Zero Trust eXtended Ecosystem Wave – What it Means for the Industry

Forrester Research published its first-ever Zero Trust eXtended (ZTX) ecosystem Wave report in early November, producing the most in-depth look to date on the Zero Trust market.

For those unfamiliar with the term, Zero Trust was originally introduced by Forrester nearly a decade ago, challenging the assumptions underpinning security strategies embraced by many enterprises based on determining who to trust, and not trust, when allowing access to corporate computing resources.

Since then, Zero Trust has grown in its scope and definition, moving beyond a concept to become a practical framework capable of guiding security practitioners as they design and deploy their security architectures to address modern computing approaches and the current threat environment.

In standard Forrester Wave fashion, the report compared key vendors identified by Forrester as meaningful players in the ZTX market across three areas:

• Current Offering – examining how a vendor’s offering satisfied criteria across all seven ZTX ecosystem pillars: data security, network security, workload security, workforce/people security, device security, visibility and analytics, automation and orchestration.  API usage and manageability were also explored.
• Strategy – looking at vendors’ solution visions and go-to-market approaches and how they aligned with ZTX concepts and methods.
• Market Presence – indicating a vendor’s relative install base footprint in the ZTX market

In a similar fashion to 14 other vendors, our team at Symantec responded to Forrester’s research requests via survey responses, customer references, and platform demonstrations.  We were excited to learn we were named as one of only two vendors in the Leadership area of the Wave, receiving the highest scores for the strength of our current offering as well as the size of our market presence. 

Beyond the great news about Symantec’s Leadership placement in the report, we are especially excited about the publication of this Wave because it is the first detailed report of its kind evaluating the platforms of leading vendors and highlighting their relative strengths. 

Folks in the security industry know that the term “platform” is all the rage these days.  Everyone seems to have one.  They promise breadth of capabilities and the simplicity of pre-integrated components. 

What goes into Symantec’s Integrated Cyber Defense?

As enterprises realize the need to deploy additional impactful tools such as Web Isolation to prevent new classes of threats, they also face the industry-wide shortage of the security talent needed to operate them. The idea of a comprehensive platform with a breadth of integrated capabilities is extremely appealing in this environment.  Extra points get awarded to a platform that covers security needs both on-premises as well as the cloud.  Speaking of cloud, both cloud workloads in AWS and Azure as well as public cloud apps like Box, ServiceNow and Salesforce need to be covered.

Forrester’s ZTX Wave is the first unbiased analysis of commercially available security platforms by a qualified 3rd-party analyst firm.  As such, this report will play a vital role in helping Security and Compliance professionals cut through vendor-specific claims and marketing hyperbole.  It will provide them with foundational data that gives them a head-start as they begin the process of evaluating which platform partner they will strategically align with to architect their Zero Trust defenses. This is why this first of its kind report is so important to the industry and why its value cannot be understated.  

I was part of the team at Symantec that provided our response to Forrester for this Wave.  While we worked hard to make sure that Forrester had a complete understanding of the breadth and depth of our capabilities, we had a bit of an unfair advantage given our starting point.  Symantec’s guiding product and go-to-market approach is our Integrated Cyber Defense (ICD) platform. 

Our ICD platform and strategy are, in my estimation, a really close first-cousin of a Zero Trust platform, so it was not a difficult exercise at all to align it directly with Zero Trust.  What is Symantec’s Integrated Cyber Defense?  It is a platform that unifies cloud and on-premises security to provide threat protection, information protection and compliance across all endpoints, networks, email, and cloud applications. The platform is powered by the largest civilian threat intelligence network, deep security research and operations expertise, and a broad technology ecosystem of certified partners – working together to enhance security controls, improve visibility, and reduce cost and complexity for our enterprise customers.  

After you take a read through the Forrester Wave, I think you will seem the immediate connection between Symantec’s ICD, which was the platform that was evaluated in the report, and the Zero Trust model. For additional detail on how the Symantec portfolio maps to the Zero Trust framework, check out Symantec's Zero Trust Topic Page.  I hope these reports and additional information helps you and your team embark on your Zero Trust journey!

Read More About Symantec's Integrated Cyber Defense Platform