Greg YoungAfter many months of effort, the 2009 Network Intrusion Prevention System (IPS) Magic Quadrant (MQ) is published and available here to our customers on Gartner.com. Thanks also go out to my co-author, John Pescatore.
MQs are a big task, with about 300-400 hours of work involved for this one between establishing inclusion/exclusion criteria, data gathering, broad market research, survey development, scoring, interviewing references, speaking to customers, writing, factual review, peer review, editing. You can find some information on Gartner research methodologies here, and Magic Quadrant methodology here.
14 vendors met the inclusion criteria for the IPS MQ this year, with one new addition and one dropped.
It is important when looking at an MQ to recognize that each year we change the criteria, and examine companies and products based on current (and some future) requirements, which is best for a buying decision today.
And a comment on the Niche quadrant in all MQs: ignore it at your peril. For example, there are often vendors in the niche quadrant who serve a specific vertical. And if that is you, it may warrant short-listing that product. The same goes for the Challenger and Vision quadrants: each has a proposition that may be best for you.
If a vendor isn’t on the MQ, our customers can contact us to find out our opinion on that vendor in relation to your requirements before automatically excluding them from your shortlist.
The bigger theme here is that make sure you buy products that meet your criteria. I always advise customers to submit an inquiry to speak with the analyst before buying a product: we can help you refine your requirements, provide feedback on a shortlist, give information that didn’t make it in writing onto the MQ or is new post-publishing, or even give feedback on the contract and pricing.
Image © 2009 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
Category: Uncategorized Tags:
3 responses so far ↓
1 Vic Wheatman April 18, 2009 at 12:20 am
This is one of the most valuable services Gartner provides. The process of developing the MQ has become both more rigorous, and more transparent over time. Congrads to you and JP for the massive effort needed in completing this important document.
2 Jim Lindstrom May 29, 2009 at 9:46 am
Greg,
The report mentions a shift from attack signatures to vulnerability signatures. It goes on to mention Enterasys having this capability, but doesn’t mention anyone else. Did you find that others have this capability? Re: Enterasys, there doesn’t appear to be any public information regarding their capabilities in vulnerability matching. Do you have reason to believe that this capability is real and not just hype? (E.g., they mention “vulnerability pattern matching” in Oct 2007-era PR, but by Oct-2008-era PR, they changed their language to refer to “signature adaptive pattern matching” — which makes me question their capabilities in this regard.)
jbl
3 Greg Young May 29, 2009 at 10:03 am
Great question Jim –
It is important in our opinion regarding whether signatures are are primarily exploit vs vulnerability based. A giveaway for any IPS product is sometimes an unusually high signature count meaning they are holus bolus importing Snort sigs. Some vendors may add the Snort base as an addition to the primary vulnerability-based signature set, so looking at the whole signature lifecycle is what we focus on.
When looking at sigs, we dig deeply and look at signature composition, update frequency, size, expolit vs vuln. makeup, how they research their signatures, and a lot more which leads us to assess the quality. So any comment in the MQ would be based on our data gathering and not on any PR (of which the IPS industry is .. in no short supply of
.
If you look at the assessment criteria in the report, you can see that we rate signature quality quite highly and therefore factors into position on the quadrant notwithstanding if we make a specific comment.
With the length limits on the report, mentioning a change in something in one vendor entry doesn’t imply it may not be present elsewhere. As always, Gartner customers should call us about anything specific.