Is all well in security? No – the opposite.  IT security goes through linked sine waves where we are trailing the threat (where we are now) and where we catch up to the threat.  Virtualization, mobilization, socialization, and a lot of other ‘-ization’ trends and technologies have security in catch-up mode to the stuff we need to secure. There doesn’t seem to be any shortage of bad things so making up new ones is over-FUD.  There are different kinds of botnets, so let’s call them that.  Anything else, and it is likely something no one but the seller sees.

And yes, on the TV show, Mr Snuffleupagus was real, but Big Bird, Sesame Street aren’t.  They were people in suits.. like sellers at trade shows 

The IPS market is driven mostly by the adjacent firewall market.  Firewall vendors have in the past not been able to deliver IPS within the firewall that is both integrated and competitive with stand-alone IPS.  This edition of the IPS MQ highlights that as the IPS market has expanded into a due diligence market, the pace of innovation of firewalls will determine IPS’ future. 

Firewall vendors need next generation firewall features of which quality IPS is a mandatory, and IPS vendors need to decide whether they move into the anchor point of the enterprise firewall market and take on the incumbents. The additional theme is success in acquisition – both in making them and in being acquired.

A great companion document is “Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market“.

Gartner recently conducted a series of surveys on privacy.  For our clients, we have just published a research note with the data and our analysis on the Canadian segment of the survey. 

This has been a continuing topic of inquiry, especially of late as DMZ designs are being refreshed to accommodate virtualization, changes in the data center, and especially as part of a mergers/acquisition.

WAFs are a high value safeguard for custom applications, but are held back because so many groups are potentially involved in the operation and buying of applications.  Data center ops, server ops, appdev, application owners, security, network ops…  Unlike other products like IPS which have usually two buying centers, there is a wide spread to which roles are involved in WAF.  There will be some reduction in the number of buying centers, but as long as custom web applications are housed and delivered in this complex manner, don’t expect organizations to change to accommodate the safeguard.

And a moment of zen is me with James Carville.

GARTNER JOBS VIA TWITTER
RT @cpettey: RT @Gartner_inc We’ve set up a twitter feed for new vacancies at #Gartner: it’s @Gartner_Jobs.  Of course, also available at www.gartner.com

RETIREMENT
My old friend and colleague Mathew Soong has retired from Gartner Consulting: best wishes and I’ll miss you Mathew.  Mathew wasn’t a security guy but I leaned a lot from him. The best memory I have is Mathew explaining the budget impediment of incumbent products, leaving such a small % to spend on new things.  And if you spend that % on new things, that will leave less money next year for new things.

INFRASTRUCTURE PROTECTION HYPE CYCLE
The InfraPro HC is coming along well.  We’re not seeing many new technologies added this year. 

It was a real surprise how much I enjoyed Fatal System Error by Joseph Menn.  Not just enjoyed, but informed. 

I enjoyed speaking with Joseph at the Gartner Security Summit, and being able to say hi again to the primary subject of his book Barrett Lyon.  Kudos to SecureWorks for having them both at their hospitality suite.

My recommended Computer Security Read for 2010.

In many other geographies lawsuits are uncommon and of a great concern.  I often see competing vendors will often raise what are often trivial or nuisance suits as reason not to consider that solution.  So sure vendor viability and serious suits are worth considering in a product selection, but like many things in life geography and context matter.