Aquaboutic | Focus Security Research | Vulnerability Exploit | POC


matrix of china's network security subdivision (matrix 2019.11) released

Posted by barkins at 2020-02-28

Since the security bull first released the matrix of China's network security subdivision field (matrix 2018.11) in November 2018, the matrix has attracted attention and recognition from all aspects of the industry. On the basis of previous achievements, security bull analysts continue to go deep into the field of segmentation and industry users. After five months of research and interviews, today, they launch the matrix of China's network security segmentation field (matrix 2019.11).

The time interval of the survey data is the whole year of 2018, and the respondents are network security companies in corresponding subdivisions of the domestic market. The matrix chart introduced in this report includes four sub areas: industrial control system security, identity and access management (IAM), web application firewall (WAF / cloud WAF), next generation firewall / firewall / UTM. At the same time, the technical definition, product proportion, product form, industry users, technical trend and market scale of each subdivision are also briefly described.

In addition, from the beginning of this matrix, according to the development level of domestic security technology and industry, security bull divides the network security segment market into four stages: concept market, emerging market, development market and mature market.

√ concept Market: the concept and framework of new technology have been put forward, and a complete implementation plan has not yet been formed.

√ emerging markets: some security companies start to invest in R & D and generate a small amount of revenue, but most users are still waiting.

Market development: the technology has mature products and typical cases, and the market has entered a period of rapid growth.

Mature market: it has been generally recognized by the industry and the market has entered a stable period.

Matrix of China's network security subdivision

(Matrix 2019.11)


ICs matrix

"Industrial control safety" or "industrial control system safety" belongs to the development market defined by safety cow.

The safety protection construction of most domestic industrial enterprises is mainly based on the basic requirements of network security level protection. "Equal protection requirements" divides the functional level model of industrial enterprises into five levels, from top to bottom, they are enterprise resource level, production management level, process monitoring level, field control level and field equipment level. At present, the domestic industrial network security protection mainly focuses on the enterprise resource layer, production management layer and process monitoring layer, but it is still unable to achieve the "field equipment layer" and "field equipment layer" There are two main reasons for the "field control layer". First, the safety protection cannot guarantee the real-time performance of the production process is not affected. Second, because the control network of the field control layer is relatively scattered, industrial enterprises need to purchase a large number of safety equipment, resulting in a significant increase in cost.

According to different levels of security protection, domestic industrial network security providers can be divided into two categories: industrial control security providers protect "production management layer" and "process monitoring layer", involving industrial control system security, enterprise information management system security, enterprise control network and management network security. The security protection provided by industrial Internet security providers for "enterprise resource layer" and above involves Internet broadband network security, industrial Internet security situation awareness, industrial cloud security and industrial big data security. Industrial Internet Security belongs to the concept market defined by the security cow, which is not included in this research. "Industrial control system security", this classification is under the first level classification of [Internet of things security] in the panorama of security cattle.

The total number of manufacturers selected in this matrix is 21 Home, respectively: Changyang technology, Tiandi Hexing, winut, Fengtai Technology, lischen security, Ming Dynasty Wanda, shengbolun, Haitian Weiye, Sanwei, qi'anxin, netrattan technology, Bozhi security, CLP Ruijia, yingsaike, Hengtong Xin'an, wooden chain technology, HengAn Jiaxin, jiujiudun, liufangyun, UNITA Information, anddian technology.

At present, the forms of industrial control security products in China mainly include: firewall, network isolation, traffic analysis, host protection, monitoring audit, security assessment, etc., security inspection toolbox, security operation and maintenance management platform, etc.

In terms of industrial application, electric power, petrochemical industry, tobacco, military industry, rail transit, coal mine and advanced manufacturing industry are the main industrial users of industrial control safety. Among them, due to the specific improvement of the safety standards of the power industry, the high attention of the industry customers and the higher degree of information and systematization, the power grid industry is the most perfect and fast in the construction of industrial control safety. The survey found that more than 90% of the industrial control safety providers cover the power industry.

Domestic industrial control system security challenges are mainly focused on three aspects: the integration of industrial control security and business scenarios is low, users lack of attention and understanding of industrial system control security is not deep, and lack of special technical personnel for industrial control security. In recent years, with the gradual improvement of national policies and frequent attacks on network security of key infrastructure abroad, the government and enterprises have begun to pay attention to the investment in industrial network security and put forward clear and detailed security requirements for the construction of industrial Internet security.

According to statistics, the scale of China's industrial control system safety market in 2018 is about 900 million yuan, and it is estimated that the scale of China's industrial control system safety market in 2020 will reach about 1.5-1.8 billion yuan. In the future, industrial control security providers will present industry fragmentation, and provide specialized customized security solutions to specific fields and industry characteristics.


Identity and access management (IAM matrix)

"Identity and access management (IAM)" belongs to the development market defined by security cow. The technical framework of Iam has been introduced into China for a long time, but due to the low popularity and standardization of domestic network and information system, it has gradually evolved into 4a of the operator industry, as well as fortress with domestic application characteristics. But in recent years, with the development of domestic information technology, the demand for Iam began to rise.

The core goal of Iam system is to give each user an identity. Once the digital identity is established, the "access life cycle" of each user must be maintained, modified and monitored. The identity and access management system (IAM) must contain four basic elements: centralized account management, identity authentication management, authorization management and centralized log audit. The product forms of the core components of Iam mainly include unified identity authentication, single sign on, account and authority management, etc. "Identity and access management" belongs to the first level classification of security cattle panorama [identity and access security].

There are 7 manufacturers selected for this Iam matrix, including Asiatic security, Yufu technology, Piper software, Xindun era, Zhuyun, anxinpen and Kyushu Yunteng.

At present, more than 95% of the domestic manufacturers providing the overall Iam solution have the technical ability of "privileged account access management (PAM)". According to the research results of Iam and fortress machine manufacturers in PAM technology and market, at present, for domestic manufacturers, on the one hand, due to the high threshold of PAM technology, the technology basically draws lessons from foreign technology, and then develops and integrates according to the actual domestic cases and industry characteristics to speed up the marketization of products, on the other hand, PAM technology itself has an information level and it for customers There are certain requirements for the maturity of asset classification. In view of the above two PAM technologies, there are only a few projects implemented in China. Only in the financial field and operator field where it environment is more complex and information security risk is higher, there are gradually application cases.

With the frequent occurrence of internal data leakage events, the growth of management demand for Iam in the cloud, and the diversification of user access to enterprise resources, some emerging technologies have gradually been integrated into the overall scheme of Iam, such as API security, ueba (user and entity behavior analysis), Carta (continuous adaptive risk and trust assessment), biometric, etc. It is found that the industry maturity and customer experience are still the main competitiveness of domestic IAM providers. In the future, Iam will gradually develop to platform, mobile and Internet, not limited to the internal business scenarios of enterprises.

In China, Iam is mainly used in operators, financial industry and enterprises and institutions involving complex business systems. Local deployment and customization are still the main needs of large-scale high-end customers. With the development of cloud and SaaS applications, medium-sized enterprises are facing increasing demand for cloud Iam management. At present, domestic cloud Iam is mainly applied to cloud service providers and tenants of small and medium-sized enterprises, with idaas as its main form.

According to statistics, in 2018, the domestic Iam market was about 700 million yuan, and the cloud Iam market accounted for 1 / 3 of the total Iam market revenue, about 250 million yuan. It is estimated that the domestic Iam market will reach 1.3-1.5 billion yuan in 2020.


Web application firewall (WAF, matrix)

Web application firewall (WAF) belongs to the mature market defined by security cow, while cloud WAF service belongs to the development market.

WAF is an integrated web security protection device that integrates web protection, web page protection, load balancing and application delivery. The difference between WAF and firewall is that it works in the application layer, mainly protecting web requests and effectively preventing all kinds of attacks against web applications and APIs, such as SQL injection, XML injection and cross site scripting (XSS), automatic attack (Robotics), application layer denial of service (DOS), etc. Web application firewall (WAF) belongs to the first level classification of "application security".

There are 18 manufacturers selected for the web application firewall matrix, including: ruishu information, Changting technology, Anxin Tianxing, Anheng information, Shengbang security, Qianxin, Jiepu of Jiaotong University, Wangsu technology, anbai technology, Neusoft, renzixing, Shenxin, Lvmeng technology, alicloud, zhichuangyu, qingsongyun security, JD cloud and Shanghai yundun.

WAF products are mainly divided into three types: Hardware web firewall, web protection software and cloud WAF. In this survey, WAF product providers are divided into two categories. One third of security vendors mainly provide cloud WAF services, and two thirds of security vendors can provide both software / hardware WAF products and cloud WAF services at the same time.

The core technology of web application firewall is the ability to detect Web Intrusion. At present, the technical capabilities of domestic WAF products include: feature recognition technology (syntax semantic analysis), machine learning, big data analysis, dynamic defense, rasp, threat intelligence, container technology and honeypot technology. The core competitiveness of WAF products can be summed up in three aspects: accurate threat / attack identification rate, intelligent linkage of related systems and equipment, protection and update ability of rule database.

The hardware web firewall is deployed in front of the web server in bypass and in series, and the software WAF is proxy and embedded. According to the survey, for websites with high security requirements, such as government, finance, and operators, they often purchase easy-to-use, stable and high-throughput hardware WAF products. The software WAF needs a single server deployment, takes up too much memory, and may have the risk of affecting normal business and being bypassed, which is suitable for small and medium-sized websites. The cloud WAF service adopts the multi tenant mode and takes the cloud as the center. It only needs to transfer domain name resolution right to realize security protection, which greatly reduces the operation and maintenance cost of users. However, for some government enterprises with high data confidentiality level, whether there is data leakage risk in the cloud on data is also a factor for customers to consider. Domestic cloud WAF users prefer the Internet industry.

According to statistics, in 2018, the domestic web application firewall (WAF) market is about 900 million yuan, and the cloud WAF market is about 400 million yuan. It is found that customers' demand for a single WAF functional product is gradually reduced, and WAF products have gradually been replaced by products with comprehensive defense capabilities, as shown in the following generation of firewalls. At present, cloud WAF service has not formed an independent commercial market of scale. In addition to cloud service providers, most security vendors still provide users with hardware matching cloud WAF service. However, from the perspective of the development trend of cloud service, cloud WAF will grow steadily year by year, and individual hardware WAF products will gradually shrink.


Firewall / Unified Threat Management / next generation firewall

(NGFW, Matrix)

Firewall (FW) / Unified Threat Management (UTM) / next generation firewall (NGFW) is a mature market of security definition.

Because UTM and NGFW are both based on the capabilities of traditional firewalls, and evolve and upgrade accordingly. Therefore, this matrix combines the firewall (FW) / Unified Threat Management (UTM) / next generation firewall (NGFW) three subdivisions, which belong to the first level classification of [security gateway] in the panorama of security cattle.

There are 16 manufacturers selected for firewall / Unified Threat Management / next generation firewall, which are: Sinotech netway, Tianrongxin, wangyuxingyun, Jiepu, anbotong, Neusoft, shanshiwangke, Weishitong, Landun, channel information, xinhuasan, dip technology, Huawei, Shenxin, Qianxin and Lvmeng technology.

According to the survey, 95% of domestic security companies have upgraded the traditional firewall (FW) to the next generation firewall (NGFW) to the user market, and 5% of them still provide traditional firewall services, but the sales volume is significantly lower than that of the next generation firewall. Only 10% of domestic security manufacturers provide Unified Threat Management (UTM) products for customers.

Fifteen years ago, IDC first proposed the concept of "Unified Threat Management (UTM)", that is, anti-virus, intrusion detection and firewall security equipment are classified into unified threat management, UTM It mainly provides one or more security functions, integrates a variety of security features into a hardware device, and forms a standard unified management platform.

Domestic UTM scheme customers are mainly concentrated in small and medium-sized enterprises, because of small it scale, small number of users and limited capital budget of small and medium-sized enterprises, which most favor "all in one" products with high cost performance. Although UTM provides more security functions, it is not suitable for large traffic application scenarios.

The important watershed between the next generation firewall and traditional firewall, UTM, WAF and other network boundary protection products is to realize "one time unpacking and parallel detection", that is, after one time unpacking, the message can identify and monitor application protocol, user and content in parallel. The integrated border security protection capability is an important orientation of the next generation firewall.

At present, the main function modules of the "next generation firewall" products provided by domestic security manufacturers include: NAT, application identification, intrusion prevention, load balancing, security policy, VPN encryption, URL filtering, application security protection, Anti-DDoS, data leakage prevention, etc., as well as new generation technologies such as sandbox, Threat Intelligence, abnormal behavior analysis, etc.

In recent years, with the popularization of virtualization technology in cloud computing, more and more enterprises migrate their core business to the public cloud. The next generation of firewall providers in China also began to provide virtual firewall services. In the future, facing the diversification of network applications, the fuzziness of physical boundaries, and the complexity of security threats, the high integration of the next generation firewall, the intelligent linkage with cloud products, and the visual operation and maintenance will become the product competitiveness.

According to statistics, in 2018, the domestic firewall / Unified Threat Management / next generation firewall market is about 9.6 billion yuan, of which the next generation firewall (NGFW) accounts for about 80% of the total revenue, the firewall (FW) accounts for about 15% of the total revenue, and the Unified Threat Management (UTM) accounts for about 5% of the total revenue. It is estimated that the next generation firewall / firewall / UTM market in China will be about 16 billion yuan in 2020.


The future market trend must be to encourage free competition and user demand driven market, and a more transparent and real market can be more open and healthy. Welcome the majority of excellent enterprises with security business and security capabilities to join the matrix, and also welcome the guidance of leaders and experts from all walks of life, all of whom contribute their own strength to the vigorous development of China's network security market.

Related reading

Matrix of China's network security subdivisions (matrix 2019.05) released

Matrix of China's network security segments (matrix 2018.11) released