Analysis of the global and Russian market for network security products and services
Analytical Report (full version)
Request cost of the full version of the study: firstname.lastname@example.org
Analytical Report (full version)
Analysis of the global and Russian market for network security products and services
J'son & Partners Consulting has updated the study of the global and Russian market for network security products and services with data for 2020, preliminary estimates for 2021 and an upward-adjusted forecast for 2025 inclusive.
According to J'son & Partners Consulting estimates, by the end of 2020, the volume of the global market for the considered types of cyber security products and cloud services reached $30 billion, of which the cloud model accounted for 34% of consumption. According to preliminary estimates, the market has grown to $32 billion in 2021 and the share of cloud services has increased to 41%. Thus, it is the cloud model that acts as a key driver of the growth of the considered fragments of the global cyber security market.
In the period 2022-2025, the global market for cyber security products and services will grow with a CAGR of 11% and reach $48 billion. The basic technological innovation that will ensure the accelerated growth of the cloud model for providing cyber security functions will be edge computing and software-defined networks at all levels – from access networks (5G, in particular) to backbone networks.
The volume of the studied fragments of the market for cyber security products and services in Russia in 2020 reached 23 billion rubles, which is about 1% of the global market. According to preliminary estimates, in 2021 the volume of this market increased to 24 billion rubles. The market growth in the period 2017-2021 was at the level of a 14% CAGR in ruble terms. According to the basic forecast provided by J'son & Partners Consulting, in the period 2021-2025, the Russian market will grow with a CAGR of 7% and will reach 32 billion rubles in 2025. Thus, the growth rate of the Russian market in ruble terms will be almost one and a half times lower than the growth rate of the global market in currency terms.
Terminology and boundaries of the research
The study includes the following network and information security functions:
- Firewalls, including advanced features - next generation firewall (NGFW) and unified threat management (UTM), including application control and detection and intrusion detection/prevention systems (IDS/IPS);
- URL filtering and other functions of Security Web Gateway (SWG);
- Anti-spam filtering and other email message protection functions (Security Email Gateway, SEG);
- Web Application Firewall, WAF, including Anti DDoS;
- VPN gateways (crypto gateways);
- Data Loss Prevention, DLP;
- Security Operation Center, SOC.
The study examines two models for providing cyber security functions listed above: an on-premise hardware and software package or a virtual machine/container ("traditional" model), as well as a public or hybrid cloud service (cloud model).
Along with the volume of the market in monetary terms, the following parameters were used as targets for evaluating and forecasting the SECaaS market:
- subscriber base size,
- penetration level and
Global market for network security products and cloud services
According to J'son & Partners Consulting data of preliminary results of 2021, the volume of the global market for the considered types of cyber security products and cloud services reached $32 billion, the cloud model accounted for 41% of the total consumption volume - see Fig. 1.
According to the forecast provided by J'son & Partners Consulting (Fig. 2), in the period 2022-2025, the global market for cyber security products and services will grow with a 11% CAGR and reach $48 billion. The main driver of the market growth will be the cloud model of providing cyber security functions – SECaaS consumption will grow with a CAGR of 22%, that is, twice as fast as the market as a whole. It should be noted that in the structure of consumption of security products provided according to the traditional model, the main contribution is made by subscriptions to advanced cyber security functionality, and not by hardware sales, which brings the traditional model closer to the cloud in terms of monetization principles.
In the product context, the fastest growing segments in the period 2022-2025 will be NGFW/UTMaaS and SWGaaS, that is, the segments of corporate perimeter protection, the advanced development of which will be associated with the rapid growth of the hybrid application deployment model.
The main drivers of the rapid growth of the need to expand the functionality, performance and penetration of cyber security tools implemented both in the form of hardware and software devices and in the form of virtual functions and cloud services are:
- Growth of the volume of data processed and stored on all types of computer devices, combined with the rapid growth in the variety of applications generating, storing and processing this data;
- Integration of technological (OT) and business applications (IT), and, in a broader sense, the trend towards the formation of cyber-physical product and service systems, that is, the merging of the cyber and physical world, which radically increases the criticality of the parameters of availability and integrity of data and applications processing them;
- The predominantly distributed nature of new types of applications (cyber-physical systems): the client and server parts of applications are geographically distributed and go beyond the boundaries of the local demilitarized zone (DMZ);
- Growing diversity of cyber threats and their total nature, determined primarily by the rapid growth of the cloud-based crime model, the so-called CyberCrime as a Service.
The following are the drivers of the growth in the consumption of cyber security functions in the cloud format outstripping the overall growth of the market:
- Rapid growth in the number of cloud application users and the migration of the backend of business-critical applications to public and hybrid clouds;
- Rapid growth of the share of encrypted traffic in the WAN, which complicates its inspection;
- Adaptability of cyber attacks and a large number of events generated by various cyber security functions, and, as a result, the need to implement deep real-time analytics on these events and develop an adequate response to attacks, which is possible only with the use of public clouds.;
- Low penetration rate of modern cyber security tools as a limitation of the traditional model of providing cyber security functions.
The factors constraining the development of SECaaS are:
- Concentration of the lion's share of corporate data "on the edge" – on corporate user devices and in corporate data centers;
- Presence of a significant fleet of installed hardware and software complexes, the penetration of which is especially high (close to 100%) in large enterprises and organizations;
- High unit costs of security functions provided by the SECaaS model, which hinders their penetration into the segment of small and microenterprises, where this model is most in demand and has practically no competition from already installed hardware and software complexes;
- A smaller range of functions available under the cloud model relative to the on-premise model.
It is obvious that the factors constraining the development of the global SECaaS market are significantly weaker than the growth drivers, and mainly represent the "childhood diseases" of the SECaaS market that is just beginning to emerge.
Analyzing the global market of cyber security products and services, it should also be noted that the development of the cyber threat protection market is interconnected with the development of the cyber risk insurance market - the emergence of advanced analytical cloud platforms SECaaS allows insurers to correctly assess the risks of insurance objects - information and cyber–physical systems. The formation of the cyber risk insurance market, coupled with the development of a full-fledged cloud model for providing network and information security functions, leads, on the one hand, to a significant reduction in barriers to access for small and microenterprises to advanced security tools that provide protection against modern cyber threats, and on the other – to the emergence of an understandable mechanism for assessing the economic feasibility of using security functions, expressed through reducing the risks of cyber attacks, and, accordingly, reducing the cost of insuring these risks, which, due to the increase in cyber threats, is becoming as popular a type of insurance as, for example, insurance against fire or theft risks.
The development of a cloud model for providing cyber security functions leads to the fact that three main types of suppliers are being formed on the global market:
- New specialized players, initially focused on the SECaaS and SD-WANaaS model, are vendors such as Akamai, Cloudflare, ZScaler, Mimecast, Proofpoint, Qualys, VeloCloud, Aryaka and others;
- Traditional vendors of network and information security products developing the cloud model both through partners (IaaS/PaaS providers, telecom operators, system integrators) and directly are vendors such as Cisco Systems, Palo Alto Networks, Fortinet, F5, Check Point Software, Trend Micro, Symantec, FireEye, Barracuda and many others;
- Vendors of business applications, such as Oracle, SAP and Microsoft, migrating towards SaaS and developing SECaaS as a way to provide secure managed access to business-critical applications deployed in public and hybrid cloud environments.
All three types of players, starting from various narrow specializations, follow the path of aggressive expansion of the functionality offered by the SECaaS model, the end point of which is to provide a full cycle of security - detection, analysis and response to information security events (MDR), performed in fully automatic or close to automatic mode.
It is characteristic that the most successful providers on the market are vendors, originally created as SECaaS providers, who do not have a load incompatible with the traditional cloud business model and a product portfolio designed specifically for the traditional business model. Nevertheless, the "traditional" manufacturers of hardware and software complexes have joined the race for them, mainly by absorbing successful cloud players.
According to preliminary estimates by J'son & Partners Consulting (Fig. 3), the market volume of cybersecurity products and services in Russia in 2021 exceeded 24 billion rubles, which is about 1% of the global market. The market growth in the period 2017-2021 amounted to 14% CAGR. According to the basic forecast of J'son & Partners Consulting, in the period 2022-2025, the Russian market will grow with a CAGR of 7% in ruble terms and will reach 32 billion rubles in 2025 - see Fig. 4.
The reasons for the lag in the dynamics of the Russian market from the global one are a combination of the extremely small size of the dynamically growing SECaaS segment and the dynamics in the hardware and software segment close to stagnation. As a share of the total consumption of the considered types of cyber security tools, the cloud model (SECaaS) accounted for only 11% in 2021. The Russian SECaaS market is significantly lagging behind the global market in its development, not even fully exploiting the already existing growth potential associated with the protection of public cloud environments. So, if the global market share of SECaaS in the segment of public cloud protection is almost 80%, then in Russia it is almost twice as low. This lag in the development of SECaaS is only partly explained by the lag in the development of IaaS/PaaS and SaaS in Russia, which are the drivers of the growth in demand for SECaaS.
In the product context, a unique situation for the world market is the hypertrophied large segment of specialized hardware cryptoslocks that implements encryption according to Russian GOST, which takes place only in Russia. Excluding the segment of cryptographic gateways with encryption according to GOST, Russia's share in global consumption of network security products is less than 0.7%, which is two times less than Russia's share in the global gross product (1.5%). The continued growth in the consumption of crypto gateways caused by regulatory innovations exacerbates the imbalance in the market structure and slows down growth in other segments.
In general, the Russian market on the horizon until 2025 inclusive will not be able to realize the existing potential for explosive growth in SECaaS consumption, both due to objective macroeconomic difficulties and due to subjective ones, represented by regulatory features and negative perception of the cloud model of providing security functions by large enterprises and organizations in Russia.
A negative impact on the quantitative and qualitative development of the cyber security market will also have at least a five-year delay in the deployment of 5G networks and edge computing infrastructure (MEC) in Russia and services based on these networks focused on industrial applications.
It should also be noted that the extremely low level of availability of modern cyber security tools in Russia hinders the development of the cyber risk insurance market in our country, which, in turn, negatively affects the qualitative and quantitative growth of the Russian cyber security market.
Changing the roles of the network security value chain participants
In recent years, business applications have been actively transferred from the corporate perimeter to hybrid and fully public cloud environments, therefore, the market for their protection is also actively migrating towards the SECaaS model, far outpacing the pace of cloud transformation of the corporate perimeter cyber protection segment (private clouds). The share of the corporate perimeter security segment, albeit at a slower pace, but also moving in the direction of SECaaS, remains the protection of data on stationary and mobile user devices. Together, these two segments form a hybrid security cloud.
It is obvious that ensuring the cyber security of hybrid clouds, which by definition represent a distributed system, is impossible without ensuring the interaction of hybrid cloud security tools with channel protection systems connecting private and public components of the hybrid cloud.
A key role in solving this problem is played by the end-to-end isolation of the traffic of one application from the traffic of other applications in all public networks (domains) through which the traffic of interacting elements of the hybrid cloud is transmitted. Thus, the growing demand for hybrid cloud environments leads to the formation of a completely new concept of an end-to-end network layer (network slice), in which the level of network and information security is a configurable QoS parameter, and the layer covers all elements of a distributed cyber-physical system, which should be understood as software applications executed in data centers and on client devices, and physical components of a distributed application - sensors, actuators and information display media (Fig. 5). The presence of "edge" data centers, the so-called Multi-Tenancy Edge Computing (MEC), as part of the elements forming the end-to-end layer (Fig. 6), makes it possible to place delay-sensitive security features, such as, for example, firewall, in close proximity to protected application instances, which allows optimizing traffic in the network layer.
A powerful incentive to the development of end-to-end network layers, in which, along with the usual network metrics of bandwidth and latency, metrics of a higher level – availability and security - are manageable, was given by the release of the release 16 of the 5G 3GPP standard in July 2020. The analysis of 5G pilot projects implemented in industries that impose the most stringent requirements for the security of cyber-physical systems, such as electric power, transport, industrial production of a continuous cycle shows that the implementation of this concept in the form of commercial network layers with customized security parameters can take place in the next 2-3 years.
The introduction of the concept of end-to-end network layer and security metrics into the list of managed layer metrics requires the formation of a new value chain in the market of cyber security products and services. This concerns both a radical change in the appearance of their products by vendors of network security products with a focus on deployment in hybrid cloud environments and interaction with cross-domain orchestration systems, and a change in the strategy of telecom operators to develop their basic data transmission services. The most obvious opportunity for communication network operators to further develop is to focus on physical infrastructure and basic virtual network functions, and provide virtualized network infrastructure to SECaaS and other types of SaaS and BPaaS providers by analogy with IaaS/PaaS providers providing virtualized computing infrastructure.
The need for such radical changes creates a favorable environment for new players to enter the cyber security market, which is a positive factor for its development. This is especially important for the Russian market, which for many years has been characterized by high entry barriers and artificially limited competition, which leads to a noticeable lag in its development from the global one.
For more information, please contact:
Key account manager
+7 926 561 09 80
J'son & Partners Consulting
CEO J’son & Partners Consulting
101990, Moscow, Armenian Lane, 11/2a b. 1B
Tel.: +7 (495) 625-72-45, www.json.tv
Detailed results of the study presented in the full version of the Report:
"Analysis of the global and Russian market for network security products and services"
Contents (150 pages)
1. RESEARCH BOUNDARIES, BASIC DEFINITIONS AND ABBREVIATIONS
2. OVERVIEW OF THE GLOBAL MARKET OF CYBER SECURITY TOOLS AND SERVICES
2.1. MARKET VOLUME AND STRUCTURE, DEVELOPMENT DYNAMICS, FORECAST UNTIL 2025
2.2. THE MAIN DRIVERS OF THE CYBER SECURITY TOOLS AND SERVICES MARKET
2.3. KEY TRENDS IN TECHNOLOGICAL, PRODUCT AND BUSINESS TRANSFORMATION OF GLOBAL CYBER SECURITY MARKET PLAYERS
2.3.1. Full-featured network security tools to protect data and applications in private clouds (corporate perimeter): comprehensive NGFW/UTM subscription packages, including IDS/IPS, URL filtering (SWG), stream anti-spam filters, CASB and basic FW functions (VPN, authentication and encryption, port and protocol filtering)
2.3.2. Protection of data and applications in public clouds (outside the corporate perimeter): WAF, Anti-DDoS, SEG, DPL
2.3.3. End-to-end Analytics - SOC and SOCaaS
3. RUSSIAN MARKET OF CYBER SECURITY TOOLS AND SERVICES
3.1. THE VOLUME AND DYNAMICS OF THE MARKET, THE FACT FOR 2015-2020.
3.2. MARKET STRUCTURE, FACT FOR 2015-2020.
3.2.1. Horizontal (by the size of consumer companies) market structure, price availability and the need for advanced cybersecurity functions in the context of horizontal market segments
3.2.2. Vertical (industry) structure of the market
3.2.3. Territorial structure of the market
3.2.4. Market structure by major groups of players
3.3. DIFFERENCES BETWEEN THE RUSSIAN MARKET AND THE GLOBAL ONE, SPECIFIC DRIVERS AND CONSTRAINTS, ASSESSMENT OF THE POTENTIAL OF THE RUSSIAN MARKET
3.4. FEATURES OF REGULATION IN THE FIELD OF CYBER SECURITY IN RUSSIA AND THE TECHNICAL POLICY OF THE LARGEST CONSUMERS OF CYBER SECURITY TOOLS AND SERVICES
3.5. MARKET VOLUME AND DYNAMICS, FORECAST FOR 2021-2025.
3.6. MARKET STRUCTURE, FORECAST FOR 2020-2025.
3.6.1. Horizontal (by the size of consumer companies) market structure
3.6.2. Vertical (industry) structure of the market
3.6.3. Territorial structure of the market
3.6.4. Market structure by major groups of players
4. THE MAIN VENDORS OF CYBER SECURITY PRODUCTS AND SERVICE PROVIDERS ON THE GLOBAL AND RUSSIAN MARKET
4.1. GLOBAL AND RUSSIAN VENDORS OF CYBER SECURITY PRODUCTS AND SERVICES
4.1.1. Check Point Software
4.1.2. Cisco Systems
4.1.3. Palo Alto Networks
4.1.5. F5 Networks
4.1.7. Security Code
4.1.8. Vehicle Factor
4.1.10. Positive Technologies
4.1.14. Qrator Labs
4.2. RUSSIAN MSSP
4.2.1. Ростелеком Solar
4.2.2. МТС и MTS Cloud
4.2.4. Beeline business
5. GENERAL CONCLUSIONS AND RECOMMENDATIONS
Market reviewIndustrial, Network Safety Open
Market reviewIndustrial, Network Safety Open
Market reviewIndustrial, Network Safety Open