Kaspersky And Sophos Top Security Vendor Survey

The annual InformationWeek security survey finds wiggle room for lesser-known vendors in large IT shops, but it's a lack of mobile device security strategies that should raise eyebrows.

February 13, 2012

4 Min Read
Network Computing logo

An annual InformationWeek reader survey measuring the quality of security software vendors has found Kaspersky Lab and Sophos at the top of the class. These two companies topped the list of nine antivirus/anti-malware vendors for overall performance, price, and other product-specific features such as virus and malware detection and removal. But it's worthwhile to note only six percentage points separate the top dogs from this list's last-place finisher, Trend Micro.

The survey also found the endpoint security market is still a viable one as it's "growing at a healthy clip".

"You'd have thought the market had saturated already," remarks Kurt Marko, technology columnist and author of the report. "The endpoint security market is actually growing at a fast rate. That could be because the overall threat environments are getting more sophisticated as are the security products themselves.

"Somehow these companies are generating faster growth than the underlying PC market."

The InformationWeek 2012 Antivirus and Anti-malware Vendor Evaluation Survey sought the insights of 386 IT professionals, asking them to gauge the security vendors they've evaluated in the past 12 months. Though the survey asked respondents to share their thoughts on 20 antivirus vendors, only nine received a sufficient amount of responses to warrant a full evaluation, the report read.

On the subject of mobile malware – an increasingly important threat to network security for CIOs to be aware of – the results frame an alarming portrait. Incredibly, 27 percent of the respondents stated they have no plans for mobile device protection at all and 12 percent said they didn't know if their organization had any plans in place to do so.

Marko agreed these are damning statistics and he added it suggests most IT organizations don't have a mobile strategy. Period.

"They haven't even thought about what they're going to do with respect to mobile devices in general within their organizations," he says. "The end users are way ahead of IT on this technology. The notion of mobile device security is only going to come up once organizations start thinking about that overall strategy."

That 11 of the vendors were cast aside before the data was examined is most likely a reflection of the familiarity of those firms within North America – the majority of respondents are based on this side of the planet – more than a comment on the quality of those vendors' offerings, he suggests. And yet, scoring closely behind Kaspersky Lab and Sophos were Avast Software and upstart Malwarebytes. These latter companies scored high in this survey for malware removal – 4.5 out of five – the highest score in the category.

Symantec and McAfee are the most widely used vendors, but 46 percent of respondents are considering replacing them or adding a vendor to complement their solutions. The survey results would suggest that when it came to actual features and performance, the most recognizable names were considered to be "middle of the pack".

"Some of the smaller companies that aren't necessarily household names for the endpoint and antivirus market, such as Malwarebytes and Avast, did quite well on the performance ratings as opposed to the big players like Symantec and McAfee," says Marko. "At least when it comes to performance and effectiveness of the products as perceived by our respondents, the more expensive products didn't necessarily do a better job and didn't do as well of a job."

Thus there could be enough wiggle room for the lesser-known security startups to seize upon the opportunity to make a dent in the market.

"To target enterprise customers, they're going to have to focus on some of the management capabilities in order to differentiate themselves," he continues. "There's parity, it seems to me, across the vendors as to how well they detect, prevent, and eradicate malware.

"In terms of vendors, bigger wasn't necessarily better."

One way to do that is to do a better job of managing large, installed bases of clients. But that's where the likes of Symantec and McAfee excelled.

It should come as little surprise then that the report stated the top brand-name vendors still dominate the IT department's radar, which indicates that the breadth of product line is important.

That doesn't suggest the likes of Symantec and McAfee can rest on their laurels however. In fact, the report goes on to state though Symantec and McAfee are most prevalent in IT shops they are, "badly lagging their seven competitors on both acquisition and operational cost". However, it would be foolhardy to completely write these top-tier security vendors off as inflated or ineffective. Of the three vendors respondents use or have used or evaluated in the past 12 months, 42 percent said Symantec and 36 percent said McAfee.

"They're doing a very respectable job. I wouldn't say they're doing a terrible job," Marko says. "The larger and more diverse your organization, you're likely less concerned with pure A/V scanning performance or impact on system performance and more concerned with using the same vendor.

"They obviously have the market share that they do for a reason."

Learn more about Strategy: SIEM by subscribing to Network Computing Pro Reports (free, registration required).

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights