Advisory services vendor Gartner put out their magic quadrant for “CPS Protection Platforms” on February 12th. (Right in the middle of S4x25, coincidence?) Having covered this market since 2016, I have a few things to say about their magic quadrant and report.
Name: Cyber Physical System (CPS) Protection Platforms
Protection Platforms? The products they analyzed are for two primary purposes 1) creating and maintaining an asset Inventory for asset management (identify) and 2) detecting cyber attacks (detect). The secondary purposes could be assisting with incident response (respond), assisting with threat hunting, risk management, and vulnerability management (which I lump in with asset management).
I’m sure there is some feature in these products that could be categorized as protection, but these are not firewalls, data diodes, encryption, authentication, endpoint protection, or anything else that would be called a protection platform.
The text in the report describes the products fairly well, and it does not describe a Protection Platform. What will we call a true Protection Platform, like some of what Fortinet, Palo Alto, Tofino, Waterfall and others offer?
Less wrong, but annoying is the effort to shift from ICS to OT and now to CPS. I will use whatever becomes the common term, but everyone is just settling in on OT. No need to change.
Leaders
Claroty, Dragos and Nozomi have been in my Top Tier since the beginning (Security Matters was as well, but dropped out not long ago after the Forescout acquisition). I was late adding Armis a couple of years ago and still need to get smarter on what they do. Seeing those four in the Leaders quadrant is correct and not terribly enlightening.
Microsoft as a leader is baffling to me. I rarely see or hear of them being seriously considered in OT deals. I asked around since my visibility is limited. They rarely are competitively considered. When they do win it is at a low / no price add in with other Microsoft products and services.
Gartner’s evaluation criteria is at the end of the report. Product/Service is one of seven factors. Perhaps Microsoft was put on because they got top scores on financial viability, pricing (low to no cost), record of market responsiveness in the past, and operations. In other words, Microsoft is a more impressive business with a longer track record than the others.
Perhaps Microsoft is stronger in IIoT, after all their offering is named Defender for IoT. Although, I remember Walker Reynolds torching Gartner for putting Microsoft in the Leader Quadrant for IoT Platform (11:37). I’ve seen nothing that would put them in my top tier. They are my tier two, and this is only when you would use Defender for IoT in conjunction with other Azure offerings.
One other note on the Leaders. Dragos increasingly isn’t a competitor to Nozomi/Claroty/Armis. They are different offerings. If having a world class team supporting your OT detection, threat intel, and incident response, then you select Dragos combo of product and services. If you want visibility to what is on your system (asset inventory) and what is going on in your system you choose between Nozomi/Claroty/Armis. There is overlap. All will do all of these functions, but the differences in capabilities is stark. It’s easy to have a short discussion with the decision maker and know which product path they will take.
Visionaries
I would have left this quadrant empty. Gartner had Darktrace as the sole Visionary. This may have been true 5 years ago.
If this quadrant can’t be empty I would put Fortinet and Palo Alto Networks into the Visionaries quadrant. The idea of integrating these visibility platforms with their network infrastructure and network protection could be powerful. The bi-directional data flow could be very helpful with detection (primarily) and response (often overstated).
Tenable could also be in the Visionaries quadrant. They have everything they need for a technical solution and access to the customers. They have stumbled in execution, chose not to participate in the Gartner analysis, and got put as one of the worst positions on the quadrant.
It’s disappointing that there are not other Visionaries. In the early days a lot of my Tier 2 (CyberX, Indegy, Sentryo) would have belonged in this quadrant.
This does not mean we aren’t seeing some cool new capabilities; it’s coming from the Leaders.
Challengers
This makes no sense. Otorio’s completeness of vision is among the lowest and Darktrace’s is among the highest? Forescout’s ability to execute is among the highest, based on what? What Forescout has done since the Security Matters acquisition in 2018?
Maybe the Magic Quadrant methodology isn’t a great fit for this product segment.
Niche Players
In my latest analysis of this product segment I wrote that those outside Tier 1 needed a niche strategy, and some niches are larger than others.
- Microsoft for those using related Azure IoT services
- ICS Vendors offering this as a SaaS. They have a trusted relationship and know their system well. Honeywell is on the quadrant because they bought SCADAfence. Other ICS vendors use Leader quadrant solutions. Some, such as Siemens, use a combination of in house software and OEMed products.
- Security vendors offering a family solution (Fortinet, Palo Alto, OPSWAT, TXOne). Integration can be difficult, especially with acquired solutions.
- You use us in IT, and we also do OT. (Forescout, Tenable)
- Vertical sector, such as products built for the rail sector, building automation, mining, etc
Conclusion
Gartner got four of the five leaders right. This has been obvious for years now.
Gartner got the category name wrong.
Almost everything outside the Leader quadrant makes little sense.