AUSTIN, Texas – June 16, 2015 – NSS Labs, Inc., the world’s leading information security research and advisory company, announced today its findings on the continuous forensic analytics market that grew at a rate of 11.3 percent to US$305 Million in 2014, and is expected to grow at an overall rate of 13.5 percent through 2019, reaching a total addressable market of US $575 Million.

This emerging market comes at a time when enterprises are required to develop internal, real-time forensics capabilities as pressures mount from Wall Street, regulatory bodies and consumers to not only identify when a breach occurs, but the overall impact of a breach. Enterprises are being asked to provide detailed information including the length of time threat actors were inside their organizations before being discovered, their methods of entry, the nature of the data that was lost, and most importantly, their recommendations on how to prevent future breaches.

The tools required to perform network forensics have evolved from diverse technologies, including network and application performance monitoring, network behavior anomaly detection, traditional forensics tools, data loss prevention (DLP), and security information and event management (SIEM) products. These tools form the market that NSS Labs defines as continuous forensic analytics. NSS expects this market to continue to grow rapidly and mature as the need emerges for dedicated network forensics tools that significantly aid in the incident response process.

The top market drivers for continuous forensic analytics are:

  • Increasingly more complex threat landscape
  • Full-scope threat monitoring and improved detection (real-time and retrospective)
  • Frustration with current products, particularly SIEM
  • Helps answer the question “Have we been breached?”

“The healthy growth of the continuous forensic analytics market is closely linked to the growth of Security Operation Center within a large enterprise,” said Mike Spanbauer, Vice President of Research at NSS Labs. “Security incidents are difficult to assess rapidly, requiring considerable time and talent. CFA is the application that puts real network insights into the hands of the security analyst and enables rapid incident response measures to be implemented,” adds Spanbauer.

In 2014, 63 percent of the total revenue of the CFA market was shared between five companies: RSA (Security Division of EMC), Niksun, Blue Coat Systems, Fidelis Cybersecurity and IBM.