when looking for a DDoS vendor or provider is the number of scrubbing centers, security operations centers (SOCs), and capacity offered. Network capacity is the amount of total network bandwidth, and scrubbing capacity is the bandwidth that is dedicated to cleaning the DDoS traffic. It is also important to look at the total infrastructure, which includes the number of SOCs and datacenters that are dispersed globally. Those that are more globally spread out can handle more capacity and mitigate attacks quickly and effectively. The different providers can use various tools and methods to enhance their technique as well. Utilizing providers with a large global network and a large network footprint can provide benefits as those providers are able to mitigate the attacks closer to the source and do this without affecting performance. Evaluate investments in automation detection and mitigation techniques. Organizations should evaluate vendors and providers that are continuing to investment in automating SOC tools, methods, and techniques that will reduce detection and mitigation time frames. DDoS attacks are the new norm, and as a result, vendors or providers should offer services that will enhance their alert and mitigation capabilities. Some of these vendors are also investing in advanced techniques that will enhance their ability around analysis such as behavioral DDoS detection and mitigation. Review deployment options and hybrid capabilities. Vendors and providers can provide DDoS protection in a number of ways such as cloud based, on-premises (dedicated DDoS products), or hybrid (see the Market Definition section). Depending on their needs, it is important for organizations to look at flexible deployment options. Organizations need to look at what skills they possess internally today and analyze the number, volume, and source of attacks occurring in order to determine the best way to protect themselves. Some enterprises that are receiving DDoS attacks frequently and are at a higher risk may choose an on-premises product as they are constantly monitoring traffic, and therefore, the product can mitigate attacks before they hit any important parts of the IT infrastructure. However, organizations are also choosing hybrid capabilities, which combines on-premises with cloud-based DDoS prevention service. This provides the organization help defending against larger attacks as well as giving them the opportunity to stop attacks from reaching the network. Cloud signaling is a seamless capability that sends an alert to allow for traffic to be mitigated if the on-premises resources become exhausted. Another deployment capability is only cloud based, which provides monitoring and mitigation via the providers SOC and scrubbing centers. Organizations can benefit from this option for easier deployment, and the provider can see the traffic occurring on the network and mitigate the bad traffic quickly. In addition, because of their scalability, these types of cloud-based providers can also handle large volumetric attacks. Evaluate portals. Enhancing the customer experience is important, and so organizations should evaluate user interface, dashboards for ease of use, visibility, and reporting. Vendors are providing features such as real-time monitoring, analytics and graphs, reporting, email reports, traffic usage, incidents, and sources of attacks as well as some self-service capabilities. Some vendors will provide ways to change settings, review statistics, and 2019 IDC #US43699318e 5 examine emerging attacks in real time or see attack history data. The attack history is important as clients are able to see behavior network patterns and show peaks over a period of time. Tracking of tickets and custom centralized reporting to provide visibility to the customer are also some key features of the portal that should be evaluated as well. Buyers should take consideration as to the valuable features that are offered in the portal and test navigation and functionality tools required for their business needs. Investigate pricing options. Pricing for DDoS protection varies widely across the board, but IDC found that many vendors are increasingly providing flexible pricing options to customers in order to address the widest range of customer requirements. Pricing should be easy to understand and simplified for the customer. DDoS prevention can be priced in a number of different ways such as usage based, consumption based, or based around clean traffic or legitimate traffic and by footprint of assets such as IPs, website, circuit, datacenters, per incident, or per volume. Some vendors are also offering pay as you grow and unmetered pricing options. Enterprises should consider pricing that includes overage charges if attack size becomes too big for the package service purchased. Typically, services that are offered “always on“ may be priced higher than those offered on demand, but depending on the customers risk, an always-on option may fit best for them. Other factors to consider include managed versus self-service as well as integration and set up support services. Review SLAs. Time to alert, detect, and mitigate is a crucial component to review. Forward-thinking DDoS providers and vendors are looking at different tools and technologies to enhance their monitoring, detection, alerting, and mitigation efforts. Some DDoS vendors can offer very granular and detailed SLAs with specific commitments to mitigation and quality. Consider security expertise and reputation. Buyers should consider the reputation and security expertise of the vendor or provider that they choose. As early as the onboarding process, it becomes crucial to understand how proficient the vendor guides the customer through the sales to the onboarding process and then throughout the customer life cycle. Buyers should evaluate reputation, longevity, and expertise that providers have in the space and then also evaluate how much support buyers will want from providers team of experts once the solution is implemented. Buyers should also consider the number of staff that is dedicated to only DDoS in the SOC. In addition, buyers should also look at how these providers are investing in their team of experts through training and retention methods. VENDOR SUMMARY PROFILES This section briefly explains IDCs key observations resulting in a vendors position in the IDC MarketScape. While every vendor is evaluated against each of the criteria outlined in the Appendix, the description here provides a summary of each vendors strengths and challenges. Radware Radware is positioned as a Leader in the 2019 IDC MarketScape for worldwide DDoS prevention solutions vendor assessment. Radware provides a hybrid solution that consists of an on-premises and a cloud service DDoS prevention solution, as well as a pure cloud on-demand and always-on cloud DDoS protection services. Radware has a strong global footprint in the enterprise and for service providers. Radwares global security network consists of 11 scrubbing centers that are connected in a full-mesh network with over 5Tbps of attack mitigation capacity. Radware has 3 follow-the-sun (FTS) SOCs located globally 2019 IDC #US43699318e 6 and maintains a global network of 44 POP scrubbers focused on application attacks, which need to be scrubbed at the attack destination. Radwares DDoS Protection portfolio, both on-premises and in the cloud, is tailore
展开阅读全文