April 20, 2021

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [NYSE:IT] — a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.

Earlier this month, a reader pointed my attention to the following notice from Gartner to clients who are seeking to promote Gartner reports about technology products and services:

What that notice says is that KrebsOnSecurity is somehow on Gartner’s “non exhaustive list of competitors,” i.e., online venues where technology companies are not allowed to promote Gartner reports about their products and services.

The bulk of Gartner’s revenue comes from subscription-based IT market research. As the largest organization dedicated to the analysis of software, Gartner’s network of analysts are well connected to the technology and software industries. Some have argued that Gartner is a kind of private social network, in that a significant portion of Gartner’s competitive position is based on its interaction with an extensive network of software vendors and buyers.

Either way, the company regularly serves as a virtual kingmaker with their trademark “Magic Quadrant” designations, which rate technology vendors and industries “based on proprietary qualitative data analysis methods to demonstrate market trends, such as direction, maturity and participants.”

The two main subjective criteria upon which Gartner bases those rankings are “the ability to execute” and “completeness of vision.” They also break companies out into categories such as “challengers,” “leaders,” “visionaries” and “niche players.”

Gartner’s 2020 “Magic Quadrant” for companies that provide “contact center as a service” offerings.

So when Gartner issues a public report forecasting that worldwide semiconductor revenue will fall, or that worldwide public cloud revenue will grow, those reports very often move markets.

Being listed by Gartner as a competitor has had no discernable financial impact on KrebsOnSecurity, or on its reporting. But I find this designation both flattering and remarkable given that this site seldom promotes technological solutions.

Nor have I ever offered paid consulting or custom market research (although I did give a paid keynote speech at Gartner’s 2015 conference in Orlando, which is still by far the largest crowd I’ve ever addressed).

Rather, KrebsOnSecurity has sought to spread cybersecurity awareness primarily by highlighting the “who” of cybercrime — stories told from the perspectives of both attackers and victims. What’s more, my research and content is available to everyone at the same time, and for free.

I rarely do market predictions (or prognostications of any kind), but in deference to Gartner allow me to posit a scenario in which major analyst firms start to become a less exclusive and perhaps less relevant voice as both an influencer and social network.

For years I have tried to corrupt more of my journalist colleagues into going it alone, noting that solo blogs and newsletters can not only provide a hefty boost from newsroom income, but they also can produce journalism that is just as timely, relevant and impactful.

Those enticements have mostly fallen on deaf ears. Recently, however, an increasing number of journalists from major publications have struck out on their own, some in reportorial roles, others as professional researchers and analysts in their own right.

If Gartner considers a one-man blogging operation as competition, I wonder what they’ll think of the coming collective output from an entire industry of newly emancipated reporters seeking more remuneration and freedom offered by independent publishing platforms like Substack, Patreon and Medium.

Oh, I doubt any group of independent journalists would seek to promulgate their own Non-Exclusive List of Competitors at Whom Thou Shalt Not Publish. But why should they? One’s ability to execute does not impair another’s completeness of vision, nor vice versa. According to Gartner, it takes all kinds, including visionaries, niche players, leaders and challengers.

65 thoughts on “Note to Self: Create Non-Exhaustive List of Competitors

  1. Phil Smith III

    Restricted or respected? The latter for sure!

  2. Rob Chew

    I would imagine you’ve been cited as a reason for not renewing a Gartner Security & risk contract. Not a very long list and three of the companies on there are owned by the same corp.

    1. Quantum Mechanic

      I hereby claim that Gartner has jumped the shark.

  3. Loneman Jones

    Why would you care what Gartner thinks about you, they should be worried what collective “we” think about them. Their services are designed for idiots in suits who have no idea what it takes to do the real work.

  4. Stratocaster

    Gartner obtains much of their content from The Journal of the Intuitively Obvious.

  5. SpinShark

    Between 2005-2014, I worked as an analyst relations manager for a very well-known technology leader. I have had long relationships with Gartner, and they are a quality team (though not without controversy, as with the well-documented frictions between the corporate-ized version and founder Gideon Gartner).

    I would venture to guess that they are being questioned for *not* being front-of-line across a multitude of issues that you raise, and so feel a bit “less than” … Likely, team Gartner has been taken to task by some high-value clients, resulting in competitive jealousy – and so they don’t want to raise awareness of the Brian Krebs “early-warning system” by drawing eyeballs to Krebs content.

    Take a victory lap, you deserve it!!

  6. steve olears

    I would love to see a report that shows how much money organizations spend to attend Gartner’s annual summits, fund Gartner “research papers”, or pay for their Evanta dinners to their board of directors, and whether or not that spend correlates to quadrant placement.

    1. Stephen D

      I’d also love to see an ROI analysis on naming rights and official widgets of x. How many folks select a bank or insurance or a snack chip or whatever bc it’s the corporate naming rights john for a baseball stadium or ncaa bowl game? I go out of my way to NOT purchase those products. Yeah, it’s tough these days.
      Also, I have thought that JD POWER is the master when it comes to creating categories for a client to be the best in.

      1. Doc

        Amen Stephen, I go out of my way to ensure I do not wear anyone’s brand……

        Brian, amazing story! Keep up the good work.

    2. Infosec Pro

      Shush! Please don’t jeopardize my free Evanta dinners!

