A Look at Gartner’s 2018 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS)

gartner IDPS intrusion prevention systems magic quadrantNetwork traffic dictates success. No business in the digital era can survive without it—it’s the lifeblood of modern commerce and communication. However, network traffic is also a double-edged sword. Malicious traffic can disrupt or shut down your enterprise’s web activities, interrupt your sales, damage your reputation, and even shutter your business for good through a particularly devastating attack. Your firewall and secure web gateways may be the first line of defense, but what if malicious network traffic manages to pass through them? What then?

This is where Intrusion Detection and Prevention Systems (IDPS) enters into the picture. Often deployed as an additional security measure behind firewalls and load balancers, IDPS can also be utilized as part of internal monitoring and compliance efforts or to add clarity and control in separately managed systems.

To help enterprises learn more about potential IDPS vendors and select one that would best fit their business needs Gartner has just released the latest edition of their famed Magic Quadrant for IDPS.

In this latest edition of the Intrusion Detection and Prevention Systems Magic Quadrant, Gartner has once again evaluated and organized this competitive and innovative market into four categories: leaders, niche players, challengers, and visionaries.

After having read the full document, the editors at Solutions Review have compiled some of the key takeaways:

How Does Gartner Define Intrusion Detection and Prevention Systems (IDPS)?

These solutions don’t receive a lot of attention in comparison to endpoint protection platforms, so it is important to examine Gartner’s definition of Intrusion Detection and Prevention Systems to help determine their use-cases and applicability to enterprises in given industries.

Gartner defines IDPS as “stand-alone physical and/or virtual appliances that inspect network traffic, either on-premises or in virtualized/public cloud environments.” Detection functions are employed based on signatures, behavioral monitoring, threat intelligence, or protocol anomaly detection to report on and eliminate malicious network traffic. One of the key benefits is the ability to recognize and block attacks based on high confidence, and the most sophisticated solutions prevent both attacks and false positives (which can plague some IDPS solutions).

The vendors included in the 2018 Magic Quadrant for Intrusion Detection and Prevention Systems are Cisco, Trend Micro, McAfee, FireEye, Alert Logic, NSFOCUS, Venustech, Hillstone Networks, and Vectra Networks.

A Shrinking Market, A Persistent Market

The technology is highly associated with next-generation firewalls (NGFW) and Unified Threat Management (UTM), and can be a component of other solutions as a perimeter tool. Gartner notes that many IDPS capabilities are being absorbed into NGFW solutions as smaller enterprises find their network perimeter adequately protected by NGFWs; therefore the market of dedicated IDPS providers and solutions is shrinking.

However, Gartner contends that IDPS as a stand-alone solution will persist for organizational reasons or as part of niche security designs. Additionally, running IDPS and NGFW separately improves the performance of both operations. Gartner predicts that by 2020, 70% of new individual IDPS solutions will move beyond their current placement behind firewalls to cloud-based or internal use-case deployments.

Big Names Take the Leadership Positions

Gartner’s inclusion criteria for the IDPS Magic Quadrant include offering IDPS as a separate network appliance, achieving over $10 million in stand-alone IDPS product sales in the year, and demonstrating the ability to identify and respond to malicious sessions with multiple methods. Gartner takes these criteria seriously: Huawei and AhnLab were both dropped due to failing to meet the revenue requirement, and IBM was dropped for exiting the market.

Gartner places vendors in the Leaders quadrant for their products’ ability to execute on these needs and the completeness of their vision in the market. Only three vendors were named to the Leaders quadrant for IDPS in 2018: McAfee, Trend Micro, and Cisco.

McAfee’s IDPS solution received praise for its integration with its other products, its support for public cloud deployment, and its ease of deployment even though it lacks a firewall line. Trend Micro is considered one of the easiest IDPS solutions to deploy and manage and allows for machine-readable threat intelligence but lacks some integration capabilities. Cisco was favored by larger enterprises and international clients; they offer a comprehensive research organization for continuous innovations in signature-recognition capabilities. However, their support options can be overly-complicated and their innovation may have slowed as product integration takes greater priority for the vendor.  

Vectra is Named as the Only Visionary

Gartner’s Challengers have the execution and vision but are revealed to be lacking when compared to other providers. This year there were just as many Challengers as Leaders in IDPS, but Gartner only recognized one Visionary—Vectra Networks. Gartner defines Visionary as investing into cutting-edge features that will be major components of next-generation solutions, even if their execution has not yet been perfected. 

This is the first year Vectra has appeared on the IDPS Magic Quadrant, and they were praised for their minimal management requirements and deployment capabilities. They were noted for using machine learning as a new method to detect malicious network traffic, even though they lack preventative capabilities.

Does IDPS Matter?

It’s a fair question. Outside of the Gartner Magic Quadrant for Intrusion Detection and Prevention Systems, it is rarely spoken of by cybersecurity experts or solution providers. Does this mean that Gartner’s prediction of its persistence are in fact off base? That it will die out much sooner than expected? Or does it mean that the market is becoming so niche that it can’t compare to its more prominent counterpart?

The 2019 Gartner Magic Quadrant might tell all.

You can register to read the full report here.

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *