Inaugural EMA Radar Report™ reviews 7 industry-leading Website Vulnerability Assessment (WVA) products for enterprises launching application security initiatives
BOULDER, Colo., Jan. 12, 2010 – Enterprise Management Associates (EMA), a leading IT management research and consulting firm, today announced the release of its inaugural EMA Radar Report™ titled, Website Vulnerability Assessment Q4 2009 – An EMA Radar Report™. Designed to assist security professionals in selecting the right Website Vulnerability Assessment (WVA) products, EMA has identified the leading vendors in this space. Results identify strengths and weaknesses and highlight key characteristics, summarized in a detailed market map and Radar Chart – which includes a composite score for each vendor – making it simple to see how vendors measure up in the market, as well as against other vendors.
The following criteria were considered in evaluating the WVA products:
• Powerful: In selecting a WVA utility it is imperative to consider the overall strength of the solution. Today the speed with which attackers are evolving their efforts is occurring at an unprecedented rate. In order to keep up with these evolving attacks, assessors must be able to determine what constitutes a vulnerability in their Web applications. This speaks directly to the power of the product. As used in this sense, “power” means accuracy as well as depth in vulnerability recognition, across the multiple technologies often integrated with modern Web applications.
• Comprehensive: In order to effectively implement application security processes and procedures, an organization must be able to comprehensively highlight the issues. Factors considered in weighing the comprehensive nature of a product include technology coverage and granularity in managing the solution. In other words, the solution must effectively be capable of assessing the highest level of issues technically feasible and the users must be able to leverage the issues in management capabilities.
• Feature Rich: In considering which products were capable of handling the dynamic situations that each assessment would run into, it is necessary to consider the features that each product has. Feature rich solutions are inclusive of multiple features that allow users and power users alike to purpose the products to meet their specific needs. This may or may not include a community repository of plug-ins and code.
• Integrated: Earlier application security processes almost never work within silos. As a result, it is imperative that assessment capabilities integrate well with technologies including those purposed for application defense, quality management, network assessments, developer tools, and other technologies.
• Flexible: When a solution fails to adapt to the working processes of an organization, it may not perform as expected, and ultimately may be rejected or shelved. Ineffective or difficult implementations or deployments can be a death sentence to the usage of such technology. It is therefore imperative that an organization select a solution with a deployment strategy that fits their particular organization.
• Automated: The most effective method for conducting a WVA is to perform a full penetration test against an application. However, this process is not scalable to large enterprises, nor can most smaller companies afford the high costs of bringing in a third-party consultant to perform these tests on a regular basis. It is therefore important that a solution can be automated, but still include some capabilities for more specific or manual testing.
Some of the top honors awarded include IBM Rational AppScan for “Most Flexible Solution” and “Best Services,” HP Application Security Center for “Best R&D Team” as well as “Best Integration with Quality Assurance,” WhiteHat Security for “Best SaaS Solution” and “Best Integration with Defensive Countermeasures,” Cenzic Hailstorm for “Best Security Team Focus,” and McAfee Secure for “Best Integration with Network/System Scanning.” The complete Website Vulnerability Radar Report showcases all products awarded and provides a detailed outline of strengths and weaknesses.
"The EMA Website Vulnerability Assessment Radar Report highlights EMA’s choices for best products in the enterprise black box web application security assessment," said Scott Crawford, Managing Research Director, Security & Risk Management at EMA. "In addition we’ve also identified key areas that customers and potential customers consider major differentiators between market players and highlighted the top vendor in each area. While there is already much debate over the results, the report provides detailed explanations and is based on a number of objective criteria. Ultimately, it is a valuable, independent guide for end-users and vendors alike."
The complete Website Vulnerability Assessment Q4 2009 – An EMA Radar Report™ is available online for $795 at http://www.www.enterprisemanagement.com/research/asset.php?id=1617
The summary is available for free online at http://www.www.enterprisemanagement.com/research/asset.php?id=1611
About the EMA Radar Report
The EMA Radar Report delivers an in-depth analysis of industry-leading vendors and vendor products, including their overall market position in comparison with other vendors. This information is laid out in an easy-to-decipher, detailed Radar Chart – which includes the composite score for each vendor – making it simple to see how vendors measure up in the market, as well as against other vendors. The EMA Radar report also provides a detailed discussion of methodology and criteria, a high-level market segment overview, a comprehensive analyst write-up on each vendor, as well as an evaluation of software products based on five key dimensions:
1. Ease of Deployment & Administration: This dimension rates vendors on start-up cost and effort, as well as ongoing operational cost and effort. Ease of Deployment is measured by scoring implementation timeframe, support, professional services, training, and auto-discovery factors. Ease of administration and automation of management are measured for the Administration component.
2. Cost Advantage: Considering licensing models, the price for a license, as well as maintenance costs, this dimension scores products on their relative price advantage when compared to others in the market. Low price, flexible licensing model, and reasonable maintenance costs are awarded the highest scores.
3. Architecture & Integration: This dimension assesses the strength and extensibility of the core architecture, as well as the ease of integration and availability of existing modules for integration with other products.
4. Functionality: This dimension assesses the features of the products on a number of important factors for the product category. Completeness of the product features, as well as ease of use are measured.
5. Vendor Strength: This dimension considers not just the vendor’s financial strength and presence in the market but also their vision, market credibility and partnerships/channels to reflect their overall strength as a supplier.
About EMA
Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that specializes in going “beyond the surface” to provide deep insight across the full spectrum of IT management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solu¬tions to help its clients achieve their goals. Learn more about EMA research, analysis, and consult¬ing services for enterprise IT professionals and IT vendors at www.www.enterprisemanagement.com or follow EMA on Twitter http://twitter.com/ema_research.