Vulnerability management (VM) technology addresses the threat landscape, which is in a constant state of flux. The wider dispersal of endpoints across private and public cloud environments increases the points of vulnerabilities in an enterprise network, intensifying the demand for VM solutions that make endpoints easier to track, verify, and secure.
To prevent attacks and damage to a business, VM providers employ various means of identifying, prioritizing, communicating, and suggesting possible responses to the risks companies face in their networked business environments.
The leading VM platforms provide a complete picture of a client’s security posture, correlating the client organization’s assets, classifying their importance with the vulnerabilities identified in the scan, and offering information for remediation.
A multilayered defense
Frost & Sullivan’s latest thought leadership paper analyzes the threat landscape and the role of VM in addressing the security concerns of the entire enterprise. It analyzes end-user willingness to invest in VM platforms that help provide a holistic cybersecurity approach in various areas, including vulnerability prioritization, automated workflows, and third-party integration.
“This aids a multilayered defense, which has proven to be superior to discrete technologies working separately in network defense. VM platforms that allow IT departments to conduct continual vulnerability assessments are emerging as one of the top five solutions for organizations concerned about system vulnerabilities as part of their security maturity improvement initiatives.”
According to the research, two out of every three cyberattacks in the United States and three out of every four in Europe are categorized as severe by the organizations affected by them.
The growing volume and complexities of cyber threats present a compelling case for adopting threat intelligence platforms (TIPs), a Frost & Sullivan analysis finds.
These solutions help organizations navigate the ever-increasing threat landscape and allow for further analysis and threat intelligence operationalization.
The TIP market least affected by the pandemic
The yhreat intelligence platform market is one of the cybersecurity markets that will be least affected by COVID-19. It is estimated to reach $234.9 million by 2022 from $132.7 million in 2019, at a compound annual growth rate (CAGR) of 21%.
“The proliferation of TIP use cases indicates the convergence of the TIP space with adjacent markets,” said Mikita Hanets, Information & Communication Technologies Research Analyst at Frost & Sullivan.
“Vendors increasingly aim to offer some elements of TIP functionality in SOAR and SIEM platforms and vice versa. Going forward, solutions that enable businesses to operationalize threat-related data and set up workflows for cyber incidents will converge in the next three years.”
Hanets added: “North America will dominate the market and contribute the maximum revenue, followed by Europe, the Middle East and Africa (EMEA), Asia-Pacific and Latin America. Technology and telecommunications will be the fastest-growing vertical market for TIP vendors in the next two years, while banking and finance is expected to contribute the most by 2022.”
Growth prospects for market participants
The growing sophistication of attacks and the necessity of using threat intelligence for proactive cyber defense present immense growth prospects for market participants who:
- Increase their presence in geographical areas like EMEA, Asia-Pacific and Latin America, where the penetration rate is currently low.
- Expand the network of third-party SOAR integrations or develop native SOAR capabilities. Enterprises with mature cybersecurity practices need intelligence-powered SOAR.
- Develop SIEM capabilities to offer seamless, intelligence-driven solutions. TIP vendors can build on their data management experience and offer a fully consolidated solution.
- Develop threat detection and threat hunting capabilities to enable investigations of security incidents. Threat intelligence is instrumental in securing enterprises because it enables security teams to prevent cyberattacks in real time and identify a breach that might have occurred in the past.
- Develop or acquire intelligence-driven vulnerability and risk management technology. The ability to assess an organization’s exposure and the risk to its global threat data is a key feature of the next generation of solutions.
Forter released its Fraud Attack Index, delivering in-depth insight into the impact of COVID-19 on online buyer behavior and ecommerce fraud trends.
This edition revealed that:
- New customer accounts now represent 30% of transactions, five times more than they did pre-COVID-19. This is good news for retailers, but merchants using legacy fraud prevention systems could miss out on some of this revenue potential due to high false decline rates. Legacy systems lack data on new customers and cannot accurately distinguish between legitimate consumers and fraudsters.
