寄件者: Roger Knott (MKT-US)
傳送日期: Tuesday, August 24, 2010 12:06:59 AM
主旨: Newsbank: IBM Hosted Vulnerability Management Service (VMS) Announcement
July 27, 2010 IBM Hosted Vulnerability Management Service (VMS) Announcement
On July 27, IBM released a new Hosted Vulnerability Management Service to strengthen their security services portfolio. This SaaS (Software as a Service) or hosted service scans and classifies client specific vulnerabilities and aggregates them into a security threat console for a consolidated view. The solution also aids with remediation by providing an assessment of vulnerabilities found.
The VMS is part of the IBM Hosted Services Portfolio. The Hosted platform also includes:
· Vulnerability management
· Security event and log management
· IBM X-Force Threat Analysis
· e-mail and web security
· Managed Compliance and Event Monitoring
Many organizations don't have clear visibility of their security vulnerability exposure across their entire network. Through Hosted VMS, IBM clients can take advantage of a single view into network-wide vulnerabilities which are then also scanned and classified, simplifying threat mitigation.
IDC forecasts continued strong growth in 3rd party outsourcing to MSSPs and SaaS providers for security processes as enterprise networks are becoming more complex and IT and security staff struggle to meet and maintain regulatory compliance mandates with budget constraints and outdated solutions. The Security portion of IT spend has grown from 5-6% to 10-12% and the complexity and threat is not decreasing inversely, in fact the security problem is getting worse as businesses deal with an increase in (expensive to maintain) endpoint and application-level security threats.
The VMS offering falls within the hot Security SaaS market which IDC placed at $1.8 billion in 2009 and is forecasted to grow to $4.3 billion by 2013. IBM has complementary Managed Security Services (MSS) as well and that market is also rapidly growing with IDC placing it at $5.1 billion in 2009 and is forecasted to grow to $8.4 billion by 2013. The distinction between SaaS and MSS is how the client's security hardware and software is managed. MSS Providers manage enterprise premise based equipment vs Saas where there's no enterprise premise equipment and all equipment is maintained at that providers' Secure Operations Centers.
This announcement represents a broadening of MSS and SaaS services offering and complements IBMs existing security services strategy. IBM wants to create a one stop shop for their customer base to achieve and maintain regulatory compliance and to provide a comprehensive risk profile and compliance reporting solution. IBM is well positioned to assess and classify vulnerabilities through their 9 security operations centers around the world and 8 billion events managed per day.
Large enterprises who have the IT spend dollars can take advantage of IBMs comprehensive security solutions, but SMBs and the mid-market who face equally devastating vulnerability and compliance issues don't scale well with their portfolio. MSSP and Saas vendors can achieve strong growth if they can develop packaged security services solutions targeted at SMBs and the mid-market. These segments represent a huge services opportunity as they struggle with meeting and maintaining their security posture, with fewer resources than their large enterprise counterparts.
For related LINKs and other documents by the author(s), view this IDC LINK online.
>> Please contact your IDC sales representative, the author of this document, or IDC Technical Support with any questions about our research.
>> To change your notification preferences, visit the My Preferences page on IDC.com.