• United States



by Eric Ogren

Host Intrusion Prevention is the Last Line of Defense for Networks

Apr 21, 20033 mins
Data and Information SecurityNetwork SecuritySecurity

Enterprises that once thought they were secure because they had firewalls now understand that the proliferation of communication methods such as HTTP, SSL, SMTP, IM, and active code built on Java and ActiveX have forced the security perimeter back to Internet-facing application servers and desktops.

A new market segment of security software, called Host Intrusion Prevention (HIP), has risen to protect network assets against damage from unknown attacks. Rather than relying solely on scanning data for signatures of known attacks, HIP software works with the operating system kernel to block abnormal application behavior in the expectation that the abnormal behavior represents an unknown attack.

In our evaluation of the Host Intrusion Prevention market, the Yankee Group interviewed product vendors end enterprise security managers to identify the characteristics of winning HIP products. We specifically paid attention to the software’s ability to prevent damage from known and unknown attacks, its manageability, and scalability. We also looked at the vendor’s strategic partnerships within the security community, depth of product line, working relationships with application and platform vendors, and noteworthy customer successes.

We estimated the emerging market for Host Intrusion Prevention products and services was $60 million in 2002, and predict it will grow at a compound annual growth rate of 52.7 percent to $520 million by 2007.

Directions and Predictions

  • The Host Intrusion Prevention market will grow sharply at approximately 150 percent in 2003. In 2003 intrusion prevention sales will be funded from Intrusion detection system budgets for tactical implementations. Enterprises will add Intrusion Prevention programs into their security budgets starting in 2004.
  • The introduction of intrusion prevention shifts enterprise security architectures over the next 3 to 5 years. The placement of anti-virus, anti-spam, and other real-time content inspection technologies will shift from Hosts to network filters to catch known attacks before they reach the Host.
  • The gorilla security vendors will follow NetScreen’s lead in acquiring intrusion prevention vendors in 2003. Privately held companies such as Entercept and OKENA will be targeted by the likes of Check Point, Cisco, Computer Associates, ISS, and Symantec. Symantec and ISS are well positioned to make strong moves in the Intrusion Prevention market.
  • Application-level intrusion prevention vendors will introduce their technology as blades in security service switches. Enterprises will reduce administration overhead while improving latency performance by executing Intrusion performance functions in parallel with content filtering operations. The Yankee Group expects Crossbeam, ForeScout, and Teros to be innovators in this trend.

For Yankee Group primary research on Security visit: