The Identity Security Market: Mapping the Landscape

How ransomeware attacks reshaped the cybersecurity market

Note: This post is the first in a series examining the identity security market. Here, we define the market and its segments. Our next post will discuss the trends and dynamics shaping the market.

The identity security market emerged in response to a persistent wave of attacks targeting identity systems, most notably Active Directory, that reached critical levels circa 2019. Today, credential abuse is the leading entry point in over half of reported breaches. Once they possess credentials, criminals impersonate legitimate users, escalate their access privileges, and evade detection with the intent to exfiltrate data, lock systems for ransom, or perpetrate espionage.

Traditional IAM and security products weren’t built to protect against identity-borne attacks, and vendors scrambled to address the problem. In other words, many products are a reaction to threat actors and, as a result, leave organizations in a reactive posture. Vendors focused on detection and threat hunting even spawned a new product category: Identity Threat Detection and Response (ITDR). Early ITDR solutions focused on detection and threat hunting, with vendors such as Authomize (now part of Delinea), CrowdStrike, Quest, Semperis, and Silverfort focusing primarily on Microsoft AD.

While ITDR is essential, it is insufficient. It’s a product category focused more on detecting compromise than preventing initial credential theft. The term “identity security” emerged more recently, indicating a move to broaden the focus beyond detection to include prevention. Today, identity security has expanded to cover identity systems like Okta and AWS IAM and the accounts they manage.

Market Definition

Identity Security is the set of technologies and practices that prevent, detect, and remediate the abuse of identity systems and digital identities by threat actors. Given the critical nature of the assets that identity systems protect, the market is growing quickly. Markets & Markets forecasts a 22.6 percent compounded annual growth rate for the ITDR segment. It also predicts 19.3 percent growth (to $33.1 billion) by 2029 for Identity Security Posture Management (ISPM), a closely related segment. The market is in significant flux, and enterprises should expect it to change through consolidation and innovation.

Much of that change will be driven by the cross-functional nature of the problem. Before the rise in identity-based attacks, the division of security labor across most enterprises was simpler than it is today. Cybersecurity teams focused primarily on network, email, and endpoint-based attacks. Corresponding products protect against network intrusion, endpoint compromise, cloud application infiltration, and phishing attacks. IAM products focus on account management and access control. But the rise in identity-based attacks has muddied these waters considerably, driving overlap in both functions within organizations and the security products that serve those organizations.

Market Segmentation

ITDR emerged as a product category to protect IAM systems from attack. Today, dozens of cybersecurity vendors market their products under the “identity security” banner, spanning categories from IAM to threat detection. The following figure illustrates the product categories converging on “identity security.”

Identity and Cybersecurity Products Applied to Identity Security

The following table breaks the convergence down further, looking at the differing functions across these categories.

Product Categories Participating in the Identity Security Market

Most of the offerings in this table incorporate identity security as an extension of their core capabilities. This underscores our contention that the identity security market is essentially a re-purposing of existing investments tuned to the customer requirement for protecting identities. The following market map graphic shows the vendors that reside in—or span—the adjacent market segments relevant to today's identity security market. (Note: The market map shows how vendors fit into the overall identity security market and is not meant to depict vendors’ complete product portfolios.)

Identity Security Market Map

As the market map illustrates, the approach to identity security is fragmented and reactive, with a large crowd of vendors either moving into or occupying multiple segments. This fragmentation isn’t surprising given the rapid rise of the problem and the need to respond quickly to customer requirements. But it is a strong indication that both consolidation and innovation are coming. Markets usually don’t tolerate such levels of flux for very long, so consolidation and innovation will continue to roil the market for the foreseeable future.

In our next post, we’ll look at the dynamics driving the identity security market.