1Magic Quadrant for Global Enterprise Desktops and Notebooks 2010

金蝶中间件公司拥有全国六大区域中心，四十多家直属机构，覆盖了全国所有的大中型城市.是全球技术领先的基础架构软件企业。

它专注于提供标准、安全、高效、集成的企业级中间件产品和专业服务。

2007年被Gartner评为在全世界范围内有能力提供下一代SOA服务的19家主要厂商之一。

2007年，金蝶中间件的金蝶Apusic J2EE应用服务器是全球第四家通过最新Java国际标准Java EE5.0认证的产品。

简介深圳金蝶中间件有限公司是金蝶国际软件集团（股票代码268.HK）旗下的子公司，是全球技术领先的基础架构软件企业。

它专注于提供标准、安全、高效、集成的企业级中间件产品和专业服务。

2007年被Gartner评为在全世界范围内有能力提供下一代SOA服务的19家主要厂商之一。

2007年，金蝶中间件的金蝶Apusic J2EE应用服务器是全球第四家通过最新Java国际标准Java EE5.0认证的产品。

金蝶中间件金蝶中间件总部位于深圳市，成立于2000年7月。

金蝶中间件的营销、服务及伙伴网络在中国大陆分为南方、华北、东北、华东、西南、西北六大区域，在国内拥有39家分支机构。

金蝶中间件的客户遍及中国大陆、香港和台湾地区的政府、金融、电信、制造、能源、交通等行业，包括中国人民银行、国家发改委、国家质检总局、国家民政部、国家监察部、广东工商局等政府客户，以及万科集团、华为、海尔集团、招商局、中国移动、香港亨达集团、台湾程曦等2000多家大型企业客户，并拥有中软、中科软、东软、珠海远光、深圳太极、深圳拜特、浙大网新、广东中望、珠海同望等200多家合作伙伴。

金蝶中间件还创造了中国中间件领域众多的“第一”：第一个开发出国产纯Java中间件并通过J2EE标准；第一个代表中国加入JCP组织、制订世界Java技术标准；国内第一个且唯一一个获得下一代规范Java EE 5.0认证授权。

金蝶中间件目前拥有Apusic J2EE应用服务器、Apusic 消息中间件、Apusic ESB、Operamasks Studio、OperaMasks SDK、Apusic Portal Suite等产品，能够帮助客户摆脱底层困扰、快速构建、安全管理、灵活重用、有效降低系统开发复杂性与开发成本，并最大限度保护现有资源，推动企业快速实现他们的商业价值。

移动性和软件即服务正在不断改变着客户关系管理和销售队伍的软件，NetSuite是CRM 领域的新贵，该公司迅速崛起并且逐渐成长为该领域一股非常巨大的力量，而传统的授权软件制造商也看到了CRM领域的重大商机，纷纷投身于该领域。

最近SAP与Research In Motion 公司的联合更加清楚地表明了CRM供应商试图满足客户不断增长的移动性需求。

用户界面也不断演变以满足那些与Web一起成长起来的用户的期望。

以下就简要介绍一下主要的CRM厂商的产品。

微软软件巨头微软进入CRM领域的时间比较晚，大概是在2002年。

不过微软的Dynamics CRM 系列软件确一炮打响，迅速获得了用户的认可。

著名市场分析机构Gartner Group的分析师Robert DeSisto认为，造成这一结果的一个关键的原因是微软Dynamics CRM整合了其它微软软件产品---尤其是Microsoft Outlook。