      I haven’t paid for them. Not sure what the vendors in attendance paid for the privilege of dining with me while I pontificated on technology but it’s flattering that they thought it a good use of their marketing dollars.

  7. Ron

    Congratulations. You have been quoted often by other publications due to the quality and relevance of your information. I’d love to be regarded as a threat to Gartner, that would be a notch on my belt! You need to get it framed and hung up in your study.

  8. Seán

    Personally I’ve trusted my peers output more than these goliaths for years.

    And as it would be, I have often cancelled report subscriptions from third parties (Forrester, Gartner, McKinsey showing no-bias here 🙂 as often our own research has proved time and time again we can do the same at minimum or better than they for our circumstances.

    With tightening budgets always on our minds there is little point of these subscription models when the Internet gives us free access to a treasure trove of information.

    Often my case is to use real world business ROI on the report vs the actual implementation of a security control.

    If I want product X at price A1, I don’t need to spend price $gazillions to prove I want product X. If management want this I ask them to pay for it from their budget and then explain to the shareholders where the money went. It’s not coming from me.

    1. Mike Barno

      “… Often my case is to use real world business ROI on the report vs the actual implementation of a security control …”
      Basically, all the suits are gonna do for you is have blah-blah-blahers ask the people who know what they’re talking about, then put it through their proprietary boilerplate-packagers and number-assigners and number-graphers, and sell you a gilded load of stuff you knew anyhow. Unless you were a son-of-somebody with money, and buying a report was substituting for expertise.

      So by the time a competent team planned and built their own security control, in any particular subject matter, they would incorporate their experience to better focus the product for their customers’ situations. Less front-end cost now, less modification cost later.

  9. Paul benninger

    Is this a modern take on the old “the best form of flattery is imitation” idea? You know you’re on to something when Gartner sees you as a competitor.

  10. The Sunshine State

    Krebs is the “Geraldo Rivera” of online “cyber-security” news

    1. JamminJ

      Is that meant as an insult?

      Geraldo is an entertainer and shock jock… Not a journalist.

  11. KFritz

    Allow me to suggest that this is “potential pre-emptive damage control” on Gartner’s part. Should KOS ever do a post that damages its reputation, Gartner would be able to launch some sort of “unfair competition” legal assault. If they could go to trial and manage to select enough stupid jurors, it might even succeed. I’d be interested to know if your own legal counsel thinks there’s a shred of possiblity that this is correct

  12. Robert Scroggins

    This is a great compliment, Brian.

    I’ve never thought that Gartner’s Magic Quadrant lists were very believable. I don’t think they exactly have their finger on the pulse of security companies.

    Keep up the good work!


  13. TrillyUK

    Take the opportunity to thank you what you do. Your newsletter are succinct, relevant and informative, rare these days when often I get 2 sides of text in an email heavily branded emails. A lot of companies could learn from what you do and how you do it.

  14. Gold

    Gartner has a very strong connect with the purchasing people in govts, especially India where general knowledge of security technologies and strategies among these decision makers is rather limited (I am being charitable here). In this case security product manufacturers and service providers have really no option but to bend backwards (read sponsorships) for Gartner events. This is a vicious circle that sadly has no exit.

  15. Mahhn

    I’ve always viewed Gartner as consolidating peoples opinions with big spenders to promote sales. I’ve never found their reports without obvious bias. Last year I was invited to do a review, I submitted it, it was rejected, Gartner refused to tell me why it was refused (a product I have used for 6 years and been VERY happy with). Personally I think it was political. I reached out to Gartner to get assistants with it 6 times, they have no real interest in users opinions, only marketing. Brian I trust you, and your information is useful, gartner not at all – just a biased marketing company “from my experience”.

  16. fran

    Gartner clents are paying a fortune to receive information that is freely available from KOS. They are asking Gartner, “why should we pay you?”. If they had any sense they would buy KOS, but they know this will not work because they will demand censorship to protect clients and then Brian will leave because the brand will wither.

  17. StellaTech

    Gartner is pay to play. The more you pay them, the more they recommend your products and services….even if your product and services are the worst in the industry. It’s incredibly frustrating that business leaders put so much emphasis on these reports.

  18. Mike

    I’ve dealt with Gartner and worked with their analysts. You, sir, are no Gartner: Your reporting is highly accurate and as close to unbiased as I’ve ever seen any writing. Furthermore, you don’t take bribes^hfees to include or exclude vendors from your attention.

  19. A user

    Gartner is great at telling you what others have done, but if you truly want to lead, Gartner is the last place you want to talk to. I’m at an organization that spends $$$$ on Gartner, and I have a dedicated account team. I have derived minimal value from that.

  20. Trininox

    Knowledge is power and giving that knowledge away for free is definitely a threat to some.

  21. Bob A

    I was a long time Gartner client prior to my retirement. The service costs a lot, but it can provide value when you understand what their research represents along with its shortcomings. I attended Brian’s talk to the Gartner Symposium in 2015 and found it spot on, as is always the case. Glad to see the significance of your work recognized, Brian.

  22. JoeHx

    After reading the headline, I thought their “non-exhaustive list” was going to be hundreds of entities long. Nope, only seven. Congrats on making the list!

  23. Jill

    Great insight on how Gartner works, from your post as well as the comments section. I always learn so much here!

Comments are closed.