Any blending of networks makes for a larger vulnerability surface to protect, as a breach in any network can quickly infect the rest of the networks. As a result, the Internet of Things (IoT), along with the bring your own device (BYOD) and wear your own device (WYOD) trends, are proving to be significant contributors to network security threats.
According to Frost & Sullivan, this in turn is translating into an escalating need to test new apps in mobile devices, as well as real-time data collection to ensure smooth functioning of the network. The growing focus of governments across the globe on modernization programs such as eGovernment, eEducation, eHealth and mobile banking will also fuel network-security deployments.
The research firm found that the market for network and application security testing earned revenue of $812.9 million in 2014, and estimates this to reach $1,846.6 million in 2021.
Next-generation firewall testing in particular is critical, with emphasis on testing networks for application identification and conference inspection. The high demand for traffic inspection, as well as breach detection systems and malware and firewall testing, has created a vibrant market for network security testing.
However, enterprises are making purchase decisions based on product marketing rather than R&D testing. Several end users are not aware of the criticality of security testing, and many others are ignorant of the various solutions and product features available to secure their networks.
"Although equipment manufacturers have shown continuous interest in testing for network security, interest among enterprises and government organizations has been less," said Frost & Sullivan measurement and instrumentation program manager, Sujan Sami. "This is because they prefer robust equipment to testing solutions."
Testing solution providers can attempt to change this mindset by offering data acquisition (DAQ) solutions based on open architectures, rather than closed systems, Frost & Sullivan recommmended. Open architecture-based products can be upgraded easily and enable the use of third-party vendors.
Additionally, vendors have been adding functionalities on their vulnerability management platforms. For instance, IBM recently integrated its vulnerability management platform with its QRadar security platform. Other companies too have loaded their platforms with secure configurations, password authentication and security information, as well as event management (SIEM) functionalities.
Although these technologies are valuable, they also have the potential to be commoditized. Providers are attempting to differentiate their platforms by integrating analytics into them. Ultimately, the best vulnerability management platforms will be the ones that integrate seamlessly with endpoint protection measures.
"The type of security needed depends on the end-user industry; for example, the finance industry seeks more secured networks, banking, healthcare and hospitality, require faster speeds," noted Sami. "Therefore, test vendors have to customize their solutions to the needs of a particular industry to drive the uptake of sophisticated security test equipment."