Outlook的联系人管理、日程管理和电子邮件功能使得Dynamics CRM很受销售人员的欢迎。

IDC Canada企业应用研究经理还补充说，Dynamics CRM与Access数据库软件的集成也极大地促进了企业用户对它的接受度。

微软的Dynamics CRM产品在中小企业中有一个“非常庞大”的用户群，但是在大型企业中，Dynamics CRM不如甲骨文和SAP的企业软件。

不过，微软正在利用其强大的中小企业和桌面操作系统的优势试图扭转这一局面，挑战传统的大型企业软件厂商。

Gartner在2007年发布的销售队伍自动化象限图(Magic Quadrant)报告中，Gartner把Dynamics CRM 放在挑战者的行列中。

微软现在面临的挑战是如何推广其软件即服务产品--- Dynamics Live。

微软正在推行一个价格策略，以对抗定价，从而能够在SaaS领域分得一杯羹。

这一战略是否能够奏效仍然有待进一步观察。

Magic Quadrant for Web Application Firewalls 17 June 2014 ID:G0*******Analyst(s): Jeremy D'Hoinne, Adam Hils, Greg Young, Joseph FeimanVIEW SUMMARYThe WAF market is growing quickly from a small base; it is composed of pure players, application delivery controller vendors, cloud service providers and network security vendors. Buyers should evaluate how WAFs can provide high security, minimize false positives and sustain performance. Market Definition/DescriptionThe Web application firewall (WAF) market is defined by a customer's need to protect internal and public Web applications when they are deployed locally (on-premises) or remotely (hosted, "cloud" or "as a service"). WAFs are deployed in front of Web servers to protect Web applications against hackers' attacks, to monitor access to Web applications, and to collect access logs for compliance/auditing and analytics. WAFs are most often deployed in-line, as a reverse proxy, because historically it was the only way to perform some in-depth inspections. Other deployment modes exist, such as transparent proxy, bridge mode, or the WAF being positioned out of band (OOB) and, therefore, working on a copy of the network traffic.The primary WAF benefit is providing protection for custom Web applications that would otherwise go unprotected by other technologies that guard only against known exploits and prevent vulnerabilities in off-the-shelf Web application software (see "Web Application Firewalls Are Worth the Investment for Enterprises").WAFs also integrate with other network security technology, such as vulnerability scanners, distributed denial of service (DDoS) protection appliances, Web fraud detection and database security solutions. In addition, WAFs sometimes include performance acceleration, including content caching, and might be packaged with Web access management (WAM) modules to include authentication features — notably to provide single sign-on (SSO) for legacy or distributed Web applications.Gartner estimates that the WAF market grew in 2013 at a rate of approximately 30% from $259 million to $337 million, and most of the growth was driven by a handful of vendors. Demand in North America has been strong, with 45% of the total market. EMEA accounts for 29% of the market, whileAsia/Pacific accounts for 26%. The Middle East demonstrated the highest growth rate, while Europe was the least dynamic region.To be considered for this Magic Quadrant, vendors must actively sell and market WAF technology toend-user organizations. The technology should include protection techniques that have been designed for Web security, beyond signatures that can be found in next-generation firewalls and intrusion prevention systems (IPSs). WAF products should support single and multiple Web server deployments. This Magic Quadrant includes WAFs that are deployed in front of Web applications and are not integrated directly on Web servers. This includes:Purpose-built physical, virtual or software appliances provided by pure players or network security vendorsWAF modules embedded in application delivery controllers (ADCs; see "Magic Quadrant forApplication Delivery Controllers")Cloud servicesHow WAFs integrate other network security technologies — like static application security testing and dynamic application security testing (DAST) or security information and event management (SIEM) — is often one of the indicators that reflect a strong presence in the enterprise market. Consolidation of WAFs with other technologies, like ADCs or anti-DDoS cloud services, brings its own benefits and challenges, but this market evaluation primarily focuses on the buyer's security needs when it comes to application security. This notably includes how WAF technology:Maximizes the detection and catch rate for known and unknown threatsMinimizes false alerts (false positives) and adapts to continually evolving Web applicationsEnsures broader adoption through ease of use and minimal performance impactIn particular, Gartner scrutinizes these features and innovations for their ability to improve Web application security beyond what a next-generation firewall, IPS or open-source WAFs — which are available for free (such as ModSecurity and IronBee) — would do.Return to TopMagic QuadrantFigure 1. Magic Quadrant for Web Application Firewalls STRATEGIC PLANNING ASSUMPTIONSAt the end of 2018, less than 20% of enterprises will rely only on firewalls or intrusion prevention systems to protect their Web applications — down from 40% today.By year-end 2020, more than 50% of public Web applications protected by a WAF will use WAFs delivered as a cloud service or Internet-hosted virtual appliance — up from less than 10% today.EVIDENCE1"Payment Card Industry (PCI) Data SecurityStandard:Requirements and Security Assessment Procedures, Version 1.2," October 2008; and "PCI Security Standards Council — Information Supplement: Application Reviews and Web ApplicationFirewalls Clarified, Version 1.2" October 2008NOTE 1TYPE A, B AND C ENTERPRISESEnterprises vary in their aggressiveness and risk-taking characteristics:Type A enterprises seek the newest securitytechnologies and concepts, tolerate procurementfailure, and are willing to invest for innovation that might deliver lead time against their competition.This is the "lean forward" or aggressive securityposture. For Type A enterprises, technology iscrucial to business success; of course, they alsohave skilled and dedicated security teams.Type B enterprises are "middle of the road." They are neither first nor last to bring in a newtechnology or concept. For Type B enterprises,technology is important to the business andsecurity teams are often understaffed.Type C enterprises are risk-averse forprocurement, perhaps investment-challenged and willing to cede innovation to others. They wait, let others work out the nuances and then leverage the lessons learned. This is the "lean back" securityposture that is more accustomed to monitoringrather than blocking. For Type C enterprises,technology is critical to the business and is clearlya supporting function. These enterprises might nothave dedicated security teams.EVALUATION CRITERIA DEFINITIONSAbility to ExecuteProduct/Service: Core goods and services offered by the vendor for the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.Overall Viability: Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood that the individual business unit will continue investing in the product, will continue offering the product and will advance the state of the art within the organization's portfolio of products.Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.Market Responsiveness/Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness.Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message to influence the market, promote the brand and business, increase awarenessSource: Gartner (June 2014)Return to TopVendor Strengths and CautionsAdNovumSwitzerland-based AdNovum is a long-established provider of application development, IT and security services. It recently started its expansion beyond this home market, and had its first successes in Singapore. AdNovum's product offering, under the cover name Nevis Security and Compliance Suite, includes WAF (nevisProxy), authentication, identity management and document signing, and was first shipped in 1997. The nevisProxy WAF is delivered as a software appliance and does not yet have third-party evaluations, but provides some features beyond signatures with support for a positive security model, URL encryption and protection against cross-site request forgery (CSRF).Swiss enterprise buyers in need of a combined WAM and WAF solution to protect custom application should consider AdNovum in their competitive shortlists.StrengthsAdNovum has proven experience with large financial institutions in Switzerland, and is able to quickly develop to specific customer requirements.Nevis Suite includes robust authentication and SSO features. Its centralized management("nevisAdmin") supports a large number of WAF instances, and is multitenancy-capable.AdNovum provides free licensing for test servers and unlimited flat-rate agreements for very large deals.CautionsAdNovum's WAF is one component of a software suite that serves primarily WAM purposes;consequently, the R&D investment in pure WAF development is more limited.AdNovum does not appear on Gartner customer shortlists for WAF outside of Switzerland.AdNovum lacks hardware appliance offerings that many of its competitors provide.Protections against SQL injection and cross-site scripting (XSS) are focused primarily onModSecurity open-source signatures, with no complementary internal or third-party threatresearch.nevisProxy does not offer virtual patching based on the results of a vulnerability scanner, ordedicated security and compliance reports.Return to TopAkamaiAkamai (AKAM) is based in Cambridge, Massachusetts, and provides a leading content delivery network (CDN). Its network and security cloud services, including its WAF (Kona Site Defender), are built on top of the Akamai Intelligent Platform, its global cloud infrastructure. The Kona WAF has been available since 2009, and received significant improvement in 2013. The Kona WAF management and monitoring consoles (Luna Control Center and Security Monitor) are also delivered as Web portals.Akamai's WAF is delivered as a service with a monthly fee, based on performance requirements for up to 10 sites. Additional subscriptions are available to limit the extra costs in case of volumetric DDoS attack (DDoS Fee Protection), to get assistance with Web security rule updates and tuning (Rule Update Service), or to reduce the scope of PCI compliance assessment with tokenization of client credit credentials (Edge Tokenization). of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional initiatives, thought leadership, word of mouth and sales activities.Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements and so on.Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure, including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.Completeness of VisionMarket Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs, and can shape or enhance those with their added vision.Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales, marketing, service, and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements.Business Model: The soundness and logic of the vendor's underlying business proposition.Vertical/Industry Strategy: The vendor's strategyto direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets.Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.In the first quarter of 2014, Akamai completed the acquisition of DDoS protection service Prolexic Technologies. Gartner analysts expect future integration between Kona and the Prolexic offering.The Kona WAF is a good choice for existing Akamai customers as an extension to deployed Akamai solutions, and for large public websites looking for simple WAF deployment.StrengthsGartner clients cite the combination of DDoS protection and Web application security as adifferentiator when comparing Akamai with most competitors.Akamai leverages its visibility into a substantial share of Internet traffic to tune security signatures in order to avoid false alerts and improve detection, with multiple steps for anomaly detection that feed a scoring mechanism.Akamai's subscription model makes it easy for enterprises to purchase and enable Web application security. This is especially true for existing Akamai CDN clients, and for owners of very largehosted Web applications.The transparency and professionalism demonstrated in Akamai's reaction to the recent Heartbleed vulnerability inspires trust in its ability to handle security-related challenges.CautionsAkamai's WAF is available as a cloud service only. Akamai does not provide an on-premisesappliance option that many of its competitors offer to protect internal applications, or to maintain Secure Sockets Layer (SSL) secrets on the client's corporate network.Akamai lacks lower-price WAF subscriptions to reach smaller enterprises and midsizeorganizations.Kona Site Defender security still relies primarily on signatures and reputation scoring. It lagsbehind competitors in other capabilities, such as an automatic learning engine and the degree of custom configuration of Web application behavior.Akamai is growing the customer base for its WAF offering mainly from existing clients of other cloud services in the U.S., but Gartner does not see the vendor winning deals on Web application security needs.Return to TopBarracuda NetworksBarracuda Networks (CUDA), which is based in Campbell, California, provides a wide variety of information security and storage products that are largely targeted at small or midsize businesses (SMBs). Barracuda offers its Web Application Firewall line in a variety of form factors, including as a physical or virtual appliance, and also as a cloud-based service that can be deployed on the Microsoft Azure and Amazon Web Services (AWS) cloud platforms.SMB buyers and resource-strapped security teams that require a low-cost solution and attentive vendor support should consider this product.StrengthsBarracuda's WAF provides strong IP reputation, cookie protection and client fingerprintingcapabilities. It also combines embedded authentication features and integration with several third-party authentication solutions.Barracuda has a broad range of hardware appliances to support a wide variety of scalability and performance requirements, especially for SMBs; it is also one of the only vendors to offer a WAF on the Microsoft Azure platform.Barracuda customers rate its geographically distributed support capabilities quite highly.Barracuda offers a wide range of foreign language support in its management interface, including Mandarin, Cantonese and Korean.CautionsBarracuda's WAF lags behind its leading competitors in enterprise-level automation. It integrates with a low number of established vulnerability scanners for virtual patching, and the scanning results must be imported manually. Automatic learning capabilities are disabled by default.Customers note that the management graphical user interface (GUI) looks a bit dated, which can make it difficult to use in some situations.Barracuda heavily relies on a relatively small set of generic signatures to protect against XSS and SQL injection.Return to TopBeeWareFrance-based BeeWare has been marketing its technologies since 2003. Its products, which include WAF, Web services firewall and WAM, have been integrated into its i-Suite platform, which can be deployed as a physical or virtual appliance. The i-Suite solution also offers ADC features, such as load balancing, content caching, compression and traffic rewriting. BeeWare is one of the smaller vendors in the WAF space, and predominantly sells its WAF to the French market. In May 2014, it was acquired by DenyAll.Midsize and large French enterprises in financial, government and manufacturing sectors that have WAF and authentication needs should consider BeeWare on their shortlists, but also take into account the acquisition by DenyAll.StrengthsBeeWare offers an i-Suite version for the protection of applications hosted on AWS, MicrosoftAzure and other clouds (although deployment of this WAF cloud version is very low).Its i-Suite has strong protection for Web services and SSO features.BeeWare's WAF flow-based policy management interface may be attractive to customers that like an event-based graphical representation of a security policy.CautionsBeeWare's revenue and growth are low and lag behind most players in the WAF market.It has low visibility and does not appear on Gartner customer shortlists outside France.Its technology has limited anti-evasion techniques. It offers only generic SQL injection (SQLi) and XSS protection capabilities.Its non-Web Java client GUI, although graphical and rich, is not in-line with the general trend of Web-based GUIs.Its WAF has integration with only one DAST vendor, Qualys, and with only two SIEM vendors, Splunk and RSA, The Security Division of EMC.Return to TopCitrixU.S.-based Citrix (CTXS) is a global provider with a broad portfolio of virtualization, cloud infrastructure and ADC solutions. Citrix has offered WAF functionality (NetScaler AppFirewall) for more than a decade as a software option, or included in the "Premium" bundle of the NetScaler Application Delivery Controller suite. The Citrix hardware appliance product line (NetScaler MPX) can also run a license-restricted version of the full NetScaler software to act as a stand-alone WAF. In addition, Citrix provides virtual appliances (NetScaler VPX). The NetScaler SDX platform allows several instances of Citrix solutions, including ADC and NetScaler AppFirewall software in a single hardware appliance. NetScaler can also be bundled in Citrix Mobile Workspace offerings.Citrix NetScaler AppFirewall is a good choice for large enterprise clients that are looking for an easy way to add WAF functionalities to their existing Citrix infrastructures.StrengthsNetScaler AppFirewall includes mature features for Web security, and can be bundled with SSL VPNs for remote access of internal applications.Citrix NetScaler's ability to scale appeals to large organizations, especially when massive SSLoffloading is required.Citrix has a compelling ecosystem of partnerships with third-party solutions.Citrix offers an extensive range of hardware (MPX/SDX) and virtual (VPX) appliances.CautionsLike most ADC vendors, Citrix primarily targets enterprise clients with ADC solutions and does not focus its efforts on pure-play security use cases.Despite good visibility historically, Citrix recently has appeared less often on client shortlists than its direct competitors have.Citrix NetScaler's physical appliance price tag starts at $15,000 and lacks a price-competitive WAF offering for midsize organizations. Citrix's virtual appliance and NetScaler on AWS might offer less expensive alternatives.Citrix does not offer or collaborate with cloud-based DDoS protection services.Gartner does not see Citrix's WAF displacing the competition based on its security capabilities, but rather sees it as an accompanying sale for ADC placements.Return to TopDBAPPSecurityDBAPPSecurity, which is headquartered in Hangzhou, China, is a vendor of Web application and database security solutions. Its product offering includes a WAF (DAS-WAF) that was first released in 2007. DBAPPSecurity also provides a Web application vulnerability scanner (DAS-WebScan) and database audit platform (DAS-DBAuditor) that can collaborate with its WAF product.DBAPPSecurity is a good shortlist candidate in China for SMBs and large enterprises in financial and government sectors.StrengthsDBAPPSecurity has a firm base of faithful clients in China that praise the benefits of having aChinese provider. Those benefits include good resident support and local certifications.DAS-WAF includes automatic policy learning and Web application caching, and it can operate in transparent proxy or monitoring mode.Of all the vendors evaluated in this Magic Quadrant, DBAPPSecurity offers the lowest support cost relative to the WAF appliance price.CautionsDBAPPSecurity lags behind several competitors' WAFs in areas such as role-based management, detailed activity reports and authentication features.DBAPPSecurity has very limited market visibility and does not appear on Gartner customers' WAF shortlists outside of China.DBAPPSecurity's recent strategic focus moved toward its security scanners, and the DAS-WAF is not promoted on the international version of the vendor's corporate website.Return to TopDenyAllDenyAll is based in France and has marketed its WAF technology (rWeb) since 2001. Later, it added sProxy (a plug-in to rWeb with predefined policies for email, SharePoint and SAP) and rXML (a Web services firewall). DenyAll's rWeb WAF product was developed to secure HTTP(s), SOAP and XML traffic, and is currently available as a tool that is predominantly installed on enterprise's premises. Its technology can be deployed as software or appliance (physical or virtual). DenyAll is in the process of developing and testing its WAF cloud offering, and rWeb is already available via AWS and Microsoft Azure.DenyAll mostly focuses on the French market, and then on the European market, where it primarily targets midsize and large enterprises in financial and government sectors. It is a relatively small vendorin the WAF market, but is able to sustain a focus on technology innovation. In May 2014, DenyAll announced the acquisition of WAF vendor BeeWare.European organizations that are looking for high security first should consider adding DenyAll to their shortlists.StrengthsDenyAll's technology includes several advanced protection techniques, including JavaScript Object Notation (JSON) traffic analysis/protection, code leakage detection and a browser lightweightagent.It also offers a comprehensive list of anti-evasion techniques and a scoring list feature (a weighted scoring approach in addition to signatures) for protection against attacks, such as SQLi and XSS.The WAF technology combines security detection/protection features with caching, load balancing and high availability (with active-passive and active-active modes) features.DenyAll enables correlation between its WAF and DAST to increase the accuracy of detection and protection.The DenyAll rWeb offering is available via AWS to support Web protection for AWS-specificinfrastructure-as-a-service customer deployments.CautionsDenyAll mainly focuses on French and EU markets, which limit its visibility and adoption in other geographies.The acquisition of BeeWare will be a big challenge for DenyAll in the next 12 months. It coulddivert DenyAll from executing on its road map, but maintaining two product lines for too longwould annihilate much of the benefits from the increased R&D size.Its revenue and growth are low compared with the Leaders, Challengers and even some Niche Players in this Magic Quadrant.It has certified integration with only one SIEM vendor, Splunk, and does not have integration with reputation vendors' technologies.DenyAll's WAF correlation process between WAF and DAST mainly focuses on WAF integration with its own DAST, but not DAST from other application security testing vendors.Return to TopErgon InformatikErgon Informatik, which is headquartered in Zürich, has been shipping its WAF technology (Airlock) for more than 15 years. Ergon also develops other software solutions, including an authentication platform (Medusa) and mobile payment solutions. The Airlock WAF can be deployed as a reverse proxy, is available as a software and virtual appliance, and can run on Amazon Elastic Compute Cloud (EC2). Its pricing is primarily based on the number of protected Web applications and additional modules, such as SSL VPNs, XML security or graphical reports, which are available for an additional one-time fee. Airlock 5, which was released in January 2014, introduced a major operating system change and the full integration of an identity and access management (IAM) solution. Ergon will continue to support the previous versions of Airlock for 18 months.Ergon's Airlock is a good contender for European organizations' WAF projects, especially large banking and insurance enterprises from the DACH countries (Germany, Austria and Switzerland) and the Middle East region that have access management needs.StrengthsAirlock includes extensive techniques for Web application parameters, with URL encryption,various cookie protections (including a cookie store) and form parameter integrity checks.Airlock's integration of a full IAM solution adds comprehensive authentication and SSO features.Ergon gets good marks from users for its security expertise, the efficiency of its support, and its understanding of the needs and constraints of large financial institutions.CautionsAirlock does not offer centralized management, automatic Web application behavior learning or automated security signature updates, and it does not integrate with vulnerability scanners for virtual patching.Airlock lacks hardware appliance models. Instead, Ergon provides multiple ways to facilitate the installation of the software appliance.For SIEM integration, Airlock provides only a Splunk App, but Ergon reports that its customers have integrated with other SIEM technologies.Airlock has very low visibility in Gartner's customer base.Return to TopF5Seattle-headquartered F5 (FFIV) is an application infrastructure vendor that is focused on ADCs. The primary WAF offering is a software module for the F5 Big-IP ADC: the Application Security Manager (ASM). Other F5 security modules include the network firewall Advanced Firewall Manager (AFM) and the WAM Access Policy Manager (APM) module. ASM is also available on the virtual edition of Big-IP. The F5 hardware Big-IP appliance product line can also run a license-restricted (yet upgradable) version of the full software to act as a stand-alone security solution (such as a stand-alone WAF).F5 is a good shortlist candidate, especially for large organizations that own or are considering ADC technology.StrengthsAs a leading ADC vendor with a large installed base of clients, F5 leverages the scalability of its ADC Big-IP platforms and the strength of its ADC sales as the entry point for add-on WAF licenses.F5's WAF is an easy upgrade for existing F5 clients.F5's corporate teams and channels provide logistic capabilities and support that are larger and have more geographic coverage than many WAF vendors.。

敢为天下先——5大厂商市售NGFW产品评析作者：暂无来源：《计算机世界》 2011年第26期目前我们可以确定共有5个厂商在国内正式发售了NGFW产品，其中4个国外厂商均在Gartner最新一期的《企业网络防火墙魔力象限报告》（Magic Quadrant for Enterprise Network Firewalls，2010）中占有一席之地；深信服是惟一发布了NGFW产品的本土厂商，我们相信会有越来越多的本土厂商杀入这一领域。

在产品资料收集的过程中，我们发现了一个很有意思的现象：之前无UTM产品的厂商为我们提供的产品文档中，都统一使用了NGFW的概念与宣传口径，且官方网站上的资料也是如此；而之前有UTM产品的厂商虽然宣称拥有NGFW产品线，却暂时没能提供与之相关的资料，在产品归属的态度上显得十分模糊。

前者意图很明显，就是要避开竞争激烈的防火墙/UTM市场，抢占新的蓝海；后者大多拥有一定的资本和技术积累，为稳固市场地位需要拉动产业升级，却担心在市场上面临“自己打自己”的窘境。

