Security "Red List" Results are In!!!

 Flickr Image - Copywrite UDIJW (

Flickr Image - Copywrite UDIJW (

The 2013 "Red List" Survey results are in.  I really appreciate everyone's help in making this survey a reality.  It's fascinating to delve into the inner workings of our industry and get insight into what's happening.  You can find the full report here

Executive Summary

The “Red List” was a simple and yet revealing survey on entrepreneurs’ focus on the security industry and where demand is coming from.  In looking at the results, one needs to consider the backdrop of Security Transformation.  I’ve written about it on  Simply put, if security is about applying Confidentiality, Integrity and Availability to Content and Transactions then the controls need to be where Content and Transactions are.  In the past ten years they have migrated from our Enterprises to the Internet (Cloud, SaaS, etc), yet, the controls haven’t.  What we see now is the introduction of new solutions to do just that.  This is the beginning of the implementation of a new security model where the controls haven’t changed just the applicability of them.  This change will be not unlike the IT Transformation we’ve all been living with.  As we look at these early companies taking hold they are doing just that.  Placing controls where we need them.

OpenDNS came out way ahead of all other vendors.  While they have been around for some time, since 2005, their core value of threat and policy management via DNS is a strong value with 43% of people saying they provide “High Value”.  It’s also interesting to note that the root of the company was in consumer security and only recently, in the past couple of years, made the move into the Enterprise.  With this the value is resonating significantly amongst CISO’s.  We should see much more of them in the future as they make their push farther.  Competitively, it looks like they have a solid ownership as I struggle to see anyone competing with them in their space.

Other interesting points:
•    Some anomalies came out as Comodo, Xceedium and Venafi were part of the “startups” even though they have been around longer than the others
•    Heavy focus on Security Transformation solutions as opposed to on premise.  OpenDNS, zScaler, SkyHigh, Okta, CloudPassage, Cylance, Sentinel, Netcitadel and others show the future of security management
•    Mobility focus with Bromium, Lancoon and BlueBox
•    For being so young they have done great with marketing as CrowdStrike and SkyHigh have 52% and 42% awareness respectively
•    The network stack “in the cloud” category is hot now and will eventually consolidate. (zScaler, SkyHigh, NetSkope, SkyFence, Adallom and more)
•    Most practitioners haven’t heard of these companies with about 50%-80% saying “Never Heard”.  This isn’t surprising as they are early but it does bring up the question on how entrepreneurs market in the early stages of a companies lifecycle

There are some that weren’t in the top 20 that I’m very excited about and thought I would bring them up specifically.
•    Cylance, Sentinel and Carbon Black from malware defense
•    Endgame, Shape, PrivateCore has some very interesting capabilities and will be interesting to see how the market responds
•    Exabeam, NetCitadel and Fortscale are bringing proper analytics to log analysis or the SEIM space.
•    CXOWare is making headway on the mature analytical risk management path with Risk I/O ahead with a simpler vulnerability prioritization capability