- The growth in transactions driven by the consumer shift from brick-and-mortar stores to online purchasing is masking the fact that the number of fraud attacks has risen in real terms, leading retailers into a false sense of security.
- Omnichannel fraud is growing: Buy Online, Pick-up In Store (BOPIS) fraud rose 55% as new customer service options are subjected to significant fraud.
- With transactions falling by 97% compared with H1 2019, fraud attack rates in the travel industry more than doubled, with hotel fraud attacks rising 139% and airline fraud attacks increasing 144%.
- Account takeover (ATO) and Policy Abuse such as returns abuse, promotion abuse, and reseller abuse are set to surge during the holiday season.
Michael Reitblat, CEO of Forter, comments: “A rapid rise in new customer accounts, coupled with having to pivot quickly from brick-and-mortar to online sales channels, put unprecedented stress on merchants as they tried to perfect the ecommerce experience.
“It is clear from what we’ve seen that some retailers were more agile and prepared for this than others, quickly introducing new services such as curbside pickup and Buy Online, Pick-up In-Store, in a bid to retain new customers.
“To fully realize this new revenue potential, merchants need more accurate fraud prevention that can distinguish between these valuable new customers and fraudsters. Merchants can have a false decline rate between 5-7x higher for new customers – typical of legacy systems that do not have sufficient data on new account holders.”
Growth in transaction volumes masks increasing fraud attack numbers
There have been dramatic increases in transaction volumes across the majority of vertical sectors, but particularly those traditionally served by brick-and-mortar stores. Volumes rose 172% in home, furnishings and garden, 93% in food delivery & beverage and 119% in groceries.
Ecommerce fraud attacks decreased as a percentage of all transactions but in real terms, the number of fraud attacks has risen. This represents significant losses for retailers at a critical time.
Holiday season fraud surge expected
As retailers prepare for a critical holiday season and aim to recoup some of the year’s earlier losses, the research indicates that ATO attacks, and returns and delivery fraud will surge as fraudsters seek to exploit the increase in online shopping.
At the same time, customers will be more likely to take unfair advantage of promotions and abuse delivery and returns policies. Fraud and abuse trends that retailers need to prepare for include:
- Account takeover fraud to dramatically increase: The analysis indicates that fraudsters will seek to operationalize the data they’ve stolen and collected through data breaches and social engineering scams conducted during COVID-19 disruption. Also, new customer accounts opened by less experienced users are likely to use weaker passwords, fewer security steps, and be more vulnerable to ATO. As a result, retailers need to prepare for increasing ATO attacks during the holiday season.
- Returns and delivery fraud will continue to rise: Retailers increasingly offered omnichannel customer service options such as Buy Online, Return in Store (BORIS) and BOPIS, to satisfy new customers during COVID-19. Fraud attacks exploiting BOPIS policies increased 55% compared to H1 2019, as merchants offering frictionless experiences are less likely to ask for customer identification. It is anticipated that fraudsters will increasingly target and exploit returns and delivery services as online shopping surges over the holiday season.
- Policy abuse set to spike: Merchants courting new customers with aggressive promotions and user-friendly omnichannel options, will expose themselves to greater abuse risk, including returns, promotion and reseller abuse.
Vikrant Gandhi, Senior Industry Director at Frost & Sullivan commented: “Fraud and policy abuse issues have magnified in the recent months in the global ecommerce industry. Our research indicates a rise in sophisticated fraud attempts, including promotions abuse by using synthetic identities and friendly fraud in 2020.
“The challenge for merchants is to deliver frictionless customer experiences without letting fraud prevention come in their way of doing so. Our recommendation to merchants is if they do not prioritize working with identity-based, integrated fraud prevention platforms that leverage behavioral analytics, machine learning and the power of big data that is informed and refined by highly trained analysts, they will never be able to stay ahead of fraudsters and policy abusers.”
Business support systems (BSS) are necessary to provide the fast-changing requirements in 5G and enhance customer experiences, a Frost & Sullivan research reveals.
They also help communication service providers (CSPs) deliver personalized service experiences for consumers and businesses.
BSS market could experience a slowdown
Vendors have introduced advanced BSS features, including the ability to support flexible deployments (core and edge) and options for network slice lifecycle management, which are critical in helping CSPs deliver on multi-partner business models.
However, due to COVID-19, the global BSS market is estimated to experience a slowdown in the short term, whereas the long-term outlook remains positive.
“It is evident that BSS can significantly drive efforts to help organizations address key concerns such as introducing digital services and enabling customers to personalize their service experience,” said Vikrant Gandhi, Senior Industry Director, Information & Communication Technologies at Frost & Sullivan.
“However, businesses from across many other industry verticals are still relatively early in their digitization efforts and are facing issues similar to those of CSPs in the early days of their digital transformation efforts.”
Gandhi added: “Given the evolving situation, it is more critical than ever for wireless networks to function reliably and support the connectivity requirements across the board. BSS vendors are supporting existing 4G (and earlier generations) network services that currently drive the majority of their revenue.
“Going forward, while the wireless industry remains a priority for BSS vendors, they are also able to align BSS solutions to meet the needs of communications, financial services, healthcare, and media and entertainment companies, as well as government entities.”
BSS vendors can partner with CSPs to create immense growth prospects
- Pioneer new price plans and partner-based business models such as B2B, B2C, and B2B2X for 5G success.
- Introduce AI-driven BSS and customer experience solutions that help CSPs deliver differentiated 5G services.
- Leverage cloud-native principles and support flexible deployments (core and edge) to help operators monetize different features of the network and create new opportunities.
- Implement a robust 5G policy that can set performance characteristics, including quality of service (QoS) and latency. With 5G, the policy can control networks and services down to the device level to ensure the best customer experience while managing valuable network resources.
Edge computing is a foundational technology for industrial enterprises as it offers shorter latencies, robust security, responsive data collection, and lower costs, Frost & Sullivan finds.
In this hyper-connected industrial environment, edge computing, with its solution-agnostic attribute, can be used across various applications, such as autonomous assets, remote asset monitoring, data extraction from stranded assets, autonomous robotics, autonomous vehicles, and smart factories.
Multi-access edge computing market growth rate and revenue
Despite being in a nascent stage, the multi-access edge computing (MEC) market – an edge computing commercial offering from operators in wireless networks – is estimated to grow at an astounding compound annual growth rate of 157.4%, garnering a revenue of $7.23 billion by 2024 from $64.1 million in 2019.
“The recent launch of the 5G technology coupled with MEC brings computing power close to customers and also allows the emergence of new applications and experiences for them,” said Renato Pasquini, Information & Communication Technologies Research Director at Frost & Sullivan.
“Going forward, 5G and MEC are an opportunity for telecom operators to launch innovative offerings and also enable an ecosystem to flourish in the business-to-business (B2B) segment of telecom service providers using the platform.”
Pasquini added: “From the perspective of the MEC ecosystem, software—edge application and solutions—promises the highest CAGR followed by services—telecom operators’ services, cloud providers’ infrastructure-as-a-service, and edge data center colocation services.”
Growth prospects for MEC market participants
It is predicted that approximately 90% of industrial enterprises will utilize edge computing by 2022, presenting immense growth prospects for MEC market participants, including:
- Telecom operators should work on solutions and services to meet the requirements for connected and autonomous cars.
- System integrators should provide end-to-end solutions, which would be a significant value addition for enterprises because 5G requires specific skillsets.
- The combination of 5G and the new specialized hardware-based mobile edge compute technologies can meet the market’s streaming media needs now and in the future.
- Telecom operators must partner with cloud providers and companies with abilities related to artificial intelligence, machine learning, and computer vision to design solutions for autonomous cars, drone delivery, and others.
- Companies in the MEC space must capitalize on the opportunity for innovation and new developments that utilize 5G and MEC, such as augmented reality (AR) and virtual reality (VR), which can also be applied to games.