无论如何，随着NGFW概念逐步被用户理解、接受，目前市场上的混乱局面必将变得明朗，其前景值得看好。

Palo AltoPalo Alto是近几年发展非常迅猛的一家安全企业，在业内负有盛名。

该公司旗下仅拥有NGFW一类产品，被看做NGFW时代的先行者。

经过充分的准备，Palo Alto于2011年年初在国内设立了办事处。

据了解，诸如应用特征库、WebUI和报表管理系统的本土化工作已初见成效。

Palo Alto将用户识别、应用识别和内容识别并列为产品的3大核心功能，使用户权限和策略设定变得像自然语言般简单易懂，同时让报表的可读性更强。

内容识别基于防火墙、IPS、反恶意软件、URL过滤乃至DLP等多种安全功能，可以为用户提供全面的安全保障。

在业务处理方面，其产品采用了单数据流并行处理体系结构，保证了高性能、低延迟。

有业内人士认为，Palo Alto产品中关于一体化的处理引擎和一体化的策略框架是最关键的设计理念，在保证高性能的同时提高了易用性。

素新绿绳的庆聆飞利浦“小精聆”耳机Phi l i ps‘‘Li t t l e El f L i st e ni ng’’E a r phone飞利浦“小精聆”系列耳机(挂绳版)晶莹上市厂]，．，，。

l卅孓'爹尚随身包一个。

精巧挂绳轻盈又简约舒适亦从容此次飞利浦发布的三款新^^q：机SH E3650／1／2，较之此前春季上市的“小精聆”，既可看作是“姊妹装”，又可税为“夏季版”，新添的挂绳式设计，配备有方便快捷的固定扣，适合M P3等随声听设备看似只是一处小小的设汁变化，却带来丝丝惊喜。

M P3一族往往会令人有这样的烦恼，纷繁复绕的耳机连线弄得人人汗创新实验室，将耳机的旨色表现力发挥到最佳。

耳塞虽小，却幂用优质的铷磁扬声器，确保音效的纯面与稳定，以往普通耳塞音效的不均衡辟再／f：复现，此外，5H E3650／1／2系列“小精聆”耳机还特别引入低音增强反射器．得以优化气流控制，一解耳塞狭小夺问的“通风”问题，令音质人幅度提升，，靓丽色彩爵尚生活一一秉承“精于心简于形”的设讦理念，飞利浦近年来往保持耳机的专、IP音质水准的基础上，愈发注重欧洲优质生活品味元素的引入，。

7此次的二款色彩缤纷的色调，对比之强烈，令人惊艳超酷的色彩让耳塞兜显时尚魅力可以想见，在j立个激情之夏I耳塞连线一改以往单倒的黑、灰、白，兔舱是玫瑰红、翡翠绿、遂是宝石蓝的明。

繁色凋耳机，搭配休I翻T恤和短裙，都魔疑会成为街头一责撕f：人赏心悦目一特：I；0值得提的是。

此次的“小精聆”薤绳版为i P hone兼窄设汁，方便欣党毒-／Phot t e的音乐，这对于i_j-Phone盼fA N s而吉，更是称心如意了：．一’“好听，好用”之余，还要“耐用’．挂绳版“小精聆”采厢耐用的Flexi书ri p设}1i i带来!野两而彳r弹性的连线，确保耳机往衙寿命。

热辣八月，韵律之美，这个夏天，一起来享受飞利浦挂绳版“i I、精聆”耳机所带来的曼妙之音与多彩时尚吧。

End UserServicesManagedMobileMobile Device Management Managed MobileManaged Mobile Offering Overview⏹Challenges⏹Managed Mobile⏹Why FujitsuHow can I benefit from new mobiletechnologies without jeopardizing my corporate security?How can I implement Tablets andSmartphones into my IT- Strategy?How can I setstandardized policies across aheterogenous mobile environment?How can I gain cost transparency and control while turning CAPEX into OPEX?Mobility ChallengesThe way we do business is changing fundamentally – this leads to a number of questions which must be answered …Technology Creates New PossibilitiesFlexible hours, flexible locationFixed hours, fixed location⏹What does this mean?⏹Massive change in how we do business⏹The number of mobile workers and smartphone and tablet PC users is ever increasing!What Mobility Means for Enterprises⏹Access to newest technology is key for passionate employees⏹Generate more revenue, drive innovations⏹Demand creative freedom, such as choice of device and social media access ⏹Heterogenerous environment of employee and corporately owned devicesMobile OS: a Volatile Market⏹80% of all enterprises confirm that it is virtually impossible to manage theincreasingly complex mobile environment manually.⏹…Betting on the wrong horse“ can become a costly error⏹Mobile Device Management will becomeimperative within the next 12 monthsSome hardwaremanufacturers have starteddeveloping their own specificAndroid OS –will this lead toeven more diversification?Challenges for Any IT Department40%*of users will use one device, both corporately and privately72%*store sensitive data on mobile devices, such as business reports, pipelines or prototype information. 4 out of 5 usersaccess their corporate network without permission – 59% do it dailyMore than half*of IT administrators do not feel prepared for a data breach incidentManaged Mobile Offering Overview⏹Challenges⏹Managed Mobile⏹Why FujitsuCharacteristics of Our Managed Mobile Offering1.Global coverage⏹Customer proximity by follow-the-sun and worldwide support availability⏹Customer expansion supported2.Standardization⏹High service quality, faster implementation and reduced costs3.Defined service level agreements⏹Ensure improved availability and performance whilst reducing risk4.Centralized governance⏹Faster implementation of IT worklpace changes to support new business needs⏹Improved agility5.…price-per-seat“ model⏹Reduced financial risk⏹Improved planning reliability due to the shift from CAPEX to OPEX⏹Higher cost transparencyFujitsu‘s Managed Mobile – an OverviewFujitsu Managed Mobile is a ManagedService around Mobile DeviceManagement (MDM) delivered from acentralized Cloud InfrastructureService Lifecycle of a Managed DeviceHelpdeskSW/HW- InventoryManagementCommunication Application ASecurity Policies Application Z“Over -the-Air” provisioningPolicy and Device Configuration Lock, Wipe & Selective WipeMaintenance &SupportManaged Mobile Features…Over the air “ enrollment Remote-Management …over the air “ Role-based User Access incl. Self-Help PortalApplication Management 24/7 global HelpdeskUnified Configurations – across multiple OSsManagementEmail, Calendar, Corporate Address Book, TasksIntranet AccessMobile OfficeUser and device-based authentification Encrypted transfer of data and mails Anti-Virus, Anti-Spyware, Firewall-filtered trafficRemote Lock/“Wipe “ CapabilitiesSecurityService Components⏹Mandatory Components⏹Optional Core+ ComponentsService TransitionCore ServiceMobile Anti-VirusSeven Push MailActive Sync SecurityEnhanced Android SecurityData Leakage Prevention…and more coming!⏹Core Service includes⏹Policy Management & Deployment ⏹24/7 Global Helpdesk ⏹Self-Service Portal⏹Lock&Wipe Functionalities⏹Core+ Options add flexibility basedon customer requirementsFujitsu‘s Global Delivery CapabilitiesMalaysia Costa RicaIndiaPortugalPolandRussiaCanada EstoniaNorthern IrelandPhilippinesUSBrazilAustraliaChinaSouth AfricaJapanThailand SwedenUKFinlandGermany SingaporePotential for “follow the sun” service3 global delivery centers (remoteinfrastructure management and applications management)Fujitsu data centers(representative selection)5 global multi-lingual service desks 5 regional delivery centersFujitsu Global Cloud platform locationsManaged Mobile – Global DeliveryPrimary MDM HubMDM HubMDM HubCentral Billing SystemCentralManagement Console ⏹Global Delivery by Fujitsu Services Finland⏹24/7 Helpdesk from Lodz, Poland⏹Regional MDM hubs in planning to relieve latency and load⏹Local Connectivity Hubs ensure email traffic does not leave the countryCustomer BenefitsCosts Time Risks Cost Control Complexity Flexibility⏹Improved productivity and responsiveness⏹Improved employee satisfaction⏹No operational responsibility for customer!Fujitsu can help you turn mobile complexity into improved business performance!Managed Mobile Offering Overview⏹Challenges⏹Managed Mobile⏹Why FujitsuBest of Breed MDM-SoftwareGartner Critical capabilities Gartner Magic Quadrant for …, EuropeManaged Mobile runs on Zenprise Device Manager (CITRIX) The Magic Quadrant is copyrighted May 2012 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.Some Customer Examples“Mercedes Benz stated that they were impressed how Fujitsu wasable to build and deploy more than 250 devices at extremely shortnotice. This was achieved within just a few days with the support ofthe highly professional build team based in Warrington.”120+ customers with users in 40 countriesWhy Fujitsu⏹We offer a complete and highly standardized globaloffering⏹Centralized and fully Managed Service, built aroundaward-winning Mobile Device Management Solution ⏹24/7 world-wide coverage, inkl. Service Desk⏹Secure, scalable and reliable throughcloud infrastructure⏹World-class workplace management andworkplace services⏹Over 70 years of experience with productiontelephony equipment and services20。

