Web Security and Control: Gartner Magic Quadrant Analysis 2008

Sept. 2008

Gartner recently published their 2008 Magic Quadrant report on Secure Web Gateways. Sophos does not appear at our request. Last year we were appropriately ranks as a challenger which is excellent for a new entrant to the market. This year they have changed their criteria to focus on the needs of large enterprise customers (greater than 1000 seats) which does not align well with our market entry strategy sweet spot of 500-1000 seats. Next year, as our own focus shifts up-market to enterprise-level capabilities and customers with the release of Eradicator, we will re-engage Gartner and drive towards the leaders position in the Magic Quadrant. Gartner has agreed that this is a reasonable approach. The rest of this document is focused on providing some competitive analysis from the report and useful commentary you can use in the sales process. Market Overview: Gartner states that a Secure Web Gateway must have three key components at a minimum which is consistent with our own view: Gartner: 1. URL Filtering 2. Malicious-code detection and filtering 3. Application control Gartner states the following: No product completely satisfies all functional categories in a single product, and buyers will definitely need to make some sacrifices. Its important to emphasize that Sophos is one of the few security companies in this space. Unlike many other companies that have a legacy in URL filtering, anti-spam or other technologies, Sophos emphasis is on providing the best security and protection from modern web threats and we provide no compromises in this category. Vendors Compared to last year, only two vendors changed quadrants: MessageLabs: moved from niche player to challenger Scansafe: moved from visionary to challenger Both of these companies are managed service offerings and dont compete directly with a hardware based appliance product. Sophos: 1. URL/Reputation Filtering 2. Malicious-code detection and filtering 3. Application/Protocol control

A summary of vendor cautions noted by Gartner appears on the following page...

Web Security and Control: Gartner Magic Quadrant Analysis 2008

Summary of Vendor Cautions Noted by Gartner: 8E6 The R3000 runs out-of-band (non proxy mode) which prohibits its ability to provide inbound malware protection. URL blocking is achieved by sending a TCP reset to break the connection which is NOT a best practice. The R3000 does not provide adequate malware protection. It cannot scan for malware nor provide any protection outside of blocking known malicious URLs The solution requires three appliances to get full enterprise functionality (filter, historical reporter, and real-time reporter). 8E6 cannot inspect SSL traffic Barracuda Barracuda relies heavily on open-source databases for uRL and anti-virus filtering (Clam AntiVirus) leaving it with a weak reputation. User reports indicate there have been stability and latency problems Users also report some false positives with the URL filtering as well as the authentication Barracuda lacks enterprise class administration and reporting Blue Coat Systems Blue Coat has some zero-day, malware filtering capabilities Their focus on network acceleration techniques comes at the expense of a more robust security focus Blue Coats reliance on an external anti-malware appliance is a liability in the SMB market due to unnecessary cost and complexity The management interface is a mix of applications each with a different look and feel. Although the management interface is very powerful, it is not user friendly IronPort Systems Product immaturity is evident in advanced features Reporting is a weak spot for IronPort. For any reporting over 30 days old, users must export log data to a third party tool. The S-Series if one of the more expensive appliances on the market Secure Computing Secure Computings code analysis, zero-day malware detection technique is subject to a patent infringement legal action from Finjan. Secure Computing has some zero-day security technology Some SecureWeb (formerly Webwasher) customers have commented that manageability features are still maturing and that product documentation is lacking. Some commands can only be executed via a command line interface. Advanced reporting requires an additional reporting product with a different look and feel from the management interface and does not integrate with the dashboard. Trend Micro Trends biggest challenge is offering a suite that provides sufficient defenses of depth malware detection is signature based with limited zero-day threat protection. The company has a bewildering array of products and features and options are not consistent across the product family The management interface is not very intuitive to use The reporting capability is disappointing URL policy options are limited. Websense Websense failed to make the leaders quadrant because its Web Security Gateway with real-time malware detection capability is new and relatively untested. Websense has a large array of products with diverse features and numerous optional modules. Buyers must be careful to understand which marketed benefits apply to products under consideration and ensure that quoted prices include expected features. Websenses Web Security Gateway proxy solution is new in the market but it has not seen wide deployment Websenses malware detection techniques are new and relatively unproven being based on lab technology. Websense customers have reported that first-level support is lacking. Websense is generally more expensive than its counterparts for similar functionality and they are the only vendor to charge extra for URLs that are considered security risks

Copyright 2008. Sophos Plc. All rights reserved. All trademarks are the property of their respective owners.