01 Nov 2019

IDC MarketScape: China Web Application Security Market 2019 Vendor Assessment Officially Released

Beijing, October 22, 2019– IDC China today announced the official release of its IDC MarketScape: China Web Application Security Market 2019 Vendor Assessment report, which aims to serve as a guide for those selecting web application security products and service providers. The report has received extensive attention and active cooperation from numerous security vendors and end users.

For the report, IDC conducted in-depth research on 14 representative web application security products and service providers. The vendors studied included comprehensive security vendors with long-term technology accumulation and market layouts in the field of web application security; well-known cloud service providers which leverage their own cloud platforms to provide web application security services for cloud tenants; small- and medium-sized enterprises that are growing rapidly due to their own technical expertise and unique products; as well as international brands with technical advantages and market reputation which are committed to continuously expanding into the Chinese market.

The vendors included in this report are (in alphabetical order): Alibaba Cloud, Chaitin, DBAPP Security, DPtech, Fortinet, H3C, NSFOCUS, QIAn Xin, River Security, Safedog, SANGFOR, Tencent Cloud, Venustech and WebRAY. The vendor evaluation results are presented in the form of images based on IDC’s MarketScape model.

IDC believes that as enterprises worldwide undergo digital transformations, they have entered a stage of “multiplied innovation”, a term used to refer to the next chapter of the IT industry’s 3rd Platform Era. Enterprise-level users in all industries and sectors are actively leveraging their innovation advantages to build new IT systems in relation to the needs of digital transformation. Numerous new business systems based on 3rd Platform technology have been put online and web applications have risen in prominence to become the first choice for enterprises providing users with intuitive and convenient services.

According to the IDC Worldwide Web Security Forecast, 2018-2022, the global web application security market reached US$2.905 billion in 2017 and will hit US$4.635 billion in 2022, with a CAGR of 9.8%. The global web application security market is currently maintaining a healthy and stable growth trend. Based on research conducted for the new IDC MarketScape: China Web Application Security Market 2019 Vendor Assessment report, IDC provides the following recommendations.

Effective asset inventorying is the basis for improving web application security

Many enterprises, especially large established firms, have a fairly large number of web servers deployed in their networks. These may include web servers that should have been decommissioned or web servers which are built by employees without permission. In many cases, these servers have been forgotten or neglected by web administrators. Enterprises need to gain full knowledge of the distribution and operation of their web application assets, so as to establish the basis for their overall web applications security.

Enterprises must embrace emerging technologies

To effectively protect against increasingly complex and hidden emerging threats, cybersecurity vendors are also constantly using cutting-edge technologies such as machine learning, semantic analysis and artificial intelligence (AI) to upgrade the detection and protection capabilities of their web application security products. IDC suggests that enterprise cybersecurity administrators seek out web application security products that can be integrated with emerging technologies. Provided that there are sufficient proof of concept (POC) and testable effects, new functions and products can be used to substantially improve the detection of and protection against emerging and unknown threats.

The SaaS model is becoming an important choice for small- and medium-sized enterprises

Thanks to their numerous advantages including convenient application deployment, flexible subscription mode, strong scalability and light operation and maintenance burden, software as a service (SaaS) web application security products are seeing increasing uptake among enterprise customers. This is especially true for small- and medium-sized enterprises with network operations and maintenance personnel shortages, or for those with limited security budgets or that are undergoing rapid business changes. These products have become an important choice for enterprises to quickly and cost-effectively build their business security protection systems.

There are diversified choices for cloud tenants

Leading public and private cloud service providers in China all provide tenants with comprehensive cloud native security protection products. Users can easily subscribe to on-demand web application security products that meet their business needs. In addition to public and private cloud platforms, there are also virtual web application security products specially developed for cloud platforms by third-party security vendors. Enterprise users are given the flexibly to choose from trusted brands that can deliver comprehensive security protection for their on-cloud businesses.

Cloud WAF maintains high growth, while traditional WAF still dominates in the short term

With the continuous high-speed growth of the cloud computing market, the cloud web application firewall (WAF) market is significantly outpacing the growth of traditional hardware WAF. At the same time, thanks to their own platform advantages and leading market position, public cloud service providers have a great competitive advantage in customer guidance and industry coverage in the web application security market. As the private cloud market has more distinctive industry attributes and offers more diverse and flexible security brand choices, its web application security market has attracted many cybersecurity vendors. IDC predicts that competition among cybersecurity vendors in this field will be particularly fierce.

Enterprises must closely consider their needs when selecting products and services

Cybersecurity is not a simple stack of security products. In the face of increasingly sophisticated cyber threats, enterprises cannot pin all their hopes on one security technology or product to safeguard the security of their web applications. When selecting products and services, enterprises need to carefully consider their business attributes and development plans so as to select security solution providers that can provide high availability products and services suitable for their businesses. Such products and services must ensure the sustainability and scalability of security protection for enterprises’ business development over the coming years.

Austin Zhao, Research Manager for Cybersecurity Market at IDC China, said that the global digital transformation has entered a stage of “multiplied innovation” in which web applications have become the first choice for enterprises who want to provide their users with intuitive and convenient services.

“With the increasing frequency of Distributed Denial of Service (DDoS) and automation attacks against business processes and other advanced means of attacks, enterprises are paying more and more attention to the cybersecurity protection of their web applications, and the market demand for cybersecurity is rising,” he said.

Zhao said that IDC has observed that integrated security vendors and cloud service providers have leveraged their technological and resources advantages to continuously strengthen their impact on the web application security market.

“At the same time, some new start-ups have emerged in the market,” he added. “With their own technical features and product capabilities, these vendors are becoming important players in the ever-expanding web application security ecosystem.”

- END –

About IDC MarketScape

IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of IT, telecommunications, or industry-specific suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor's position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of IT, telecommunications, or industry-specific vendors can be meaningfully compared. The framework also provides technology buyers with a transparent foundation to allow companies to independently compare the strengths and weaknesses of current and prospective vendors.



About IDC

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries. IDC's analysis and insight helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. Founded in 1964, IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. To learn more about IDC, please visit www.idc.com. Follow IDC on Twitter at @IDC



-# # # -

For enquiries, please contact:

Frank Wang

Associate Vice President, IDC China

Phone: (+86-10) 5889 1588

Email: frankwang@idc.com



Maggie Xie

Sr. Marketing Executive, IDC China

Phone: (+86-10) 5889 1558

Email: mxie@idc.com



For more information on IDC's research and ICT market insights, follow us on WeChat:

Coverage