Gartner项目组合管理软件的魔方图Magic Quadrant for Project Portfolio Management, 2003Matt LightDocument Type: Research NoteNote Number: M-20-2777Applications for project portfolio and resource management can boost team performance, and enable IT management and others to access real-time data via dashboards for prioritization and rapid decision making.--------------------------------------------------------------------------------What You Need to KnowHeightened interest in integrated project portfolio management solutions has sustained this market through hard times. By broadening its view of project management to an organizational governance context, IT management can increasingly address portfolios of projects, priorities, resources and more.AnalysisStrategic Planning AssumptionsBy 2006, more than 50 percent of all project portfolio management functions will be packaged as flexibly configurable, modular Web services (0.6 probability).By 2006, at least 50 percent of IS organizations will have adopted a mix of project portfolio management application services for managing team collaboration, allocating resources, and tracking utilization and costs (0.7 probability).Enterprises will continue to reduce the number of tools needed to manage IT and other project portfolios, in part to provide quicker visibility via direct rollup and analysis of portfolio data. Enterprises delivering projects large and small have long blended tools and manual solutions to allocate resources, schedule activities and milestones, track progress, share project-related documents, control project risks and otherwise manage their project portfolios (see "Ways to Speed Up Projects in the Real-Time Enterprise"). We believe that, during the next five years, project portfolio management (PPM) functions will be increasingly consolidated in flexible and configurable "smart suites" of PPM Web services.A smart enterprise suite can extend platforms to create specialized applications that integrate analytical, business and content management application functionalities, which is precisely what's happening with PPM packages (see >"The Future of the Smart Enterprise Suite"). This trend has been slowly gaining momentum, inhibited by market conditions and the resulting constraints on R&D. Furthermore, pricing pressures have mounted because of the tough PPM market (as well as competition from the Microsoft Project product line), while growth rates for most vendors have decreased or stopped altogether.As noted last year (see "2002 Project/Resource Management Magic Quadrant), application vendors from other areas have also been entering the market and contributing to growth in this space. Since 3Q02, the vendors of the more-integrated PPM solutions have struggled, and the competition is heating up (see Figure 1 and Note 1).Figure 1The PPM Magic QuadrantSource: Gartner Research (July 2003)Note 1Evaluation CriteriaAbility to ExecuteVendor viabilityManagement teamTrack record in delivery and supportFunctional depthSupport capabilitySales and marketingCompleteness of VisionVision of technology and the marketResourcing (including external)Consulting/service commitmentPackage breadthPlatform, database and ERP supportTeam collaboration featuresIS organization requirementsVendors' vision foci differ. Some, such as the enterprise resource planning (ERP) providers, initially focused on project cost accounting, then added planning, resourcing and other PPM features. Others (Primavera Systems, for example) focused first on the latter set of functions, enabling project cost management and exporting cost accounting data to an ERP back end, and later added ways to collect nonproject costs, such as work requests. Although approaching PPM requirements with different strengths, these applications can providereliable IT project and service status data, which was formerly available only in fragments (for example, in such static documents as time reports or resource plans in Excel).In assembling a complete solution, PPM packages often provide integration to address gaps or weaknesses in functionality. Another example of integration is the common dependence on Microsoft Project, while focusing on portfolio analysis, tracking, resourcing, costing, collaboration or other features and offering project planning (such as Gantt charts) for those situations when more-detailed scheduling (in Microsoft Project or alternative schedulers) is not required (see Figure 2).Figure 2PPM: Evolution of an Application SuiteSource: Gartner Research (July 2003)During the past year, developments in the PPM market have included the growing importance of portfolio features — hence, our reference to it as project portfolio management, rather than project/resource management (although resource profiling, leveling and so forth remain significant). IBM has been a growing presence in this market, as well as at its fringes; it acquired Rational Software last year, as well as PricewaterhouseCoopers (PwC) Consulting, including its Summit Ascendant product line, which features tools, IT process support and project management methodology.More directly in the PPM space, IBM has invested in Systemcorp and has assisted in the development of Systemcorp's Enterprise PM Office, which shows an accurate view of market requirements, with an effective breadth of functionality that includes full scheduling, resourcing, and time and expense reporting. Service request management and defect-tracking features further support the needs of IS organizations. Scope management features enable users to integrate project requirements to plan and automate project document management, including version control and the ability to link documents to any level of a work breakdown structure.Built in a Java 2 Platform, Enterprise Edition (J2EE) framework, PM Office's portal approach enables simpler user configurations than previous releases and also features a native Enterprise Dashboard, with hundreds of C-level stored procedures, including many for portfolio reporting. Previously focused on IBM's DB2 database platform, PM Office now directly supports the Oracle database as well.An emerging group of "portfolio analysis" vendors has begun offering solutions for analyzing IT investments and assets, some (such as Pacific Edge Software) as part of PPM product lines (see "The Gartner Portfolio Management Tool for IT Investment"). Other offerings, although short of being PPM products (see Note 2), are moving to offer planning, resourcing and other features that approach the PPM market. Among these emerging tools is Artemis International Solutions' PortfolioDirector (see "Artemis PortfolioDirector for Managing IT Investments"), which has been a bright spot for Artemis in recent years as the company has struggled to put its financial challenges behind it.Note 2PPM Processes for Application SupportA PPM application addresses most of the nine processes defined by the Project Management Institute's Project Management Book of Knowledge: project scope management, time management (that is, planning or scheduling), cost management, resource management, quality management, project communications management, project risk management and project procurement management. The ninth area enables the integration of these processes, such as for pipeline or other analytics. (See "Project Portfolio Management (PPM) Applications: Perspective.")With a profitable quarter to end 2002 (based largely on PortfolioDirector momentum and cost cutting), Artemis continues to correct its cost structure after acquiring the bulk of its joint ventures worldwide. With continued strength in product revenue in Europe, any Artemis comeback is likely to begin there.Another important portfolio analysis tool is ProSight, an innovative solution that entered the American market a few years ago. Using a partnering strategy that involved such vendors as Changepoint, Evolve, PeopleSoft and PlanView, the ProSight tool enabled vendors to extend their offerings. These partners have typically developed competing solutions. ProSight has deepened its tool, adding "playbooks" of dashboards, scorecards, pick lists and forms to target such procedures as IT service-level management, system retirement, project prioritization and IT inventory analysis.Other notable portfolio analysis tools come from Portfolio DecisionWare (an AXS-One/Tivity partner) and United Management Technologies, which has developed StratFrames. Both also offer consulting services as a major part of their businesses. In addition, ProSight has strategically partnered with Fujitsu Consulting for consulting services in the portfolio management space. Lawson Software and Changepoint have similar strategic partnerships with Deloitte & Touche, and PeopleSoft has partnered with Cap Gemini Ernst & Young (CGE&Y).Since 2Q01, Evolve has increasingly marketed outside its initial professional services administration (PSA) niche. In addition to product development, the vendor has targeted IS organizations, especially with its Evolve 6 Portfolio Management version, which was released in late 2002. In March, Evolve introduced its work request management solution, which is similar to that offered by PlanView and Changepoint. These capabilities were among the features that caused Primavera to acquire the chronically unprofitable Evolve for $13million in March 2003 (see "Primavera to Acquire Evolve, Expand Project Management Line").In the IT and application management space, Kintana — slated for acquisition this quarter by Mercury Interactive — has rounded out its product line during the last 12 to 18 months, with demand, portfolio, project, program and time management tools grouped under the banner of "IT Governance." At the same time, Rational's Project Console dashboard has gained traction in Rational's user base, although it falls short of being a PPM product.Along the same lines, PlanView has introduced a set of organizational governance processes called "Prisms," which it has built into its PlanView Portfolio Management 7.3 solution, which was launched at Gartner's Spring Symposium in March. The 11 Prisms are divided into three categories: investments, projects and service. They include a configurable, prepopulated database of attributes and stage gates for different initiatives (such as models for a business investment planning effort, a major development project or a production system support service).Similarly, Changepoint has pursued a vision blending IT portfolio management with resource and project planning and tracking, resulting in a partnership with Deloitte & Touche marketing a "CIO Portal." Now in v.8, the Changepoint product has been rebuilt on .NET, with added Oracle database support, and it has been converted to Unicode for ease of translation (a Spanish language version has also been added). This, along with ongoing enhancement of its request management/help desk-style features, has increased the proportion of Changepoint's internal corporate IT customers and prospects tomore than 50 percent, while its professional service target market has slowed purchases.Microsoft remains a strong presence in the marketplace with its Microsoft Project product line, which features MSP Standard, Professional, Server and Web Access (see "Got a Plan? Microsoft Project 2002 Preview") and provides an effective PPM solution in the Windows and SQL Server environments. Revenue growth for this product line has enabled additional R&D, which has yielded a Microsoft Project 2003 release that is due in the fall, enhancing synergies with other Microsoft technologies, including Windows Sharepoint Services, Office and Outlook. Continued work with Microsoft Solution Partners to address implementation issues provides valuable experience in addressing enterprise needs.ERP II vendors continue to target the space, both defensively (to prevent PPM "midoffice" vendors from expanding their enterprise footprints) and offensively, with PPM products or features packaged with parts of their application platforms to address PPM market requirements. Although initially offered to extend their implementations' project accounting and reporting functionality, some have done significant acquisitions and development.Lawson's offering — enhancing its 2001 acquisition of the XML-based Account4 PSA technology — now features portfolio analysis, with consulting support from Answerthink. Its Service Automation PPM product directly supports SOP 98-1 reporting of application development costs with guidelines for expensing vs. capitalization. Version 5.1's Smart Notification monitors data from Lawson orexternal systems, including the Web, to provide alerts (such as for schedule overruns) via a variety of devices.Oracle's new PPM solution, which was introduced in June 2003, extends its established Oracle Projects module (formerly focused on project costing and billing, with some recent resourcing features) with three new products: Project Management, for building work plans, controlling project issues and changes and tracking progress; Project Collaboration, with a project "workspace" for managing and enabling real-time issue resolution; and Project Intelligence, for analyzing project data.PeopleSoft also has an established project accounting module, which has been extended in recent years with resource management and T&E in its Enterprise Service Automation (ESA) offering. This also features a Contracts module and a Services Procurement module, which PeopleSoft hopes to leverage if greater demand for IT services accompanies an economic recovery. With consulting partner CGE&Y, it also offers CIO OneSource, a combined PPM product/service for IT.SAP is approaching the market with new offerings that may challenge the competition next year: xRPM, a "cross app" for resource and program management that is positioned as a product targeting internal R&D or IS organizations, and SAP Professional Services, a customer relationship management (CRM) solution. Similarly, Denmark-based Maconomy offers vertically differentiated solutions with product templates that target marketing/advertising agencies, audit/tax consulting and research organizations, although they do not target internal IT. Epicor Software does not specifically target IT either, although its Epicor for Service Enterprises software isadaptable, and it has retooled its product line for Web services delivery via its Internet Component Architecture.Another deal of note was Scitor's spin-off last August of its tool business as Sciforma. Its established PS Suite extends advanced planning, tracking and multiproject resource leveling via its Project Communicator (which includes Inform, Objects and Admin modules). Sciforma's new PS Next will go further with workforce skill and capacity management and the ability to track hours against budgets, along with state-of-the-art project planning and scheduling. We expect PS Next's new J2EE framework pricing to drive PPM pricing of flexible, configurable Web services.With another round of investment ($10.5 million in February) and a return to profitability, a stabilized Niku may be poised to take advantage of potential economic rebounds in 2004. On the product front, Niku 6.1 shipped in 2Q03, featuring portlets and streamlined navigation of its five main modules — Niku Projects, Portfolio Manager, Resource Planner, Financial Manager and Niku Workbench —effectively getting the product in shape. Among its new and upgraded Niku 6 customers are several implementations of more than 2,000 users (including team members reporting time/status).Business Engine's v.5 release deepens its budget management, embeds Microsoft Project, adds more online analytical processing (OLAP) cubes for financial management and provides new features for external contractor management. The company has had key implementations at Deutsche Bank, Merrill-Lynch and Delphi Automotive, and each deployment exceeds 5,000 users. Tenrox also embeds Microsoft Project for synchronization without import-export,has a strong focus on T&E and billing, and features an effective workflow tool reminiscent of process-modeling tools offered by ERP vendors.There is a significant PPM niche market for enterprises leveraging the IBM/Lotus Domino platform for PPM purposes. Automation Centre offers TrackerSuite, featuring resource management, time-tracking Domino-based project collaboration, document management and workflow. Customers include DuPont and American Electric Power. Automation Centre also offers a Microsoft-based product. Similarly, Eden Communications leverages Domino with its ProjecTrak family of products. It targets IS with a bug tracker, help desk, asset management and software designer module, among others. Genius Project from the European (Swiss-based) company Genius Inside features risk and simulation modules.Key IssuesWhat project management tools, processes and techniques are required for delivering high-quality, on-time and on-budget applications?How will ERP II vendors and markets evolve?How will enterprises improve the operational efficiency of theire-workplace infrastructures during the next five years?How should project/process management groups for an application development organization be set up, and with what support tools? What tools and technologies will enable enterprises to operate in real time?Acronym KeyCGE&Y Cap Gemini Ernst & YoungCRM customer relationship managementEPM Enterprise Project ManagementERP enterprise resource planningESA Enterprise Service AutomationJ2EE Java 2 Platform, Enterprise EditionOLAP online analytical processingPPM project portfolio managementPSA professional services administrationPwC PricewaterhouseCoopersReturn to Top--------------------------------------------------------------------------------© 2003 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.。

跨域认证简单解决方案-使用第三方Cookie概述跨域认证，意味着用户在一个入口登录后可以无障碍的漫游到其它信任域。

也就是所谓的单点登录(SSO)。

对于大型的服务提供着，常用的方法有：使用安全断言标记语言(SAML)、基于公开密钥技术(PKI-Pubic Key Infrastructure)的Kerberos网络认证协议或者使用Windows采用的认证方案LanManager认证(称为LM协议-对于NT 安装Service Pack4以后采用NTLM v2版本)。

这些认证方式需要单独的认证服务器，对于普通的使用者来说，既难已实现，也不太可能搭建单独的服务器。

有没有一种简单又安全的认证方式呢？本文的目标使用Cookie和SHA1结合实现简单又安全的认证，如用户在中登录后，无需再次登录就可以直接使用中提供的服务。

Cookie是什么Cookie 是由Web 站点创建的小文本文件，存储在您的计算机上。

这样，当您下一次访问该站点时，它可以自动获取有关您的信息，例如浏览喜好，或您的姓名、地址及电话号码。

关键词SSO(Single Sign-On）-单点登录SAML(Security Assertions Markup Language)-安全断言标记语言Cross-Realm Authentication -跨域认证PKI(Pubic Key Infrastructure)-公开密钥技术SHA1(Secure Hash Algorithm 1)-安全哈希算法1P3P(The Platform for Privacy Preferences)隐私参数选择平台单一认证模型1、用户使用a_logon.aspx登录服务器2、在a_logon.aspx中自动嵌入iframe其src指向的b_auth.php3、认证成功后在客户端写入Cookie，通过iframe调用b_auth.php 传递认证参数(经过SHA1后)4、b_auth.php认证成功后在客户端写入认证Cookie5、完成和的统一认证问题：上面提到的过程如果使用FireFox浏览器b_auth.php能够成功写入Cookie,如果使用IE6.0及以上版本b_auth.php写入Cookie失败。

