March 3, 2017 By Neil Jones 3 min read

The 2018 Gartner Magic Quadrant is now available – and IBM is still a leader.

On March 3, 2017, Gartner released its periodic update to the Gartner Magic Quadrant for Application Security Testing, which analyzes vendors’ Static, Dynamic and Interactive Application Security Testing capabilities. We’re pleased to announce that IBM has maintained its position in the “Leaders” Quadrant for Application Security Testing in a report that spanned 18 total vendors.

As you know, Gartner performs extensive research to determine which vendors will be positioned in the Leaders, Challengers, Visionaries and Niche Players quadrants in its reports.

**Updated** Download the 2018 Gartner Magic Quadrant Report Now

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from IBM.

Ultimately, vendors are evaluated on their Ability to Execute and Completeness of Vision.

‘Ability to Execute’ Evaluation Criteria in Magic Quadrant Report

When evaluating application security testing vendors on their Ability to Execute, Gartner analyzed the following criteria in this evaluation cycle:

  • Product/Service: Assessment of vendor’s current product and service capabilities, quality, feature sets and skills.
  • Overall Viability: Assessment of vendor’s overall financial health, as well as the financial and practical success of the business unit.
  • Sales Execution/Pricing: Vendor’s capabilities in all presales activities and the structure that supports them.
  • Market Responsiveness and Track Record: Vendor’s ability to respond, change direction, be flexible and achieve success as opportunities develop, competitors act, customer needs evolve and market dynamics change.
  • Marketing Execution: Assessment of vendor’s clarity, quality, creativity and efficacy of programs designed to deliver the organization’s message in order to influence the market, promote the brand, increase awareness of products and establish a positive identification in the minds of customers.
  • Customer Experience: Vendor’s quality of supplier/buyer interactions, technical support or account support.

The following “Ability to Execute” metric wasn’t evaluated by Gartner in this review cycle: Operations.

‘Completeness of Vision’ Evaluation Criteria in Magic Quadrant Report

When evaluating vendors on their Completeness of Vision, the following evaluation criteria were utilized:

  • Market Understanding: Assessment of the vendor’s ability to understand customer needs and translate them into products and services.
  • Marketing Strategy: Vendor’s ability to provide clear, differentiated messaging consistently communicated internally, externalized through social media, advertising, customer programs and positioning statements.
  • Sales Strategy: Vendor’s ability to offer a sound strategy for selling that uses the appropriate networks, including direct and indirect sales, marketing, service and communication.
  • Offering/Product Strategy: Does vendor’s approach to product development and delivery emphasize market differentiation, functionality, methodology and features as they map to current and future requirements?
  • Innovation: Assessment of how vendors are innovating to support enterprise security intelligence, as well as developing methods to make security testing more accurate.
  • Geographic Strategy: The vendor’s strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the “home,” or native geography, either directly or through partners, channels and subsidiaries, as appropriate for that geography and market.

The following “Completeness of Vision” metrics weren’t evaluated by Gartner in this evaluation cycle: Business Model and Vertical/Industry Strategy.

Characteristics of ‘Leaders’ in Gartner Magic Quadrant for Application Security Testing

Leaders provide mature offerings that meet market demand. They’ve demonstrated the vision necessary to sustain their market positioning, especially as technology requirements evolve. The hallmark of Leaders is that they focus on and invest in their technology offerings to lead the market and affect its overall direction.

Leaders can be the vendors to watch as you try to understand how new offerings might evolve. Leaders typically possess a significant, satisfied customer base and enjoy high market visibility. Their size and maturity enable them to remain viable under constantly evolving market conditions. Leaders typically respond to a wide market audience by supporting broad market requirements. However, they may fail to meet the specific needs of vertical markets or other more specialized segments.

So these evaluation criteria clearly present high bars for achievement.

**Updated** Download the 2018 Gartner Magic Quadrant Report Now

To learn even more about trends from Gartner Research, you can also read the “Automation and Integration Critical to Application Security Tool Adoption” report.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today