Application Security Market Analysis

On this page

Market Overview

Security is on a dynamic trajectory. It has been traditionally focused on guarding the perimeter in a defensive approach. Enterprises would start with simple endpoint protection and network security and layer on tools for “Defense in Depth”. Today’s security is much more proactive and predictive combining internal and external data from a variety of sources and applying user behavior analytics and machine learning to identify suspicious activity.

Security investments followed a similar trajectory. Traditionally the bulk of the spending has been to protect infrastructure. In 2015, Gartner Analyst, Joseph Feiman, estimated for every $1 spent on application security, $23 was spent in other security. Application Security has only been a mainstream concern for recent years - but that’s changing! There are several dynamics making application security a bigger priority including:

Enterprises with advanced DevOps and/or Application Security programs are looking for remediation advice as the developer types the code as a means of not only reducing vulnerabilities, but also educating developers by teaching them security best practices real-time.  Fortify and a few other advanced app sec vendors provide this.

Compliance

Compliance is always the lowest common denominator - think of it as the MVC for security. Enterprises that depend upon software and technology to run their business seldom rely on compliance alone to guide their security efforts.

Competitor Scope

Vendor/Scope SAST DAST Dep Scanning Cont Scanning License Mgmt
GitLab X X X X X
BlackDuck     X X X
CA Veracode X X X    
IBM AppScan X X X    
Fortify X X X    
SonarQube     X    
Sonatype     X X X
WhiteSource     X   X

Role-based Personas

Security specialist

Developer

Security director

Market Segment Overview

Companies with sophisticated app SEC programs (target in Q4-18)

Characteristics

Challenges

Value proposition

Companies with established Security Programs (target Q3-18)

Characteristics

Challenges

Value Proposition

Companies with minimal security focus (opportunistic target)

Characteristics

Challenges

Value Proposition