Magic Quadrant for Business Intelligence and Analytics Platforms23 February 2015 ID:G0*******Analyst(s): Rita L. Sallam, Bill Hostmann, Kurt Schlegel, Joao Tapadinhas, Josh Parenteau, Thomas W. OestreichVIEW SUMMARYTraditional BI market share leaders are being disrupted by platforms that expand access to analytics and deliver higher business value. BI leaders should track how traditionalists translate their forward-looking product investments into renewed momentum and an improved customer experience.Market Definition/DescriptionBI and Analytics Platform Capabilities DefinitionThe BI and analytics platform market is undergoing a fundamental shift. During the past ten years, BI platform investments have largely been in IT-led consolidation and standardization projects for large-scale systems-of-record reporting. These have tended to be highly governed and centralized, where IT-authored production reports were pushed out to inform a broad array of information consumers and analysts. Now, a wider range of business users are demanding access to interactive styles of analysis and insights from advanced analytics, without requiring them to have IT or data science skills. As demand from business users for pervasive access to data discovery capabilities grows, IT wants to deliver on this requirement without sacrificing governance.While the need for system-of-record reporting to run businesses remains, there is a significant change in how companies are satisfying these and new business-user-driven requirements. They are increasingly shifting from using the installed base, traditional, IT-centric platforms that are the enterprise standard, to more decentralized data discovery deployments that are now spreading across the enterprise. The transition is to platforms that can be rapidly implemented and can be used by either analysts and business users, to find insights quickly, or by IT to quickly build analytics content to meet business requirements to deliver more timely business benefits. Gartner estimates that more than half of net new purchasing is data-discovery-driven (see "Market Trends: Business Intelligence Tipping Points Herald a New Era of Analytics"). This shift to a decentralized model that is empowering more business users also drives the need for a governed data discovery approach.This is a continuation of a six-year trend, where the installed-base, IT-centric platforms are routinely being complemented, and in 2014, they were increasingly displaced for new deployments and projects with business-user-driven data discovery and interactive analysis techniques. This is also increasing IT's concerns and requirements around governance as deployments grow. Making analytics more accessible and pervasive to a broader range of users and use cases is the primary goal of organizations making this transition.Traditional BI platform vendors have tried very hard to meet the needs of the current market by delivering their own business-user-driven data discovery capabilities andenticing adoption through bundling and integration with the rest of their stack. However, their offerings have been pale imitations of the successful data discovery specialists (the gold standard being Tableau) and as a result, have had limitedadoption to date. Their investments in next-generation data discovery capabilities have the potential to differentiate them and spur adoption, but these offerings are works in progress (for example, SAP Lumira and IBM Watson Analytics).Also, in support of wider user adoption, companies and independent software vendors are increasingly embedding traditional reporting, dashboards and interactive analysis into business processes or applications. They are also incorporating more advanced and prescriptive analytics built from statistical functions and algorithms available within the BI platform into analytics applications. This will deliver insights to a broader range of analytics users that lack advanced analytics skills.As companies implement a more decentralized and bimodal governed data discovery approach to BI, business users and analysts are also demanding access to self-service capabilities beyond data discovery and interactive visualization of IT-curated data sources. This includes access to sophisticated, yet business-user-accessible, data preparation tools. Business users are also looking for easier and faster ways to discover relevant patterns and insights in data. In response, BI and analytics vendors are introducing self-service data preparation (along with a number of startups such as ClearStory Data, Paxata, Trifacta and Tamr), and smart data discovery and pattern detection capabilities (also an area for startups such as BeyondCore and DataRPM) to address these emerging requirements and to create differentiation in the market. The intent is to expand the use of analytics, particularly insight from advanced analytics, to a broad range of consumers and nontraditional BI users —increasingly on mobile devices and deployed in the cloud.Interest in cloud BI declined slightly during 2014, to 42% compared with last year's 45% — of customer survey respondents reporting they either are (28%) or are planning to deploy (14%) BI in some form of private, public or hybrid cloud. The interest continued to lean toward private cloud and comes primarily from those lines of business (LOBs) where data for analysis is already in the cloud. As data gravity shifts to the cloud and interest in deploying BI in the cloud expands, new market entrants such as Salesforce Analytics Cloud, cloud BI startups and cloud BI offerings from on-premises vendors are emerging to meet this demand and offer more options to buyers of BI and analytics platforms. While most BI vendors now have a cloud strategy, many leaders of BI and analytics initiatives do not have a strategy for how to combine and integrate cloud services with their on-premises capabilities. Moreover, companies are increasingly building analytics applications, leveraging a range of new multistructured data sources that are both internal and external to the enterprise and stored in the cloud and on-premises to conduct new types of analysis, such as location analytics, sentiment and graph analytics. The demand for native access to multistructured and streaming data combined with interactive visualization and exploration capabilities comes mostly from early adopters, but are becoming increasingly important platform features.As a result of the market dynamics discussed above, for this Magic Quadrant, Gartner defines BI and analytics as a software platform that delivers 13 critical capabilities across three categories — enable, produce and consume — in support of four use cases for BI and analytics. These capabilities support building an analytics portfolio that maps to shifting requirements from IT to the business. From delivery ofinsights to the analytics consumer, through an information portal often deployed centrally by IT, to an analytics workbench used by analysts requiring interactive and smart data exploration (see "How to Architect the BI and Analytics Platform"), thesecapabilities enable BI leaders to support a range of functions and use cases from system-of-record reporting and analytic applications to decentralized self-service data discovery. A data science lab would be an additional component of an analytics portfolio. Predictive and prescriptive analytics platform capabilities and vendors are covered in the "Magic Quadrant for Advanced Analytics Platforms."See Note 1 for how capability definitions in this year's Magic Quadrant have been modified from last year to reflect our current view of the critical capabilities for BI and analytics platforms.The 13 Critical Capabilities and Use CasesVendors are assessed for their support of four main use cases:Centralized BI Provisioning: Supports a workflow from data to IT-delivered-and-managed content.Decentralized Analytics: Supports a workflow from data to self-service analytics. Governed Data Discovery: Supports a workflow from data to self-service analytics to systems-of-record, IT-managed content with governance, reusability and promotability.OEM/Embedded BI: Supports a workflow from data to embedded BI content in a process or application.Vendors are also assessed according to the following 13 critical capabilities. Subcriteria for each are listed in Note 2. How well Magic Quadrant Leaders' and Challengers' platforms support these critical capabilities is explored in greater detail in the "Critical Capabilities for BI and Analytics Platforms" (to be published shortly). BI and Analytics Platform Capabilities for 2015EnableBusiness User Data Mashup and Modeling: "Drag and drop," user-driven data combination of different sources and the creation of analytic models such as user-defined measures, sets, groups and hierarchies. Advanced capabilities include semantic autodiscovery, intelligent joins, intelligent profiling, hierarchy generation, data lineage and data blending on varied data sources, including multistructured data.Internal Platform Integration: A common look and feel, install, query engine, shared metadata, promotability across all platform components.BI Platform Administration: Capabilities that enable securing and administering users, scaling the platform, optimizing performance and ensuring high availability and disaster recovery. These capabilities should be common across all platform components.Metadata Management: Tools for enabling users to leverage the same systems-of-record semantic model and metadata. They should provide a robust and centralized way for administrators to search, capture, store, reuse and publish metadata objects,such as dimensions, hierarchies, measures, performance metrics/KPIs, and report layout objects, parameters and so on. Administrators should have the ability to promote a business-user-defined data mashup and metadata to the systems-of-record metadata.Cloud Deployment: Platform as a service and analytic application as a service capabilities for building, deploying and managing analytics and analytic applications in the cloud, based on data both in the cloud and on-premises.Development and Integration: The platform should provide a set of programmatic and visual tools and a development workbench for building reports, dashboards, queries and analysis. It should enable scalable and personalized distribution, scheduling and alerts, and workflow of BI and analytics content and applications via email, to a portal or to mobile devices. It should include the ability to embed and customize BI platform components in a business process, application or portal. ProduceFree-Form Interactive Exploration: Enables the exploration of data via the manipulation of chart images, with the color, brightness, size, shape and motion of visual objects representing aspects of the dataset being analyzed. This includes an array of visualization options that go beyond those of pie, bar and line charts, including heat and tree maps, geographic maps, scatter plots and other special-purpose visuals. These tools enable users to analyze the data by interacting directly with a visual representation of it.Analytic Dashboards and Content: The ability to create highly interactive dashboards and content with visual exploration and embedded advanced and geospatial analytics to be consumed by others.IT-Developed Reporting and Dashboards: Provides the ability to create highly formatted, print-ready and interactive reports, with or without parameters. IT-authored or centrally authored dashboards are a style of reporting that graphically depicts performance measures. This includes the ability to publish multiobject, linked reports and parameters with intuitive and interactive displays; dashboards often employ visualization components such as gauges, sliders, checkboxes and maps, and are often used to show the actual value of the measure compared with a goal or target value. Dashboards can represent operational or strategic information. Traditional Styles of Analysis: Ad hoc query enables users to ask their own questions of the data, without relying on IT to create a report. In particular, the tools must have a reusable semantic layer to enable users to navigate available data sources, predefined metrics, hierarchies and so on. Online analytical processing (OLAP) enables users to analyze data with fast query and calculation performance, enabling a style of analysis known as "slicing and dicing." Users are able to navigate multidimensional drill paths. They also have the ability to write-back values to a database for planning and "what if?" modeling. This capability could span a variety of data architectures (such as relational, multidimensional or hybrid) and storage architectures (such as disk-based or in-memory).ConsumeMobile: Enables organizations to develop and deliver content to mobile devices in a publishing and/or interactive mode, and takes advantage of mobile devices' nativecapabilities, such as touchscreen, camera, location awareness and natural-language query.Collaboration and Social Integration: Enables users to share and discuss information, analysis, analytic content and decisions via discussion threads, chat, annotations and storytelling.Embedded BI: Capabilities — including a software developer's kit with APIs and support for open standards — for creating and modifying analytic content, visualizations and applications, and embedding them into a business process and/or an application or portal. These capabilities can reside outside the application, reusing the analytic infrastructure, but must be easily and seamlessly accessible from inside the application, without forcing users to switch between systems. The capabilities for integrating BI and analytics with the application architecture will enable users to choose where in the business process the analytics should be embedded.Magic QuadrantFigure 1. Magic Quadrant for Business Intelligence and Analytics Platforms Source: Gartner (February 2015)Overview of Magic Quadrant PositioningThe vendors' positions in this Magic Quadrant reflect the current market transition. The year 2014 has been another year of challenging execution for the market share leaders in the BI and analytics market, juxtaposed against strong execution by the data discovery vendors that are satisfying customers, meeting their buying requirements and delivering greater business value. Growing business user requirements for ease of use, support for users to conduct complex types of analysis, and a fast time to business benefits are not being well met by vendors that own the large, IT-centric installed base market share. Customers of IT-centric platforms that have a broad range of BI platform capabilities report using them narrowly, most often for production reporting. On the other hand, business-centric platforms such as Tableau, Qlik and other emerging vendors have a more narrow set of capabilities, but are used more broadly for a range of BI and analytics functions — including for reporting, for which they are not optimally suited, and for expanding use cases —primarily because they are easy to use and deploy.The current BI and analytics market situation looks similar to themainframe/workstation market in the late 1980s, which had a complete shift in requirements and buyers. For example, these shifts drove HP to a complete rethink and redesign of its computing platform strategy and architecture. Ultimately this market shift in requirements and buyers wiped out DEC, since it was not effective in adapting to the shift. The market share leaders in the BI and analytics market are now at a similar crossroads.While data discovery platforms predominantly complement IT-centric systems-of-record deployments, they are being used for much of the new analytics project investments. The result has been increased marginalization of the installed-base vendors, which without competitive offerings have fewer opportunities for expanded growth.Displacement of the incumbents by Tableau, Qlik and others are increasing in pockets, particularly in SMBs, although this trend is not yet mainstream. Gartner inquiries and survey data suggest that, increasingly, companies would like to expandtheir use of, and even standardize on, data discovery platforms for their larger enterprise BI deployments, but find that in many cases these platforms lack the necessary enterprise features in relation to governance, administration and scalability (among other things). The data discovery vendors continue to invest in capabilities to reverse these limitations.If we begin to see large-scale displacements by these and other business-user-centric vendors, the market shift will be complete (see "Market Trends: The Collision of Data Discovery and Business Intelligence Will Cause Destruction"). Right now, the majority of buyers seem to be waiting to see if their enterprise-standard BI platform will deliver on the business-user-oriented capabilities they prefer to use to meet new analytics requirements beyond production reporting. The existence of separate systems-of-record reporting platforms and data discovery platforms can pose challenges for organizations attempting to govern, scale and support these different environments and pace layers (see "Applying Gartner's Pace Layer Model to Business Analytics"), with no single vendor fully addressing both.It is very likely that 2015 will be a critical year in which democratizing access to analytics will continue to dominate market requirements and stress the need for governance. Next-generation data discovery capabilities that leverage advanced analytics, but hide its complexity to simplify business user data preparation and automate pattern exploration, are likely to be more important enablers. The extent to which these emerging capabilities and trends impact buying in 2015 and beyond will determine which existing and new vendors emerge from this market transition as market leaders.The need for platforms to scale and perform for larger amounts of diverse data will also continue to dominate BI market requirements. At the same time, the ability to bridge decentralized business-user-led analytics deployments with those centralized to serve the enterprise will be a crucial ongoing challenge for IT and BI vendors. With the added complexities introduced by new data sources (such as the cloud, real-time streaming events and sensors, and multistructured data) and new types of analysis (such as link/network and sentiment analysis, and new algorithms for machine learning), new challenges and opportunities will emerge to integrate, govern and leverage these new sources to build business value. Leaders of BI initiatives will be under pressure to identify and optimize these opportunities and to deliver results faster than ever before.This document presents a global view of Gartner's opinion of the main software vendors that should be considered by organizations seeking to use BI and analytics platforms to develop BI applications. Buyers should evaluate vendors in all four quadrants and not assume that only the Leaders can deliver successful BI implementations. Year-over-year comparisons of vendors' positions are not particularly useful, given the market's dynamics (such as emerging competitors, new product road maps and new buying centers); also, clients' concerns have changed since our last Magic Quadrant, particularly since we are in the middle of a significant shift in this market. It is also important to avoid the natural tendency to ascribe your personal definitions for Completeness of Vision and Ability to Execute to this Magic Quadrant. For the purposes of evaluation in this Magic Quadrant, the measures are very specific and likely to be broader than the axis titles may imply at first glance.Readers are encouraged to look at the Evaluation Criteria and Vendor Strengths and Cautions sections carefully to fully understand the nuances of vendor placement that may not be apparent in the Magic Quadrant graphic. For guidance on the MagicQuadrant evaluation process and on how to use a Magic Quadrant, see "How Markets and Vendors Are Evaluated in Gartner Magic Quadrants."Gartner surveyed 2,083 users of BI platforms as part of the research for this report. Vendors are assessed on a number of key customer survey metrics referred to throughout this report (see Note 3 for how these are calculated). For a detailed explanation of vendor positioning, please see the Vendor Strengths and Cautions section and the Quadrant Descriptions section in this document.A more detailed assessment of product capabilities for vendors positioned in the Leader's and Challenger's quadrant (as well as those vendors that were in the Leader's quadrant last year) are included in the forthcoming "Critical Capabilities for BI and Analytics Platforms."Vendor Strengths and CautionsAlteryxThe Alteryx platform offers a subscription-based analytics platform targeted at business users. Alteryx's tools include easy-to-use advanced data preparation capabilities, location analytics and extensive integration with the R analytics ecosystem.Alteryx maintains its position in the Visionaries quadrant due to its ability to support business users with an integrated set of intuitive tools for data preparation, embedded advanced analytics and application sharing as well as deep geospatial analytics. Instead of being one more reporting and dashboard tool in the BI space, this vendor takes a unique approach to the market — broadening the range of users capable of developing analytic processes.StrengthsSelf-service data preparation is a platform strength, with 54% of Alteryx customers using the platform for this purpose. It earned the top product score for this capability. Embedded BI, including embedded advanced analytics, is another platform strength. Recognizing the benefits of this approach, customers have awarded Alteryx the highest scores for market understanding (ease of use, complexity of analysis and breadth of use — see Note 3), with a wide gap to the second-best vendor. The platform is also able to integrate with Tableau and Qlik, which complement Alteryx by providing the interactive visualization capabilities missing in its own portfolio. It's a win-win situation, because Alteryx in turn fills the gaps in data preparation and analytics features for Tableau and Qlik. Alteryx has been able to leverage these partnerships, participating in joint events and marketing activities — which greatly appeals to its customers. Cloudera (for Hadoop), Databricks (for Spark) and Revolution Analytics (for R), recently acquired by Microsoft, are other examples of close partners supporting a range of expanding capabilities in the big data analytics space. Consulting and system integration companies such as Accenture, Amdocs, BCG, Deloitte and KPMG are also starting to deploy Alteryx in their customer bases. Alteryx's platform earns the third-highest score for ease of use for content creation, but still has the greatest ability to solve complex questions (according to thecustomer survey for this Magic Quadrant). Ease of use is also reflected in a faster-than-average report development time of only 2.1 days — a result in the top three (for fastest report development times) in this Magic Quadrant.Alteryx's customers are generally happy with the platform, with 60% reporting no problems with the tool and 46% of those surveyed reporting no limitations to its expansion in the organization (both these results are above the survey average). The platform achieved the second-best scores for performance, at run time. Customers also rate Alteryx in the top three vendors (for this Magic Quadrant) in terms of achieving business benefits. These experiences contributed to customers' positive view of Alteryx's future.CautionsAlteryx is primarily used in decentralized BI deployments and does not support a centralized BI use case — putting it among the lowest percentage for customers using the platform in this way. Only Datawatch and GoodData customers report lower percentages of centralized deployments. It also supports the lowest number of users, with only 55 on average. This confirms the use of Alteryx as a point solution for analytics at the departmental level. It should, therefore, be deployed as a complement to other tools within an organization.The platform excels in some capabilities (as identified above), but has also clear limitations in areas such as reporting, dashboards, mobile — BI content visualization and delivery in general, plus metadata management and BI platform administration. These gaps serve to highlight its best fit as a complement to other tools.Cost of the platform is a barrier to its adoption, with 34% of customers identifying this as a limitation to further expansion. This could become an issue as other tools with better price points (namely in the data discovery space) gain more advanced capabilities for data preparation and analytics — closing Alteryx's window of opportunity. We should, however, recognize that this is a major improvement over last year's results — when 67% of customers identified cost as a limitation to further expansion.Although increasingly supported by the partner networks of Tableau and Qlik, Alteryx still lacks a wide geographic presence; it has coverage in North America, a limited presence in Europe and exploratory moves and partnerships into other regions. The company is investing to overcome this challenge and will continue to expand its geographic presence through indirect channels, building on the current network of partners present in 60 countries.BirstBirst has defined the pioneering vision of what a set of cloud BI and analytics capabilities should look like. It has a unique two-tier data architecture coupled with a BI and analytics platform and allows customers to keep their data on-premises if they so choose.Birst is a Challenger in this Magic Quadrant, primarily because of its product strategy and innovations and because it has adapted its strategy, organization and focus as the market for cloud BI has evolved. It has grown the business at a good pace in execution/delivery and customer satisfaction.StrengthsBirst's two-tier architecture — which plugs into existing data warehouses, data lakes or applications — automates the process of refining the data and creating a more unified model/view of the data, and adds a BI layer for business users' analyticsneeds. Birst offers an appliance with the same code base as the cloud offering — for those customers that want to take advantage of its product strengths but prefer a private cloud. Unlike most other cloud-only players, with Birst a customer's application data can be left on-premises in the "Birst Live Access" mode, while aBI/analytics application (using the data) runs in the Birst cloud. Customers report that 59% of their data comes from cloud sources — the highest of any vendor in this Magic Quadrant. Only GoodData, the other pure-play cloud vendor, comes close with 52%.Birst scores well for a centralized BI use case, with core product strengths in cloud deployment, BI platform administration, development and integration, embedded BI, metadata management, IT-developed reports and dashboards, and traditional styles of analysis.Birst is rated as easy to integrate and use. A short development time for fairly complex reports and analysis is cited by customers. Birst has among the highest integration scores (both within and external to the platform) and also scored high on ease and breadth of use. Customers report high achievement of business benefits. Many customers are using Birst's predefined, vertically specific BI applications (for example, Birst Sales Analytics Solution Accelerator, Birst for Insurance, Birst for Usage Analytics), which help accelerate time to value and business benefits. Operational execution is a key strength and Birst has among the highest customer experience (see Note 3) scores in this Magic Quadrant. Birst is the only BI vendor with a chief customer officer who is responsible for developing best practices and working with customers from the onset of an engagement to ensure their success. Every two weeks, Birst hosts "Office Hours" for its customers via a Web meeting; any customer can join to discuss product usage and best practices.Birst has a broad range of technology provider partnerships and integrations with companies such as SAP, Amazon, NetSuite, Salesforce and Informatica, and more recently with Tableau.CautionsBirst scored well overall in product functionality, but its main product limitations are around the lack of adoption/penetration of its data discovery and mobile capabilities. Collaboration capabilities are also an area where it will need to increase its level of innovation to competitively meet business user requirements.Survey data for cloud BI (for this Magic Quadrant) shows that the primary interest (and investment) is in hybrid and private cloud offerings. Birst has generally been viewed as more of a pure-play public cloud BI/analytics company, with limited support for private clouds, and little awareness of its appliance offering. It needs to reposition itself to be viewed as a general-purpose BI/analytics platform rather than as a specialty cloud vendor.Large software vendors such as MicroStrategy, Oracle, IBM, SAP and Salesforce are entering the market with their own cloud BI/analytics services and could bring additional pricing and competitive pressures to pure-plays such as Birst.。

Magic Quadrant for Endpoint Protection Platforms2 January 2013 ID:G0*******Analyst(s): Peter Firstbrook, John Girard, Neil MacDonaldVIEW SUMMARYThe endpoint protection platform provides a collection of security utilities to protect PCs and tablets. Vendors in this market compete on the quality of their protection capabilities, the depth and breadth of features, and the ease of administration.Market Definition/DescriptionThis document was revised on 27 March 2013. The document you are viewing is the corrected version. For more information, see the Corrections page on .The enterprise endpoint protection platform (EPP) market is a composite market primarily made up of collections of products. These include:∙Anti-malware∙Anti-spyware∙Personal firewalls∙Host-based intrusion prevention∙Port and device control∙Full-disk and file encryption, also known as mobile data protection∙Endpoint data loss prevention (DLP)∙Vulnerability assessment∙Application control (see Note 1)∙Mobile device management (MDM)These products and features are typically centrally managed and ideally integrated by shared policies.DLP, MDM and vulnerability assessment are also evaluated in their own Magic Quadrant or MarketScope analyses. Longer term, portions of these markets will get subsumed by the EPP market, as the personal firewall, host intrusion prevention, device control and anti-spyware markets have in the past. EPP suites are a logical place for convergence of these functions. Indeed, 53% of organizations in a recent Gartner survey1 already use a single vendor for several of these functions, or are actively consolidating products. In particular, mobile dataprotection is the leading complement to EPP and purchasing decisions regarding the two products are increasingly made together. For most organizations, selecting a mobile data protection system from their incumbent EPP vendors will meet their requirements.In 2012, the large enterprise EPP market is still dominated by Symantec, McAfee and Trend Micro, which together represent approximately 68% of the total revenue of Magic Quadrant participants. Sophos and Kaspersky Lab are the two other global leaders that are competitive across multiple functions and geographies, and push the combined Leaders quadrant market share to 85%. Despite the introduction of new players, the displacement of incumbents is still a significant challenge in the large enterprise market. The biggest impact of the Magic Quadrant Challengers and Visionaries is to push the dominant market players to invest in new features and functionality (sometimes via acquisitions) to stay ahead, and to keep pricing rational. In the less demanding small and midsize market, competition is more intense. A number of Niche Player solutions are dominant in specific regions.The total EPP revenue of the Magic Quadrant participants at year-end 2011 was roughly $2.8 billion, up 4% from 2010. We attribute this growth primarily to increased buying ofmore-expensive suites, offset by lower prices for low-end malware-only solutions. Consequently, EPP revenue growth is more a result of an inflow of revenue from other markets. We anticipate that growth will continue to be in the low single digits in 2013.Microsoft is the best vendor in a position to challenge the incumbent Leaders, primarily due to attractive pricing in its enterprise agreements. Approximately one-third of enterprise buyers1 indicate they are actively considering Microsoft or plan to do so during their next renewal periods. However, Microsoft's slow development, the lack of a single unified security management interface and mediocre test results will temper its adoption. Longer term, we believe that increased displacement of Windows endpoints with application-controlled OSs (such as Microsoft WinRT and Apple's iOS and OS X Mountain Lion) is the biggest market threat. These solutions shift the value proposition of EPP solutions from traditional anti-malware to MDM and data protection capabilities.Return to TopMagic QuadrantFigure 1. Magic Quadrant for Endpoint Protection PlatformsSource: Gartner (January 2013)Return to TopVendor Strengths and CautionsArkoon Network SecurityArkoon Network Security's StormShield EPP solution (formerly offered by SkyRecon Systems) is designed as a seamless integrated EPP with a focus on behavioral protection. Arkoon's Ability to Execute score is hampered by its relatively small market share and limited geographic presence, as well as its still-maturing management capabilities. StormShield EPP is a reasonable shortlist solution for organizations that are in supported geographies seeking abehavior-based approach to malware detection, and for those that are willing to invest extra effort to administer the advanced capabilities of the offering.Strengths∙The vendor's flagship product, StormShield Security Suite, is designed to address system and data protection via an extensible EPP capability that integrates multiplelayers of security. These include a host-based intrusion prevention system (HIPS), a personal firewall, device control, encryption, and an optional, fully integratedsignature-based, anti-malware engine licensed from Avira. The suite boasts a singlelightweight agent (15MB, including anti-malware protection) that is extensible tosupport multiple functions and runs at the kernel level.∙We particularly like Arkoon's focus on advanced behavioral-based HIPS techniques, such as memory overflow protection, anti-keylogging, application control, rootkitdetection, honey pots, privilege escalation, reboot protection and driver management.Remediation and status assessment are enabled with administrator-generated scripts.∙StormShield effectively uses policy-based restrictions to minimize the attack surface with object-oriented policies and configurations that are easy to set up. Policy-based application blacklisting/whitelisting is improved by a challenge response mechanism, which allows users to add software if they type in the justification for the installation ina pop-up window.∙Full-disk encryption and encryption for files and folders on fixed hard drives and removable devices is available. Recent improvements include support for fullyencrypted logical containers in addition to per-file encryption.∙Arkoon has created a bundled mobile data protection product that includes Security Box and StormShield, but without any technical integration.Cautions∙Although it continues to grow rapidly, StormShield has a very small market share in this Magic Quadrant. Neither SkyRecon nor its parent company Arkoon has significant brand recognition or a significant enterprise client base outside of Europe.∙StormShield does not participate in any of the prominent endpoint protection malware tests, so it is difficult to compare its malware detection performance against othersolutions in the market.∙StormShield supports Windows only, and provides no Mac, Linux, Unix, mobile or email server support. Although it works in a virtual machine (VM) environment, there are no features specific to virtualization.∙The full-disk encryption product is immature, compared with those offered by the Leaders in this Magic Quadrant.∙Application control is suitable for allowing or blocking specific applications, or completely locking clients down, but it does not have workflow features or anapplication database that would allow a flexible application control environment.∙The only option for signature-based anti-malware protection is from Avira. Arkoon hasa very small malware research team and is dependent on Avira for signature-basedprotections.∙The management interface is comprehensive, but not recommended for nontechnical users. The console lacks dashboards and context-sensitive help. Much of the advanced capability is achieved by administrators creating their own scripts.∙Ad hoc reporting is not supported. Reports can be filtered, but not changed, and it is not possible to drill down into details.∙There is no out-of-the-box security state assessment beyond the EPP agent status, and no significant integration with operations tools, such as vulnerability.∙The vendor does not yet offer a client DLP solution.Return to TopBeyondTrustBeyondTrust acquired eEye Digital Security in May 2012, and plans to combine eEye's vulnerability analysis and endpoint protection with its privileged management solutions. Current Beyond Trust and eEye Retina customers and enterprises that value integrated vulnerability analysis should consider BeyondTrust's eEye Blink.Strengths∙The management console of eEye Retina and eEye Blink is a Flash-based user interface that manages the various eEye offerings. It provides role-based reporting anddashboards, dynamic associations of target machines via Active Directory and Smart Groups, and additional reporting modules for compliance, configuration and patching.It also provides integration into Microsoft System Center.∙BeyondTrust enables the removal of Windows administrator rights while still selectively escalating privileges for legacy applications. It also provides tools for databasemonitoring and endpoint DLP.∙In addition to licensed anti-malware signature libraries from Norman, BeyondTrust now has a small, but very skilled, team of malware experts that provides excellenttechnical support and malware information.∙The anti-malware techniques include process execution rules, registry protection and file integrity monitoring.∙BeyondTrust is one of the few providers in this Magic Quadrant analysis to offer a service-level agreement (within 48 hours) on new critical exploits, meaning that it will protect against these exploits within 48 hours, even if the system is unpatched.∙BeyondTrust PowerBroker Mobile offers cloud-managed MDM, and Retina can providea mobile vulnerability scan.Cautions∙Prior to the acquisition, eEye was growing quite rapidly, however it had a very small market share in the EPP market, and did not come up in calls with Gartner clients often.eEye was one of the smallest vendors in this market. Its total staff size, including the research and engineering groups, was small compared, with the EPP industry average.Most of its installed base is in North America.∙The vendor's solution has the capability to blacklist applications, but it is a manual process with no trusted sources of change, not a full application control solution.∙BeyondTrust PowerBroker Mobile is in a separate, cloud-based management interface.∙Although the Blink team develops its own signature spyware database and cleanup routines, the solution relies on Norman for anti-malware signatures; therefore,business disruptions at Norman could impact Blink customers. Although the Norman anti-malware engine is tested regularly, Blink does not participate in any industry tests (other than the Virus Bulletin's VB100 test) to demonstrate the effectiveness of itscollection of technologies. Automated malware damage cleanup capabilities arelimited.∙Blink has limited device control capabilities and no encryption capabilities. It lacks the ability to enforce encryption on data that is written to external storage devices, but it does have a number of policies to limit access and writing to external devices.∙Blink supports only Windows OS desktop and server platforms (including Microsoft Internet Information Services [IIS]).∙The anti-malware agent works on a virtualized Windows host. However, it is not optimized for a virtualized environment.Return to TopCheck Point Software TechnologiesCheck Point Software Technologies is a well-known, long-term network security company. It will appeal to organizations that value strong integration between remote access solutions, full-disk and media encryption, and the EPP suite.Strengths∙Check Point offers selective activation of capabilities packaged as "software blades."Blades include a personal firewall, anti-malware (licensed from Kaspersky Lab),full-disk encryption, network access control (NAC) and an integrated VPN.∙Check Point's endpoint management console offers a clean interface with easy navigation and quick access to summary data. The dashboard can be customized for each administrator. Administrators may develop and view user-specific policies across multiple devices.∙In April 2012, Check Point launched ThreatCloud, which compiles a database of known Internet Protocol (IP) addresses that distribute malware, plus URLs and signatures of malicious applications.∙Check Point's Mobile VPN supports iPhone, iPad and Android mobile devices, and manages Exchange email synchronization.Cautions∙Despite its significant enterprise network presence, brand and channel, the vendor has failed to significantly improve its market share or mind share in the EPP market,beyond its installed base of VPN, host firewall and encryption customers. Gartnerclients rarely inquire about Check Point's EPP solutions, nor does Check Point appear in competitive reviews from other sources.∙Check Point's dependence on Kaspersky Lab's engine and signature updates continues to challenge enterprise buyers to differentiate it from Kaspersky Lab, which is rapidly adding other competitive features.∙Check Point views MDM as a network manager's tool; consequently, MDM capabilities are in the SmartDefense dashboard, not the EPP dashboard.∙Check Point protection is oriented to Windows endpoint PCs. Not all software blades are available for OS X, and it doesn't offer protection for specialized servers, such asMicrosoft Exchange, SharePoint or Lotus Notes.∙Although its agent will run in VMs, Check Point has no specific optimization for virtualized environments.∙Check Point's application control capabilities (which it calls "program control"), augmented with its Program Advisor service, are suitable for blocking or allowing aspecific set of applications, but do not provide a manageable default deny application execution environment.∙Check Point does not currently offer integrated network and endpoint DLP, but is pursuing a 2013 road map in response to customer interest.Return to TopEsetEset has built a substantial installed base in EMEA, particularly in Eastern Europe, and it has a rapidly growing small or midsize business (SMB) presence in North America. Its Completeness of Vision score benefits from good malware effectiveness in a lightweight client, but it still suffers from weak enterprise management capabilities and lack of investment inmarket-leading features, such as data protection or more holistic security state assessments. Eset is a good shortlist option for organizations seeking an effective, lightweight anti-malware solution.Strengths∙The flagship enterprise product, Eset Endpoint Security, includes integrated anti-malware, anti-spam, HIPS, device control, Web content filtering and a personalfirewall in a single-agent footprint. Installation can be tailored to specific needs byselecting only the modules that are desired.∙The low performance impact of the Eset product has been noted by many customers.∙Its anti-malware engine is a consistently solid performer in test results. The Eset engine has a strong reliance on heuristics and generic signatures, and includesclient-based malicious URL filtering and sandbox heuristics, which run all executablefiles in a virtual emulator. The vendor recently introduced Eset Live Grid, a cloud-based reputation service.∙The vendor supports a broad range of Windows clients and servers, including Exchange, Lotus Notes/Domino, Linux, and Novell NetWare and Dell storage servers; mobiledevices (Windows Mobile, Android and Symbian); and Apple OS X and Linux desktop platforms. In December 2012, the vendor launched Eset Endpoint Security for Android phones and tablets.∙Eset offers a limited MDM solution with the launch in 2011 of Eset Mobile Security Business Edition for Windows Mobile and Symbian. Eset recently launched EndpointSecurity for Android.Cautions∙The management interface is adequate, but it is still a Win32 application. Eset has a great point-in-time system inspector function, Eset SysInspector, but it cannot storehistoric asset information, nor does it provide any vulnerability or configurationinformation that would aid in security state assessments that go beyond AV status. A separate Web-based dashboard provides a flexible customizable reporting interface,but it does not allow for direct drill-down into the management console.∙Eset is reluctant to advance to data protection with encryption or DLP solutions.∙Removable media/port protection is a good addition, but policy is complicated by drop-down menus making it awkward, and a lack of encryption means policy cannotinclude the option to encrypt data on removable media.∙Clients can be distributed by the management console; however, deinstallation of competitive solutions is an additional service cost that isn't included in the solution.∙Heuristics can add a performance impact, especially on older PCs, although it is not turned on by default.∙Eset doesn't yet offer application control.∙Although Eset Endpoint Security operates in a virtual environment and has a low system impact, it has not been optimized for these environments.Return to TopF-SecureF-Secure, a veteran of the anti-malware industry for more than 20 years, has a very good track record for malware testing results. The vendor is focused on endpoint protection and is less interested in other aspects of the EPP market, such as data protection. F-Secure is a good choice for organizations in supported geographies that prefer dedicated malware protection solutions.Strengths∙F-Secure has consistently good malware test results and performance tests. It provides cloud-based look-ups and a file reputation feature, which considers filemetadata (such as prevalence, source and age) before allowing files to execute. Weparticularly like the sandbox environment for behavior testing on Windows clients,which tests unknown applications in a virtual sandbox for malicious behavior.∙The vendor offers one of the better rootkit detection and removal tools, called BlackLight.∙F-Secure client agents are lightweight, with minimal performance impact.∙Basic device control functionality was recently introduced.∙F-Secure has mobile clients for Android, Research In Motion, Symbian and Windows Mobile, and a cloud-based MDM capability primarily aimed at SMBs. It also offersprotection for a broad range of Linux variants and Mac platforms.Cautions∙F-Secure has very little presence or brand recognition in markets outside of Northern Europe. It has a minimal market share, despite its long-term presence in the market, and it is growing much slower than the overall market.∙Although F-Secure develops some its own signatures and behavioral detection techniques for advanced threats, its solution relies heavily on Bitdefender for themajority of anti-malware signatures; business disruptions at Bitdefender could impact F-Secure customers.∙F-Secure's client/server-based (Windows or Linux) management interface is very limited and is lacking numerous enterprise features. It only has two roles (full orread-only). It does not offer any security state or asset information beyondanti-malware status, and does not provide any significant customizable dashboardcapability or any drill-down into remediation capability. Autodiscovery of newunmanaged agents and Active Directory synching is partly a manual process and can't be scheduled, although automation exists for importing new agents and removinginactive agents. The reporting capability is very basic and does not allow for ad hocreporting.∙F-Secure does not offer encryption or DLP capability. Device control is basic. It does not offer any application control capability.∙MDM capability is not integrated into the endpoint management console. Mac clients are not managed in the same console as Windows clients.∙F-Secure does not provide any protection for SharePoint servers (this is due in 1H13).∙Virtualization support is limited to optimization of the AV clients with randomization of scheduled tasks.Return to TopGFI SoftwareGFI Software has a portfolio of security offerings targeted at SMBs. It has expanded its Vipre Business offering during the past year, integrating patch management and MDM capabilities.GFI is squarely aimed at the SMB market, where ease of use and "set and forget" functionality are sought-after attributes. The vendor should be considered by SMBs looking for straightforward and easily managed anti-malware protection with a low performance impact.Strengths∙The GFI Vipre console is straightforward and easy to use, and provides consistent management across Windows and Mac clients, as well as email anti-malware scanning.∙The latest version of Vipre Business Premium includes integrated PC application patch management capabilities from the GFI LanGuard offering, which will appeal toorganizations that have no other solution for patch management.∙The latest versions of Vipre Business Premium and Vipre Antivirus Business include MDM capabilities for Android and iOS, also using the same integrated console.∙GFI offers a free, Web-hosted malware analysis engine that provides immediate forensic feedback on submitted application files.∙Signature-based anti-malware scanning is augmented with GFI's MX-Virtualization sandboxing technology, which analyzes malware in real time within a partitionedenvironment on the PC.Cautions∙Network discovery of machines without agents uses NetBIOS or Active Directory, which limits discovery of devices to Windows-only devices.∙GFI's patch management capabilities are limited to Windows and Windows applications.Mac OS is on its road map.∙ A device control solution is available separately for an additional cost; however, it usesa different management console, and GFI offers no option for full-drive encryption.∙Other than Exchange email filtering, GFI offers no DLP capabilities.∙GFI has no application control capabilities.∙GFI offers no specific integration with VMware's vShield APIs, although scanning can be randomized to reduce loading.∙The agent would benefit from better tamper protection.∙MDM capability is limited.Return to TopIBMIBM's EPP offering is built on the foundation of its strong client management tool platform, the Tivoli Endpoint Manager (TEM; formerly BigFix). The core malware engine (now called TEM for Core Protection) is provided by Trend Micro, and advanced HIPS capability is provided by Proventia (formerly ISS). These tools are augmented with IBM's X-Force research labs. Large organizations that are considering IBM for client management tools or those looking at Trend Micro should include IBM on their shortlists.Strengths∙TEM provides a converged endpoint management and security operations console that supports large enterprise needs across multiple endpoint types, including mobiledevices.∙TEM for Security and Compliance offers fully integrated patch, configuration and vulnerability management, as well as the ability to monitor other EPP agents, such as McAfee, Symantec and Microsoft.∙TEM for Mobile Devices enables unified MDM of iOS, Android, Windows Phone, Windows Mobile and Symbian devices with the same management infrastructure. Servicesinclude inventory profile management, remote locate and wipe, and app deployment.IBM is rated a Visionary in the MDM software Magic Quadrant.∙Add-on components include TEM for Data Protection, which provides port/device control and DLP. Application control is offered via Bit9 integration with the TEMplatform.∙The security and compliance analytics Web interface can establish and monitor built-in and admin-created key performance metrics and show compliance over time.∙The IBM Global Services group offers a mature managed security services.∙IBM server protection products boast very broad server support for Windows, Linux, HP-UX, Solaris and AIX, including 64-bit support for Windows and Linux, and new AIX6.1 support.Cautions∙IBM is starting to show some traction in this market; however, mind share for this solution, as represented by Gartner client inquiries, is still very low, despite IBM'sobvious size and channel advantages.∙IBM appeals mostly to very large enterprise customers that value the integration of operations and security. The Win32 console is complicated and is not designed fornontechnical users.∙The vendor has a large and somewhat confusing product portfolio in this market, and prospective customers must carefully match desired features with specific productofferings. The complete suite is expensive.∙The TEM console is very powerful, and has more reporting and management capabilities than most EPP security solutions; however, it is still not fully optimized for the security role.∙TEM for Core Protection does not provide AV for Exchange, SharePoint, Lotus Notes and other specialized servers.∙Although IBM has its X-Force security analysis team, it is dependent on Trend Micro for its broad signature database. Disruptions at this critical partner could have an impact on IBM's customers. Integration of the latest Trend Micro engine into the TEM client can take a few months.Return to TopKaspersky LabKaspersky Lab continues to be one of the fastest-growing large vendors in this Magic Quadrant, and its brand awareness is growing outside its large European installed base, improving its ability to execute. The vendor continues to broaden its offering with internally developed features that are tightly integrated into the client and management console, allowing for cross-feature policies. At the same time, Kaspersky Lab continues to perform very well in malware effectiveness testing. Organizations looking for an alternative vendor to the traditional market leaders should evaluate this vendor.Strengths∙The MMC management console is comprehensive and offers granular control and policy.The dashboards can be customized with predefined graphs and are task-oriented. We particularly like the security status dashboard, which rolls up warnings of vulnerability, AV client status, infection information, network events and OS error reports.∙Kaspersky is building out an impressive array of traditional client management tools, including vulnerability analysis, patch management, application inventory, application control and MDM.∙Kaspersky Mobile Security provides MDM capability and security agents for mobile clients. Advanced functionality includes Web threat protection, application control and jailbreak detection.∙Application control capabilities provide a fully categorized application database and trusted sources of change, as well as offering client-level Web filtering for managingwebsites and Web applications.∙Kaspersky Lab is introducing centrally managed file-level and full-disk encryption with preboot authentication for hard drives and removable devices, integrated withendpoint security policies and application and device controls.∙Device control capabilities are very detailed. The solution was recently improved with the addition of integrated files, removable media and a full-disk encryption solution.Encryption is integrated into device control policy to optionally force encryption onremovable media.∙The malware research team has a well-earned reputation for rapid and accurate malware detection. The vendor offers advanced HIPS features, including an isolatedvirtual environment for behavior detection, application and Windows registry integrity control, real-time inspection of code at launch, and integrated malicious URL filtering.On PCs, the endpoint agent (Kaspersky System Watcher) can perform a systemrollback.∙The agent has a small disk and memory footprint for an integrated solution, and signature updates are small and frequent.∙Kaspersky Lab offers broad endpoint platform support, including an agentless VMware vShield solution with an intrusion prevention system/intrusion detection system(IPS/IDS) using VMware Network Extensibility (NetX) technology, all managed byKaspersky Security Center.。

