ANALYST REPORT: Host Intrusion Prevention

Enterprises that once thought they were secure because they had firewalls now understand that the proliferation of communication methods such as HTTP, SSL, SMTP, IM, and active code built on Java and ActiveX have forced the security perimeter back to Internet-facing application servers and desktops.

A new market segment of security software, called Host Intrusion Prevention (HIP), has risen to protect network assets against damage from unknown attacks. Rather than relying solely on scanning data for signatures of known attacks, HIP software works with the operating system kernel to block abnormal application behaviour in the expectation that the abnormal behaviour represents an unknown attack.

In our evaluation of the Host Intrusion Prevention market, the Yankee Group interviewed product vendors end enterprise security managers to identify the characteristics of winning HIP products. We specifically paid attention to the software's ability to prevent damage from known and unknown attacks, its manageability, and scalability. We also looked at the vendor's strategic partnerships within the security community, depth of product line, working relationships with application and platform vendors, and noteworthy customer successes.

We estimated the emerging market for Host Intrusion Prevention products and services was $US60 million in 2002, and predict it will grow at a compound annual growth rate of 52.7 per cent to $US520 million by 2007.

Directions and Predictions

—The Host Intrusion Prevention market will grow sharply at approximately 150 per cent in 2003. In 2003 intrusion prevention sales will be funded from Intrusion detection system budgets for tactical implementations. Enterprises will add Intrusion Prevention programs into their security budgets starting in 2004.

—The introduction of intrusion prevention shifts enterprise security architectures over the next 3 to 5 years. The placement of anti-virus, anti-spam, and other real-time content inspection technologies will shift from Hosts to network filters to catch known attacks before they reach the Host.

—The guerrilla security vendors will follow NetScreen's lead in acquiring intrusion prevention vendors in 2003. Privately held companies such as Entercept and OKENA will be targeted by the likes of Check Point, Cisco, Computer Associates, ISS, and Symantec. Symantec and ISS are well positioned to make strong moves in the Intrusion Prevention market.

—Application-level intrusion prevention vendors will introduce their technology as blades in security service switches. Enterprises will reduce administration overhead while improving latency performance by executing Intrusion performance functions in parallel with content filtering operations. The Yankee Group expects Crossbeam, ForeScout, and Teros to be innovators in this trend.

For Yankee Group primary research on Security visit:

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Eric Ogren

Latest Videos

More videos

Blog Posts