10,000 Cybersecurity Products

And Counting

Mar 11, 2024

Friday evening around 5 Eastern, our automated ingestion of products from 3,764 cybersecurity vendors exceeded 10,000 products.

Ever since we discovered that IT-Harvest was in a position to leverage our list of venders and large language models to collect details on all products, I have been thinking about the product discovery and purchasing process.

In Gideon Gartner’s words, when he took $600K in funding to create the Gartner Group, the firm’s purpose was to offer “buy-sell-hold” advise to enterprises for technology. That is still a good idea for relatively static technologies like operating systems, storage, ERP, even cloud providers. Those slowly evolving big ticket items happen to align with the buying habits of the late-adaptors that are Gartner clients.

All good, but security is different. I would argue that security is far different than other technology arenas. Threat actors are the primary driver. As they innovate on attack methodologies the vendors have to react quickly. Thus there are always new up-and-comers challenging the big players. Even late-adaptors want to buy the best products to solve their security challenges.

Gartner has 24 security Magic Quadrants available to its 15,400 subscribers.

Note that we are not one of the 15,400 subscribers to Gartner research so we have relied on reprints and various open sources where the vendors post images of the MQs. We don’t always have access to the latest MQ.

That 267 number does not reflect the number of vendors that Gartner covers in MQs. Many vendors appear in multiple Magic Quadrants. Cisco and IBM lead with nine each.

After accounting for vendors appearing in multiple MQs there are 134 vendors that participate in the MQ research process. That’s 3.5% of the 3,762 in the IT-Harvest database. ( I am not criticizing Gartner analysts or implying that they do not research all the vendors in a space. I am just saying that the Magic Quadrants provide a limited view of the available products.)

Is Gartner serving the cybersecurity market effectively? I don’t think so. Assume that those 15,400 customers have purchased subscriptions for their CISOs. That would mean 15,400 cybersecurity leaders have access to the MQs and advisory services. Yet, a quick survey of LinkedIn reveals there are 75,000 CISOs in North America alone. That means 60,000 CISOs and their teams have to get their guidance elswhere.

True, buyers can often get their hands on the particular MQ they need. The leading vendors invariably pay the $150K reprint fees to let people download the PDFs after they register. But there are no magic quadrants for the hundreds of subcategories of security products. If I were a CISO I would be interested in Magic Quadrants for Email Security (71 vendors), IoT Security (136 vendors), Vulnerability Management (85 vendors), Password Management (32 vendors), and dozens more.

How Many Products are There?

I don’t know yet, but we have ingested 10,240 products from 1,900 vendors so far. By the time we are done there could be as many as 19,900 cybersecurity products in a complete database. That would mean that Gartner MQs provide guidance on 1.3% of the universe of products.

You could argue that an MQ is so valuable because it is limited in scope. The analysts have done all of the work to eliminate 98.7% of the options. I know I prefer to have all the data when I make a purchase decision. I believe most IT buyers are of the same mind.

The Security Industry

Discussion about this post