Greg Young
Research VP
6 years at Gartner
22 years IT security
Greg Young is a research vice president in Gartner and the lead analyst for network security. Mr. Young has experience in IT security in product companies, and in both the private and public sectors. He spent his military career in technology security… Read Full Bio
by Greg Young | February 11, 2011 | 1 Comment
The RSA Conference is the largest security event of the year, and a great venue to catch up with colleagues and see firsthand what security technology is popular. Here is this year’s lighthearted bingo card you can take with you onto the showfloor. Safe travels:

Category: Uncategorized Tags:
by Greg Young | January 25, 2011 | 1 Comment
You remember Mr. Snuffleupagus? On Sesame Street, only Big Bird could see him and was frustrated when others couldn’t. For the rest of the year we’ll be hearing from sellers about APT – Advanced Persistent Threats. This is a problem because this isn’t anything new – threats have always been advanced and persistent, otherwise they aren’t threats. New rotary phone based attacks and giant meteors.. you get the idea.
Is all well in security? No – the opposite. IT security goes through linked sine waves where we are trailing the threat (where we are now) and where we catch up to the threat. Virtualization, mobilization, socialization, and a lot of other ‘-ization’ trends and technologies have security in catch-up mode to the stuff we need to secure. There doesn’t seem to be any shortage of bad things so making up new ones is over-FUD. There are different kinds of botnets, so let’s call them that. Anything else, and it is likely something no one but the seller sees.
And yes, on the TV show, Mr Snuffleupagus was real, but Big Bird, Sesame Street aren’t. They were people in suits.. like sellers at trade shows
Category: Security Uncategorized Tags:
by Greg Young | December 6, 2010 | 3 Comments
The updated Network IPS MQ was published today, for our clients.
The IPS market is driven mostly by the adjacent firewall market. Firewall vendors have in the past not been able to deliver IPS within the firewall that is both integrated and competitive with stand-alone IPS. This edition of the IPS MQ highlights that as the IPS market has expanded into a due diligence market, the pace of innovation of firewalls will determine IPS’ future.
Firewall vendors need next generation firewall features of which quality IPS is a mandatory, and IPS vendors need to decide whether they move into the anchor point of the enterprise firewall market and take on the incumbents. The additional theme is success in acquisition – both in making them and in being acquired.
A great companion document is “Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market“.
Category: Uncategorized Tags:
by Greg Young | November 10, 2010 | Comments Off
Gartner recently conducted a series of surveys on privacy. For our clients, we have just published a research note with the data and our analysis on the Canadian segment of the survey.
Category: Uncategorized Tags:
by Greg Young | November 4, 2010 | Comments Off
For our clients, we have an updated research piece on using more than one brand of firewall, including virtual network firewalls.
This has been a continuing topic of inquiry, especially of late as DMZ designs are being refreshed to accommodate virtualization, changes in the data center, and especially as part of a mergers/acquisition.
Category: Uncategorized Tags:
by Greg Young | August 12, 2010 | 2 Comments
Web Application Firewalls (WAF)
Paraphrasing James Carville’s quote about the economy, WAFs are not ubiquitous because of the fragmented buying centers for them, silly, rather than any confusion over over the market name or concerns over false positives.
WAFs are a high value safeguard for custom applications, but are held back because so many groups are potentially involved in the operation and buying of applications. Data center ops, server ops, appdev, application owners, security, network ops… Unlike other products like IPS which have usually two buying centers, there is a wide spread to which roles are involved in WAF. There will be some reduction in the number of buying centers, but as long as custom web applications are housed and delivered in this complex manner, don’t expect organizations to change to accommodate the safeguard.
And a moment of zen is me with James Carville.

Category: Uncategorized Tags:
by Greg Young | July 23, 2010 | Comments Off
WAF MARKET
The web application firewall market is challenged because of the multiple buying centers, and the competition with scanners. Not because of the name.
GARTNER JOBS VIA TWITTER
RT @cpettey: RT @Gartner_inc We’ve set up a twitter feed for new vacancies at #Gartner: it’s @Gartner_Jobs. Of course, also available at www.gartner.com
Category: Uncategorized Tags:
by Greg Young | July 21, 2010 | Comments Off
APT!
I thought it was only security company names that were sounding like pharmaceuticals. Now new artificial terms are as well: “Advanced Persistent Threats” or APT (“if you think you have APT, contact your doctor …”). APT is valueless when viewed through the lens of relativism: when weren’t threats persistent or advanced? Yes, attacks that use multiple vectors are different but call them that. APT and BOO are synonyms. Threats continue to advance, are more persistent and don’t stand still – an artificial milestone is just artificial.
RETIREMENT
My old friend and colleague Mathew Soong has retired from Gartner Consulting: best wishes and I’ll miss you Mathew. Mathew wasn’t a security guy but I leaned a lot from him. The best memory I have is Mathew explaining the budget impediment of incumbent products, leaving such a small % to spend on new things. And if you spend that % on new things, that will leave less money next year for new things.
INFRASTRUCTURE PROTECTION HYPE CYCLE
The InfraPro HC is coming along well. We’re not seeing many new technologies added this year.
Category: Uncategorized Tags:
by Greg Young | July 6, 2010 | Comments Off
Computer security, like video games or golf, makes for a fascinating time, and dulls in the retelling. We’ve been punished from the start with War Games (yes it was a classic but it was silly) and then onto Firewall.
It was a real surprise how much I enjoyed Fatal System Error by Joseph Menn. Not just enjoyed, but informed.
I enjoyed speaking with Joseph at the Gartner Security Summit, and being able to say hi again to the primary subject of his book Barrett Lyon. Kudos to SecureWorks for having them both at their hospitality suite.
My recommended Computer Security Read for 2010.
Category: Uncategorized Tags:
by Greg Young | July 5, 2010 | Comments Off
At the recent Gartner IT Security Summit I had a conversation about geography and litigation. In North America, lawsuits around IT security companies and products are pretty frequent, let alone if those companies are public ones. Like it or not, it has become part of the background noise in threat defense that we have unfortunately become inured to … at least in North America.
In many other geographies lawsuits are uncommon and of a great concern. I often see competing vendors will often raise what are often trivial or nuisance suits as reason not to consider that solution. So sure vendor viability and serious suits are worth considering in a product selection, but like many things in life geography and context matter.
Category: Uncategorized Tags: