Cool Vendors in Security: Security Services, 2013

29 April 2013 ID:G00250370
Analyst(s): Ray Wagner, Neil MacDonald, Joseph Feiman, Ruggero Contu, Peter Firstbrook, Jay Heiser


CISOs and other security decision makers should consider new vendors of cloud-based security services. These vendors bring a unique potential to IT environments that are grappling with a host of security issues.


Key Findings

  • Startups and niche vendors are driving much of the innovation in the security service market.
  • These aggressive new vendors offer innovative and enhanced technologies; however, the usual concerns about new market entrants' capabilities and viability may limit enterprises' willingness to commit to their offerings.


  • Consider innovative products and services — including those from Gartner's 2013 Cool Vendors — when evaluating products and offerings to address security services requirements. However, recognize that these offerings are not appropriate for all enterprises or implementations. They are likely to be more suitable for Type A (technologically sophisticated early adopters) Gartner clients than for more risk-averse Type B or Type C clients.
  • Choose infrastructure protection products or services for their real-world workability, vendor capabilities and viability, and for their technological innovation.

Table of Contents


This research does not constitute an exhaustive list of vendors in any given technology area, but rather is designed to highlight interesting, new and innovative vendors, products and services. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

What You Need to Know

Gartner has identified a new crop of security services that leverage innovations in cloud systems. These Cool Vendors spark our curiosity with the unique potential they bring to IT environments grappling with a throng of security issues, such as those found in the Nexus of Forces.

From startups offering cloud security on-premises, to managing mobile device security by targeting data exchanges to services that score cloud risk and monitor online corporate reputations, this year's group has the close attention of Gartner analysts.

These vendors' highly innovative technologies and business models may not be suitable for every enterprise's needs, but they are all worth evaluating. For assessments of Cool Vendors in other important security market segments, see "Cool Vendors in Security: Identity and Access Management, 2013," "Cool Vendors in Security: Infrastructure Protection, 2013" and "Cool Vendors in Security: Security Intelligence, 2013."

Alert Logic

Houston, Texas (

Analysis by Neil MacDonald

Why Cool: The company has built a scale-out, multitenant, cloud-based architecture to deliver security services from the cloud. For some services, an on-premises physical or virtual appliance is used as part of its architecture to aggregate and consolidate monitored data. Services include intrusion detection, log monitoring management services (such as monitoring, archival, search and analysis), security operations center monitoring, vulnerability assessment, and Web application protection services visible from a Web-based console.

Where needed, the on-premises component is monitored and managed as a lights-out, remotely managed service and includes patching, content updates, provisioning and deprovisioning. For Amazon Web Services customers, Alert Logic delivers security services for the monitoring and protection of Amazon workloads, and includes an Amazon Machine Image-based virtual appliance.

Alert Logic's innovative business model derives more than 70% of its revenue from service providers reselling Alert Logic's monitoring and compliance services.

Challenges: When its offerings are bundled, Alert Logic's services do not map neatly into enterprise budget line items. To address this, Alert Logic now offers four independent products — Log Manager, Threat Manager, Web Security Manager and ScanWatch — all of which can optionally be combined with 24/7 monitoring from its security operations center.

Alert Logic competes for mind share with managed security service providers that offer third-party firewall and intrusion protection systems — areas that Alert Logic does not have in its product portfolio. Increasingly, competition is emerging from other cloud-based security service providers, such as Qualys.

Who Should Care: Chief information security officers (CISOs) and enterprise security architects looking for cloud-based security services as an alternative to doing it themselves; midmarket companies seeking to minimize the complexity and cost associated with compliance management (such as PCI); and organizations looking for a straightforward way to monitor Amazon-based workloads should consider Alert Logic.


San Francisco, California (

Analysis by Joseph Feiman

Why Cool: Bluebox offers security-as-a-service protection for mobile applications and data. Its cloud-based technology intercepts every data exchange between mobile applications and an enterprise. It analyzes the exchange and allows, prohibits or protects it via encryption. These actions remain invisible to users and do not impact the user experience.

It is a step forward from traditional security approaches, which tend to tighten user control, and which focus on managing and securing mobile devices, but do not focus on sensitive data. The technology provides visibility and control of corporate data exchanges with mobile devices.

Bluebox can also prevent dangerous applications from downloading onto a mobile device. It is agnostic to the type of applications and data it is handling. Installation of this technology does not require modification of the applications and runtime libraries. Bluebox is delivered as software as a service (SaaS) and charged on per-user, per-month basis.

Challenges: Users should get assurances that Bluebox can scale to support a full range of mobile devices, as well as the application and data sources residing on those devices.

Who Should Care: Business data and application owners, CISOs, and enterprise IT managers seeking better ways to secure their mobile applications and data.

Digital Shadows

London, U.K. (

Analysis by Ruggero Contu

Why Cool: Digital Shadows expands the approach of enterprise IT security to the broader Internet by helping to tackle corporate information exposure in the public arena. Digital Shadows offers digital footprint services to mitigate targeted advanced threats, data leakage and negative reputation issues, monitoring all activity across the Internet including social media, forums and message boards.

Challenges: While Digital Shadows received a new round of funding in 2012 and is partnered with some major consulting firms, it will need to establish a viable customer base to build its market presence and brand awareness. Currently, its customers are predominantly in the U.K., and it has a limited international presence.

As a result of the innovative technology approach, potential buyers may struggle to readily identify the security problems that Digital Shadows' products solve. Digital Shadows' collaboration with major financial institutions may provide future help in establishing presence and specialization in the financial sector.

Who Should Care: Enterprise privacy and risk managers seeking to monitor and minimize the exposure of intellectual property, as well as potential damages to brand reputation, may see value. IT security managers may find Digital Shadows' monitoring capabilities to be advantageous in avoiding the disclosure of sensitive information by cybercriminals perpetrating an advanced targeted attack.

Skyhigh Networks

Cupertino, California (

Analysis by Neil MacDonald

Why Cool: Skyhigh is an early innovator in the emerging category of cloud access security brokers (CASBs; see "The Growing Need for Cloud Access Security Brokers") — that is, it injects security policies and controls between cloud services consumers and the cloud services they are consuming. Skyhigh's services reside in its cloud-based data centers as a reverse proxy; they include auditing, logging, keyword-based data loss prevention, object-based file encryption, and integration with Active Directory and identity-as-a-service providers.

Two features stand out. First, Skyhigh provides discovery of cloud-based services in use, and adds its own risk scoring of cloud services providers so that enterprises can understand the risk posture of the services being consumed. Second, Skyhigh delivers semantic context understanding by maintaining semantic models of the most commonly used cloud services. Cloud-based service users can use this to audit access to sensitive operations, and, more interestingly, these capabilities can be used to identify anomalous access.

Challenges: Skyhigh has limited points of presence in the U.S., with only three locations to date. It does not resell or perform its own identity services. Customers looking for identity as a service outside of Active Directory must purchase and integrate a solution, such as Okta or Ping Identity. Skyhigh's default product is offered as a cloud-based service with an optional on-premises virtual appliance.

Established security providers are coming to market with competitive solutions, such as Symantec O3. Secure Web gateways (SWGs) from McAfee, Zscaler and others could evolve to subsume CASB capabilities. While Skyhigh offers object-level and file-level encryption for attachments, it does not yet offer field-level encryption — but its competitors, such as CipherCloud and PerspecSys, do.

The Cloud Security Alliance's Security, Trust & Assurance Registry could become a de facto standard, diminishing the value of Skyhigh's risk rating (although they are currently partners).

Who Should Care: CISOs, business leaders and other key decision makers looking for innovative approaches to securing access (including from employee-owned mobile devices) to cloud-based services should consider CASBs, including Skyhigh.

Where Are They Now?


Palo Alto, California (

Analysis by Jay Heiser

Profiled in "Cool Vendors in Data and Infrastructure Protection, 2010"

Why Cool Then: WatchDox, originally named Confidela, was selected as a Cool Vendor in 2010 because of its convenient, low-overhead way of controlling document usage rights on external desktops. The original product was based on a very simple approach to the secure sharing of documents. Customers would upload them to WatchDox's secure SaaS server and forward the link to the desired recipients, who would read the documents through their browsers. A transparently installed browser plug-in provided the document owner with the ability to disable copy and print.

In contrast to the hassle and inconvenience of traditional approaches to enterprise digital rights management (EDRM), which requires a rights management server accessible to the recipient, this "trusted viewing" approach proved to be a very practical way for individuals and departments to externally share highly sensitive documents, while still controlling the conditions of their use.

Where Are They Now: During the past three years, several very large software vendors announced that they would not be continuing support for their EDRM product lines. During that same period, WatchDox steadily grew in product sophistication and market presence, positioning itself to take advantage of the growing interest in trusted collaboration on personal and mobile devices.

Its original form of SaaS-based trusted viewing has been extended to a form of EDRM that enables the local editing of Microsoft Office documents while still controlling the conditions of their use, along with some collaborative support.

Protected PDF files can be annotated, and protected Microsoft Office files can be annotated and edited. SharePoint and Exchange integration mechanisms are also available. This functionality is supported on Android, BlackBerry, iOS and Windows. WatchDox has also added a file synchronization function, and was given a Positive rating in Gartner's "MarketScope for Enterprise File Synchronization and Sharing" in February 2013.

Who Should Care: Business leaders, CISOs and other enterprise decision makers looking for intelligent mechanisms for sharing highly sensitive data with external parties, or sharing on devices outside of corporate management, should be interested in WatchDox's emphasis on security and control.


San Jose, California (

Analysis by Peter Firstbrook

Profiled in "Cool Vendors in Software-as-a-Service Security, 2009"

Why Cool Then: Zscaler was a new entrant in the fast-growing SaaS SWG market in 2009. What set it apart was its highly modular and scalable architecture, which enabled it to separate enforcement from reporting and management, and allowed it to scatter enforcement points throughout the Internet. It was the only vendor to offer clientless authentication with a solution that eliminated the need for managing and maintaining on-premises SWG appliances and infrastructure.

Where Are They Now: In 2011, the company had an estimated 6% market share in the overall SWG market, and was the fastest-growing SWG vendor. It had the largest global footprint of enforcement servers, at nearly two times the level of its nearest competitor because of its modular architecture. By the end of 2012, Zscaler was processing more than 8 billion transactions per day. Zscaler is now the only SWG vendor to focus exclusively on the challenges and opportunities of the SaaS delivery model, while other vendors continue to promote hybrid models.

Who Should Care: CISOs and other security managers who want to augment their endpoint protection solutions to protect users from Internet threats and keep pace with the changing threat environment should consider Zscaler. Network engineers replacing outdated URL filtering, bandwidth control and Web security solutions should also consider Zscaler. In addition, the company should be interesting to enterprises with a high percentage of notebook computers, and to large enterprises with many Internet gateways and small office/home office locations.