brilliantly simple security and controleffectively and more efficiently than any other global vendor.Security used to be about identifying code known to be bad and preventing it from breaching the organization’s network perimeter. T oday, that’s not enough. Increased employee mobility, flexible working and visitors plugging into the corporate systems are all leading to the rapid disappearance of the traditional network.As IT departments fight to regain control, a fragmented security strategy that involves separate firewalls, anti-virus and anti-spam is no longer acceptable.Against a background of escalating support desk costs and relentless demands for increased access to corporate information, the challenge of providing reliable protection from today’s sophisticated, blended threats is complicated by other factors. The need to enforce internal and regulatory compliance policies, and the emergence of the ITdepartment as a key supporter of business strategy and processes, has made itsimportance broader and more critical than ever before.The result is a recognition that today’s security requires not just the blocking of malware, but also the controlling of legitimate applications, network access, computer configuration, and user behavior. The solution to the problem lies in enforcing security through control. Sophos Enterprise Security and Control does just that.“We’re seeing different types of threat, a vastly changed environment and organizations struggling with as many as ten point-products. Our response is simple – we’ve integrated the protection they need into a single, easily managed solution.”Richard JacobsSophos Chief T echnology OfficerEvolving threat –the need for control»»Unifying multiple threat technologies at the web, email and endpointEnterprise Security and Control gives you a brilliantly simple way to manage the cost and complexity of keeping your organization threat-free.Defeating today’s and tomorrow’s threats Sophos provides ongoing rapid protection against multiple known and emerging threats. Unique technologies developed by experts in SophosLabs™ protect you from unknown threats at every vulnerable point – desktops, laptops, servers, mobile devices, email and web – before they can execute and even before we have seen them.Unifying control of the good, the bad, and the suspiciousAs well as blocking malicious code and suspicious behavior , we give you the control you need to prevent data leakage and maximize user productivity – making web browsing safe, eliminating spam, stopping phishing attacks, and letting you control the use of removable storage devices, wireless networking protocols and unauthorized software like VoIP , IM, P2P and games. You can ensure that securityprotection on your computers is up to date and enabled, certify computers before and after they connect to your network, and prevent unauthorized users from connecting.Giving real integration todeliver faster, better protectionNo matter what stage of the process you are talking about, we take a completely integrated approach. At the threat analysis level, SophosLabs combines malware, spam, application and web expertise. At the administrative level, you can manage all threats with single, integrated policies, and at the detection level, our unified engine looks for the good and the bad at every vulnerable point, in a single scan.Driving down costs through simplification and automationOur approach of easy integration andsimplification for any size network allows you to achieve more from existing budgets. At-a-glance dashboards, remote monitoring, and automation of day-to-day management tasks free you to tackle business problems rather than having to maintain the system.“We’ve engineered an intelligent engine that simultaneously scans for all types of malware, suspicious behavior, and legitimate applications – to maximize the performance of our endpoint, web and email solutions.Security and control, in a single scan.”Wendy DeanSophos VP of Engineering»Over 100 million usersin 150 countries relyon Sophos“It doesn’t really matter anymore where the threat comes from – webdownload, email attachment, guest laptop – the lines are blurring. All thatmatters is that you don’t get infected, and our exceptional visibility andexpertise ensure you won’t.”Vanja SvajcerSophos Principal Virus ResearcherExpertise and technology for real securityAt the heart of our expertise is SophosLabs,giving you the fastest response in theindustry to emerging threats, and deliveringpowerful, robust security. With an integrated global network of highly skilled analysts with over 20 years’ experience in protectingbusinesses from known and emerging threats,our expertise covers every area of network security – viruses, spyware, adware, intrusion, spam, and malicious URLs.Integrated threat expertise, deployment and detectionMillions of emails and web pages analyzed every day Thousands of malicious URLs blocked every day Innovative proactive technologies forpre-execution detection»»»»Constant independent recognition including 36 VB100 awards Automated analysisGenotype database with terabytes of data»»»“The excellence of our web, email and phone support services really sets us apart from our competitors. We provide 24-hour support, 365 days a year. When customers call us they speak directly tosomeone who is able to solve their problem.”Geoff SnareSophos Head of Global Technical Support»Web, email andtelephone support included in all licensesSophos NAC AdvancedAdvanced features designed specifically for enterprise network access control requirements. Providing easy deployment across existing network infrastructures, controlled access to the network, and enforced computer compliance with security policy before and after connecting to the network.Improving security through control for web, email and endpointEnterprise Security and Control delivers complete protection for desktops, laptops, mobile devices, file servers, your email gateway and groupware infrastructure and all your web browsing needs – in one simple license.It is also possible to subscribe separately to the Web, Email and Endpoint Security and Control services. In addition, there is a more advanced network access control (NAC) option for larger organizations.Web Security and ControlManaged appliances providing safe and productive browsing of the web, with fully integrated protection against malware, phishing attacks, drive-by-downloads, anonymizing proxies,spyware, adware, inappropriate visiting of websites, and data leakage from infected computers.Email Security and ControlManaged email appliances and protection for Exchange, UNIX and Domino servers, providingunique integration of anti-virus, anti-spam, anti-phishing and policy enforcement capabilities to secure and control email content.Endpoint Security and ControlA single automated console for Windows, Mac and Linux computers, providing integrated virus, spyware and adware detection, host intrusion prevention, application control, device control, network access control and firewall.Multiple threat protectionAnti-virus Anti-spywareAnti-adware and potentially unwanted applications Application control – VoIP , IM, P2P and moreDevice control – removable storage and wireless networking protocols Behavior analysis (HIPS)Client firewall Anti-spam Anti-phishingEmail content controlMalicious website blocking Productivity filteringReal-time web download scanning Automatic anonymizing proxy detection Control of guest access Blocking unknown or unauthorized users »»»»»»»»»»»»»»»»Full details of each of our products can be found at and on separate technical datasheetsSophos Professional ServicesSophos Professional Services provides the right skills to implement and maintain complete endpoint, web and email security , ensuring rapid, customized, deployment of our products.Unrivalled round-the-clock supportOur globally managed support team provides web, email and telephone support. 24x7x365 technical support is included for all products and you can call us for one-to-one assistance at any time.Simple pricing and licensingOne simple, subscription-based license provides web, email and telephone support and all future updates to protection, management and product upgrades.“We’re seeing a tremendous rise in organizations of all sizes switching to us from legacy security vendors. Like the leading independent analysts and industry watchers, they trust us, they trust our products, they trust our vision.”Steve MunfordSophos Chief Executive OfficerOur unique approach is why analysts see us as the clear alternative to Symantec and McAfee, and why over 100 million users, including the world’s leading business and security organizations, trust Sophos.The analyst view“Buyers who prefer a broad and comprehensive EPP suite with impressive management capability, especially NAC...will do well to consider Sophos.” Gartner, Magic Quadrant for Endpoint Protection Platforms 2007The customer view“We’ve been delighted by the high level of dedicated support and expertise delivered by Sophos, particularly given our need for a fast implementation.”Chris Leonard, European IT Security and Compliance Manager, HeinzThe industry view“Sophos... consistently beat McAfee and Symantec in ease-of use which should reduce recurring costs in any size enterprise.”Cascadia Labs, Comparative Review, Endpoint Security for Enterprises Sophos customers include: CitgoDeutsche Postbank AGGE, IncGulfstreamHarvard UniversityHeinzHong Kong UniversityInterbrewMarks & SpencerNew York UniversityOrangeOxford UniversityPulitzerSainsbury’sSiemensSociété GénéraleToshibaUniversity of HamburgUniversity of OtagoUS Government AgenciesWeleda AGXerox Corporation»»»»»»»»»»»»»»»»»»»»»»»the clear alternative to Symantec and McAfeeBoston, USA |Oxford, UK204。

