Threat and vulnerability management market revenue to reach $5.3 billion

Data trends show that the global threat and Vulnerability Management (VM) market is expected to grow from US$5.3 billion in 2015 to $8.6 billion in 2020, according to ABI Research.

“Each day, organizations are deluged with warnings about newly discovered security vulnerabilities,” says Monolina Sen, Senior Analyst in Digital Security at ABI Research. “While well-known security flaws, such as Heartbleed, affected industries globally, lesser-known vulnerabilities have just as much impact on critical systems in a particular enterprise.”

Sen further reports that the increasing use of next generation technologies, like cloud computing and big data, are bound to introduce new vulnerabilities. SaaS (software as a service) providers have the highest number of vulnerabilities on average, followed by the financial services industry.

Two key factors that led to the demand for threat and VM solutions:

Impact of design flaws and weaknesses: These affect a software vendor’s reputation, as well as a supplier’s bottom line, as frequent patches represent a major financial burden.

Government and industry regulation mandates: Groups such as HIPAA (the Health Insurance Portability and Accountability)/HITECH (Health Information Technology for Economic and Clinical Health), PCI DSS (PCI Data Security Standard) and Sarbanes-Oxley (SOX) mandate rigorous VM practices.

“VM is key to attaining risk management goals,” continues Sen. “It provides policy and compliance context, and it mines the network for vulnerability information, remediation opportunities, and ultimately, provides a comprehensive view of enterprise risk.”

The ideal VM solution would include capabilities for asset management, vulnerability assessment, configuration management, patch management, remediation, reporting and monitoring. It would also integrate well with third-party technologies. Leading vendors providing VM solutions include Tenable Network Security, Qualys, Core Security, IBM, Rapid7, AlienVault, Tripwire, Skybox Security, HP, Intel Security, EMC, Symantec, Secunia and more.