This IDC Market Glance discusses cybersecurity AIRO technologies for 1Q19.
When IDC developed the Cybersecurity Analytics, Incident, Response, and Orchestration (AIRO) service, the term "AIRO" became operational. The AIRO technologies trace what is required in the security operations center (SOC) to protect a company's network through to threat detection and formal remediation — this is the commonality that ties eight discrete technologies together.
A simple, powerful transition in AIRO is taking place. The reality of the customer is more important than product siloes. Sure, all companies can benefit from vulnerability assessment scanning (or any given technology). But do these cybertechnologies work in multiple environments (public/private cloud and on-premise)? Are the technologies priced appropriately for midmarket? Do new tools integrate with existing tools in my SOC?
Generally starting in 2015, major cybersecurity companies began the long-haul away point product solutions to accepting more of the burden of the incident detection and response stack.
Consequently, companies either developed technologies in-house or acquired technologies. A good example happened in SIEM where Rapid7 acquired Komand, and Splunk acquired Phantom to bolster orchestration capabilities.
In fact, the larger cybersecurity industry metric moved from what an individual product could do to how the product or technology affects mean time to detect and mean time to respond. This has led to largely open architectures and a variety of products from one-hour security applications to the availability of SaaS subscriptions and all the way to massive enterprise-level software license packages.
Currently, there are a few ideas in flux. Security tools need visibility, and visibility is often lost in public clouds. The September 2018 announcement of the general availability of Microsoft Azure Virtual Network TAP (vTAP) begins the conversation of how security tools gain visibility in public clouds.
The transition of manual processes to a fully automated SOC is not an easy transition. However, there is hope in transitory steps. Many of the key SOC processes (assembly of playbooks, gathering of contextual awareness, and risk analysis) are at least semiautomated.
Last, analytic platforms are being deployed to provide insight to user behavior. Gaps are possible in cybersecurity if a user looks legitimate, or traffic leaves the network through secure communications. Analytics can be implemented to give the assessment " is this activity anomalous to this user?"
Webroot Inc., Riverbed Technology, Inc., FireMon, LLC, Ivanti Software, Inc., Siemplify.co, Rapid7 LLC, SolarWinds, Inc., OpenText Corporation, Microsoft Corporation, Aruba Networks, Inc., FireEye, Inc., Splunk Inc., Infoblox Inc., DarkTrace Ltd., Guidance Software, Inc., JASK, Alert Logic, Inc., ProtectWise, Inc., Blackberry Ltd., Securonix, Inc., THREATCONNECT, INC., Cisco Systems, Inc., Cybersponse, Inc., EXABEAM, INC., ForeScout Technologies Inc., Swimlane LLC, RESOLVE SYSTEMS, LLC, Symantec Corporation, LOOKINGGLASS CYBER SOLUTIONS, INC., DFlabs S.p.A., Fortinet, Inc., AYEHU SOFTWARE TECHNOLOGIES LTD, Fujitsu Limited, MobileIron, Inc., McAfee LLC, Skybox Security, Inc., LogRhythm, Inc., Dell Inc., Access Layers Ltd., Citrix Systems, Inc., VMware, Inc., Anomali Inc., IBM, Micro Focus International plc, Demisto, Inc., Tripwire, Inc., Phantom Cyber Corp, Vectra Networks Inc., Extreme Networks, Inc., AlienVault LLC, ExtraHop Networks, Inc.