F5 Networks will expand security market share by securing applications in the cloud, TBR principal analyst Jane Wright said.
The provider of application delivery services is expanding its security brand, portfolio and delivery mechanisms to position itself in the cloud application security market.
For the third quarter of fiscal 2016, F5 clocked $496.5 million in revenue, up 3 percent from $483.7 million in the prior quarter and 3 percent from $483.6 million in the third quarter of fiscal 2015.
As in the previous quarters, F5 Network’s revenue was mainly driven by security offerings. It secured a number of client wins for its application security modules.
Some of the deals include a large financial services company that used F5’s SSL intercept capabilities, a large Fortune 500 Company leveraging TCP optimization and WAF capabilities to scale and secure a 10,000-plus IoT deployment and a large bank in EMEA, which used BIG-IT bundle to provide service consolidation of several critical functions.
TBR believes F5 has the application security experience and expertise, as well as many of the security technologies for applications running on premises or in public environments, to earn a top spot on midsize and large customers’ short lists for application security evaluations.
F5 has a relatively small share of the total enterprise security market today. TBR estimates F5 currently earns $200 million of it’s nearly $2 billion total annual revenue from its security products and services.
According to TBR’s Enterprise Security Market Forecast 2015‐2020, organizations will spend $46 billion on enterprise security solutions in 2016. Revenue in the application security segment, where F5 competes, will grow at a 10.7 percent CAGR through 2020.
F5’s competitors in this segment include Blue Coat (now part of Symantec), CipherCloud, Imperva and Citrix.
But, according to TBR, F5’s application affinity and visibility, garnered from years of delivering application delivery control (ADC) solutions will help set F5 apart as the most holistic application security provider.
The research firm sees a window of opportunity for F5 to capture a larger share of the application security segment.
However, Symantec’s acquisition of Blue Coat and moves by larger vendors to acquire smaller competitors presents challenges to F5.
Further, F5’s Silverline team, which provides distribution denial of service (DDoS) mitigation and web application firewall (WAF) services, will be key to the vendor’s segment share growth as it increases customer awareness of F5’s security brand.
In the past, F5 gained many of its customers by leading with its application control strengths, but now new customers are discovering F5 when they reach out to the Silverline team for emergency assistance during an application attack.
TBR believes F5 will increasingly gain security‐first and even security‐only customers over the next few years.
It also adds that F5 has the qualifications to emerge as the most holistic application security provider for customers’ cloud‐based applications.
Customers’ applications continue to be plagued by attacks such as DDoS, SQL injections, buffer overflows and cross‐site scripting (XSS) attacks, and hackers are continually devising new techniques to disable customers’ critical applications.
F5 has addressed many of these threats with its DDoS mitigation and WAF solutions, available on premises or as a service attached to F5’s application delivery controllers, purpose‐built appliances or Silverline cloud‐based managed services.
While other vendors such as Imperva and Radware also provide DDoS mitigation and WAF solutions, F5 brings extensive application context and visibility that can optimize the customer’s response to an application attack.
Through integration with its application control solutions, such as its flagship Big‐IP ADC platform, F5 is well equipped to detect real application attacks while reducing false positives, and implement or suggest the most appropriate responses for different types of applications, TBR said.
That being said, F5’s success will depend on data security integration and a shift in customers’ security spending habits.
Customers are not only moving applications to the cloud but also moving data, and they need data security solutions including encryption and data loss prevention (DLP) for their data in transit and at rest in the cloud.
For F5 to attain double‐digit year‐to‐year growth in its security solution revenue, TBR believes F5 will need to expand its purview to include more data security features for cloud environments, and notes F5 has the resources to acquire a cloud‐focused data security vendor such as CipherCloud to quickly fill this gap.
For the fiscal 2016 Q4, F5 expects to deliver overall revenue in the range of $515 million to $525 million.