TECH SUPPLIER Feb 2019 - Market Presentation - Doc # US44774119

IDC Market Glance: Cybersecurity AIRO, 1Q19

By: Christopher KisselResearch Director, Security Products

On-line Presentation


This IDC Market Glance discusses cybersecurity AIRO technologies for 1Q19.

When IDC developed the Cybersecurity Analytics, Incident, Response, and Orchestration (AIRO) service, the term "AIRO" became operational. The AIRO technologies trace what is required in the security operations center (SOC) to protect a company's network through to threat detection and formal remediation — this is the commonality that ties eight discrete technologies together.

A simple, powerful transition in AIRO is taking place. The reality of the customer is more important than product siloes. Sure, all companies can benefit from vulnerability assessment scanning (or any given technology). But do these cybertechnologies work in multiple environments (public/private cloud and on-premise)? Are the technologies priced appropriately for midmarket? Do new tools integrate with existing tools in my SOC?

Generally starting in 2015, major cybersecurity companies began the long-haul away point product solutions to accepting more of the burden of the incident detection and response stack.

Consequently, companies either developed technologies in-house or acquired technologies. A good example happened in SIEM where Rapid7 acquired Komand, and Splunk acquired Phantom to bolster orchestration capabilities.

In fact, the larger cybersecurity industry metric moved from what an individual product could do to how the product or technology affects mean time to detect and mean time to respond. This has led to largely open architectures and a variety of products from one-hour security applications to the availability of SaaS subscriptions and all the way to massive enterprise-level software license packages.

Currently, there are a few ideas in flux. Security tools need visibility, and visibility is often lost in public clouds. The September 2018 announcement of the general availability of Microsoft Azure Virtual Network TAP (vTAP) begins the conversation of how security tools gain visibility in public clouds.

The transition of manual processes to a fully automated SOC is not an easy transition. However, there is hope in transitory steps. Many of the key SOC processes (assembly of playbooks, gathering of contextual awareness, and risk analysis) are at least semiautomated.

Last, analytic platforms are being deployed to provide insight to user behavior. Gaps are possible in cybersecurity if a user looks legitimate, or traffic leaves the network through secure communications. Analytics can be implemented to give the assessment " is this activity anomalous to this user?"


  • 7 slides

Get More

When you purchase this document, the purchase price can be applied to the cost of an annual subscription, giving you access to more research for your investment.

Related Links

Do you have questions about this document
or available subscriptions?

Contact Us