The past few years have seen an increase in employees using personal devices and systems to access work emails and company databases, and exchange valuable information with colleagues, clients, and vendors. These tools can help people complete their jobs but are fraught with security challenges.
The scale of this challenge increased considerably in 2020 due to the expanded use of devices to accommodate work-from-home mandates and consequent sudden surge in cybercrime.
Frost & Sullivan examined how threats and attacks exist around employees’ external systems and devices, and found that multi-factor authentication (MFA) can be easily leveraged by IT departments. It’s clear that companies can better protect themselves using tools more sophisticated than password protection.
A better user experience ensures full user adoption
“Passwords are no longer enough for businesses to secure their data. MFA has become a necessity for the modern business. However, MFA implementation and adoption can be cumbersome for IT departments and users,” explained Roberta Gamble, Partner and Vice President at Frost & Sullivan.
“Businesses need solutions that provide ease of installation and deployment, user-friendly tools and interface, and a clear method for the business to enforce usage.”
The increasing number of sophisticated cyber threats will lead to a rise in demand for Managed Detection and Response (MDR) solutions from small and medium businesses. The market size is poised to grow at a CAGR of 16.4% between 2019 and 2024, with revenues expected to reach $1.9 billion, according to Frost & Sullivan.
“The rise in the number and complexity of threats has made internal management of information security increasingly laborious and expensive. In this context, outsourcing is being viewed as a strategic ally in securely managing IT environments in line with companies’ business strategies,” said Mauricio Chede, Senior Industry Analyst, Frost & Sullivan.
“MDR providers offer organizations the technology, process, and people to enable the proactive monitoring of their customer security environment and 24/7 threat detection to help mitigate security breaches, even more so during COVID-19.”
Chede added: “MDR providers must demonstrate trustworthiness in remediation without interrupting a customer’s business operations. They must adapt themselves to the customer’s needs and budget, understanding the vertical they are in and providing detection and response solutions in the shortest period of time, along with custom reports. Personal interaction through email or telephone with an assigned analyst is also a differentiating factor.”
For further revenue opportunities, MDR vendors should:
- Improve the quality of their solutions and offer new services to compete with new market participants and increase revenues.
- Develop customizable MDR solutions at affordable prices to attract small and midsized businesses.
- Explore the merger and acquisition of competitors to enhance regional presence and maximize revenues.
- Offer consulting and value-added services to help clients take advantage of digital transformation initiatives.
Frost & Sullivan recognizes DigiCert with the 2020 Global Company of the Year Award, based on its recent analysis of the global TLS certificate market.
DigiCert market leadership
DigiCert has exhibited strong market leadership in its growth, supporting the adoption of new standards and continually innovating with the industry’s best, most modern PKI technology.
In addition to the strength in the TLS/SSL market, the company is also focused on new security technologies, such as protecting devices in the IoT and developing implementations of post-quantum cryptography. By developing these technologies and helping define standards to address new security use cases, the company is strengthening its leadership position within internet security.
“Leveraging its superior technology, customizing it to regional markets and building a best-in-class customer support system, DigiCert has captured the business of 89% of the Fortune 500 companies and the world’s most recognized brands,” said Swetha Krishnamoorthi, Industry Analyst at Frost & Sullivan.
“Further, DigiCert has successfully integrated the technology strengths of the former Symantec TLS and PKI business to provide an unequaled product portfolio and scalability for partners and customers. DigiCert’s certificates and management tools support a wide range of enterprise needs and use cases, ranging from standard TLS to compliance-specific use cases such as Google AMP and EU-trusted qualified certificates for natural persons, legal entities or web authentication. The company also supports cloud-based code signing, remote document signing, a host of IoT device authentication and encryption scenarios, large enterprise secure remote access, secure email and much more.”
DigiCert CertCentral TLS Manager enables organizations to issue, discover, renew and revoke certificates in an automated manner. CertCentral features an intuitive UI and is built on APIs for easy certificate management at any scale. DigiCert’s modern and growing DigiCert ONE platform, which also includes DigiCert Enterprise PKI Manager and DigiCert IoT Device Manager, enables management of all types of certificate deployments, such as cloud, on premises, in-country and hybrid environments.