公司简介全球总部：赛门铁克公司地址：20330 Stevens Creek Blvd.Cupertino，CA 95014，U.S.A.电话：+1 408 517 8000传真：+1 408 517 8186网址：公司概述：信息是今天全球经济的“硬通货”。

个人和企业都在依靠信息的全球发布和存储来进行管理、商业交易并做出个人决策。

但是，我们所依赖的信息正日益处于风险之中。

网络威胁、自然灾害、用户错误和系统故障使关键信息资产的安全性和可用性暴露于危险中。

个人和企业正在寻找一个能够帮助自己了解和管理信息风险的合作伙伴——无论是保护PC上的个人信息，还是创建富于弹性和灵活性的全球IT基础设施。

利用创新的技术解决方案和服务，赛门铁克可以帮助个人和企业保护和管理自己的数字资产。

赛门铁克提供了广泛的解决方案，其中包括企业和消费者安全、数据管理、应用和基础设施管理、安全管理、存储和服务管理以及响应和安全托管服务。

赛门铁克公司是全球领先的解决方案供应商，帮助个人和企业确保信息的安全性、可用性和完整性。

公司总部设在美国加州的Cupertino ，现已在40多个国家设有分支机构。

赛门铁克一览：成立于1982年4月1989年6月23日首次发行股票上市员工数量超过15,500人业务遍及全球：●赛门铁克在40多个国家设有办事机构，并在以下地点设有研发机构：●澳大利亚●比利时●加拿大●中国●德国●印度●爱尔兰●以色列●日本●新西兰●英国-●美国- 加利福尼亚- 科罗拉多- 佛罗里达- 马里兰- 马萨诸塞- 明尼苏达- 俄勒冈- 宾夕法尼亚- 德克萨斯- 犹他- 弗吉尼亚●赛门铁克在世界各地拥有数量众多的安全监控中心和安全响应实验室，可以为客户提供全天不间断的信息安全专业知识。

●赛门铁克在全球还拥有超过25个支援中心，可以帮助个人和企业满足自己的安全和可用性需求。

●赛门铁克最主要的制造工厂设在爱尔兰都柏林。

所获殊荣：●2005年4月，赛门铁克被《财富》杂志授予“蓝丝带”奖。