DigiCert has upgraded its infrastructure in a way not seen in its industry to support large installations, regionally-focused deployments and high-volume, rapid certificate enrollments for the world’s largest web platform companies. The company’s agile product development process allows it to roll out changes and product updates more quickly than competitors.
This strategy has helped the company create the industry’s first post-quantum cryptography toolkit, which enables companies to create hybrid certificates for testing in their systems. DigiCert actively engages with industry standards and regulatory bodies to drive the creation and support of new standards and ensure a safe internet and IoT for consumers, including the CA/Browser Forum, IETF, W3C, ASCX9, PCI Council, SAE, CableLabs, CI+, AeroMACS, WinnForum, Industrial Internet Consortium, APWG and NIST NCCoE.
“With its multi-pronged approach to innovation, DigiCert has developed a hyper-converged, agile infrastructure that promises reliability, scalability, resiliency and shorter response time for its customers,” noted Swetha. “Its emphasis on user experience and a customer-first approach to product development will ensure its continued domination of the digital certificate market in the long term.”
Company of the Year award
Each year, Frost & Sullivan presents a Company of the Year award to the organization that demonstrates excellence in growth strategy and implementation in its field. The award recognizes a high degree of innovation with products and technologies and the resulting leadership in terms of customer value and market penetration.
Frost & Sullivan Best Practices Awards recognize companies in a variety of regional and global markets for demonstrating outstanding achievement and superior performance in areas such as leadership, technological innovation, customer service and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analyses and extensive secondary research to identify best practices in the industry.
The proliferation of the IoT, the convergence of IT and OT, and customers’ migration to the cloud at a faster pace are rapidly driving the global NAC market, according to Frost & Sullivan.
The sector is estimated to increase by two-thirds, reaching $2.21 billion by 2024 from $1.35 billion in 2019, at a compound annual growth rate (CAGR) of 10.4%. With 60.2% market share, North America will continue to be the largest market for NAC until 2024; APAC is the fastest-growing region and its share of the global NAC market is estimated to increase from 9.9% in 2019 to 11.9% in 2024.
Cloud security innovation is essential
The COVID-19 pandemic will cause a severe slowdown in 2020. Thereafter, the NAC market is expected to regain annual double-digit growth rates as organizations settle into a “new normal.”
“Security vendors are working closely with their customers in order to support them in this unprecedented transition to work from home (WFH). They are focused on ensuring their clients’ business continuity, and the pandemic has underlined the value of cloud services in delivering and deploying security solutions to remote devices,” said Tony Massimini, Senior Industry Analyst at Frost & Sullivan.
“However, the cloud environment needs security as well. Having a remote workforce highlights the need to leverage NAC. Large cybersecurity vendors with broad product portfolios will want to add this solution as well.”
Vendors should continue to innovate cloud security, work closely with AWS, Azure, Google Cloud, and other tech vendors, and focus on virtual appliances and NAC as Software-as-a-Service (SaaS). Additionally, NAC is adapting to a more mobile environment as enterprises expand beyond the traditional secure walls.
Technologies to boost growth opportunities
The complexity of 802.1X deployment (one of the best methods for authentication), surging diversity of IoT devices, and increasing NAC solution costs for large enterprises are likely to hinder the market. NAC vendors’ move to work beyond the traditional IT perimeter and innovation in other technologies will boost growth opportunities via:
- Incorporating NAC into OT to improve security tools for better coordination and to leverage IoT technology.
- Focusing on virtual appliances and SaaS for customers’ quick migration to public and private clouds.
- Instrumentalizing the concept of zero trust networking (ZTN)—the never trust, always verify principle—so security vendors, including NAC, can promote their capabilities via integration of their product portfolios.
- Capitalizing on use cases of IoT, BYOD, and mobility, which are increasing at a significant rate. Most IoT devices do not have the resources to handle an agent, so agentless technology is required.