The network security services market showed positive growth in FY 2007–08,
growing at more than 70%. Also, there was an increased awareness of
security-related issues, increasing compliance levels. Both large enterprises
and SMBs, across almost all industry segments, prepared themselves for imminent
threats and attacks.
The network security market closely follows infrastructure network
deployments as was clearly reflected in the growth. The major adopters of
security continued to be BFSI and ITeS. The large network deployments on telecom
networks did not reflect in their adoption of security, primarily because they
were still consolidating on their voice strategy.
The key driver of security adoption last year was compliance, however, the
scope of the term compliance would have to be widened a bit, if only for the
purpose of this current discussion.
The Market
In FY 2007-08, the overall security solutions market in India stood at Rs
456 crore and has grown at more than 70%. HCL Comnet, Wipro Infotech, and
Datacraft were the main players to contribute to this figure. HCL Comnet topped
the chart with Rs 70 crore from its services business and Datacraft was not far
behind with revenues of Rs 65 crore. A major chunk of HCL Comnet's revenue came
from BFSI customers; National Insurance Company and SEBI are its main customers.
Datacraft is still minting money from its deal with SBI, and BPOs are among
its major customers. It has shown a growth of 116% from the previous year. The
other player to achieve a three-digit growth was Fortinet. The company grew at
122%. Out of this, 40% came from telcos and the rest 60% from the BFSI and other
sectors. Fortinet clocked revenue of Rs 40 crore from Rs 18 crore in the last
financial year. Wipro Infotech comes second in the V&D100 chart in terms of
revenue. Its revenue for FY 2007-08 is Rs 55 crore, showing a growth of 44%. Its
revenue for FY 2006-07 was Rs 38 crore.
Secure Synergy, another player in the same space has done a business of Rs 22
crore from Rs 16 crore in the previous fiscal. Telcos are being the major
contributors to its revenue. Government/defense and SMBs are other sectors that
have significantly contributed to its overall performance.
Key Trends
One of the reasons for absence of outages was large-scale deployment of
anti-virus solutions. And also because a new category of products was added to
this product mix-'Anti-X'.
Anti-X comprises anti-virus, anti-phishing, anti-spam, URL blocking, and
other products of similar kinds. Also, customers migrated to acknowledging
threats, other than those that could be addressed by Anti-X. This realization
was driven by new threats such as electronic fraud and theft prevention
prevalent in the process of e-commerce.
Though immediate threats seemed to have become less relevant in buying
decisions, anti-viruses continued strong sales growth and the Anti-X category of
products has fast gained ground. Most of these were, however, bundled with
firewalls and gateway security solutions.
While the buying constituted of usual firewalls VPN, the growth begun with
the intrusion-detection system (IDS) and intrusion-prevention system (IPS).
These are much higher in value and currently being considered (deployment is
still not much) only by large customers.
The network security market in the country is undergoing a change marked
primarily by integration of security appliances and solutions to underlying
networks and system infrastructure. In the same way, a trend in the form
of manageability of complex multi-vendor security products opened doors for
specialized managed security service providers in the areas of perimeter
security, vulnerability management, log monitoring, and analysis.
Globally, network and security administrators are continuously adding
multiple layers of protection in order to keep their network and systems secure
from known and unknown attacks. These layers of protection include several
appliances and integrated solutions in the form of intrusion prevention systems,
application firewalls, data leakage prevention, content inspection, and DoS
prevention solutions. Compliance like PCI/SOX is pushing enterprises to invest
more on SIEM (security incident and event management) and vulnerability
management solutions.
Also, companies face new threats, not only from the outside but also from
within the organizations. Making the growth of Intranet controllers is another
trend. There was always the threat of malicious employees making unauthorized
access to data on the LAN. Further, new threats come from mobile employees,
contract workers, and even the work-from-home culture.
Mobile employees continue to bring in infected mobile devices behind the
secure perimeters, from where these devices spread viruses and spam; contract
employees within or outside companies' premises, with the need to access certain
parts of the company's network also add to the threat, thus the security
features of a WAN need to be integrated on to the LAN networks. Now, users
within the LAN will first have to be qualified to use the network, by being
up-to-date in terms of security policies. Even when inside the LAN, different
users have different levels of access to resources.
In terms of trends in the security architecture, FY 2007-08 saw the
continuance of the layered architecture approach for data centers and HQs. The
new trend here was a greater adoption of unified threat management (UTM)
solutions at branch offices and SMBs. These data centers and HQs host the most
vital information and applications servers, creating a need for engineers for
the maintenance of point solutions.
Identity Management
The blended threats-spyware, adware, and phishing-last year showed that
signature authentication might be a valid mechanism to restrict entry into a
network. However, the process of updating signatures was slow when compared to
the new forms of attack. This was also an indication that mere signature
authentication was not enough and identity management was required.
In the authentication sphere, RSA was the leading vendor with almost no
competition. Two-factor authentication was being widely used by enterprises.
The rise in number of access points highlighted the need to effectively
manage identities. Last year the trend was to move toward a single username and
password, instead of using multiple identities. The need for single identity
also came from a network manager's perspective that has difficulties in managing
huge numbers within an organization and assigning restricted access on multiple
identities.
Focus on Early Detection
Once an attack has happened, actions taken become more of a damage control
procedure. Thus, in FY 2007–08 security vendors focused on early detection of
any abnormal behavior so as to prevent the attack.
Though the markets for IDP and IDS segments were around Rs 60 crore, the idea
of early detection and prevention caught up. Although, IDP and IDS were deployed
in large numbers, organizations did not have people and processes in place to
manage the logs that were generated. IDP and IDS don't work effectively until an
organization tunes them regularly and updates signatures specific to the
threats.
The lack of regular upgradation and trained personnel to monitor the logs
resulted in a large number of false alarms, and hence, IDP and IDS could not
provide the promised protection.
Wireless Security
The open nature of wireless access points prevents security solutions from
being deployed on them, and makes intrusion into the networks relatively easy.
Moreover, Wi-Fi based wireless networks and mobile networks are open to
unauthorized access making them difficult to be monitored.
On wireless networks, a client or device-end solution is the only way to
protect a network from being compromised. As a result, SSL VPN emerged as the
most effective solution for wireless and mobile devices. Mobile device
manufactures like Nokia that have huge stake in the wireless networking market
secured their devices with firewalls and VPN clients.
Integrated Box Solutions
Cisco again emerged as the king in the security space, and floated the idea
of combining security products with network equipment.
Last year saw integration of security solutions in two directions, the
security was bundled with network equipment and the security solutions were
bundled in one package.
With the bundling of security with network gear, the concept of network
admission control (NAC) gained popularity both among Cisco's partners and
customers. Cisco took the initiative of bringing together different security
domain experts onto a common platform in providing an integrated solution rather
then asking organizations to depend on an all-purpose product. Juniper promoted
multiple virtual firewalls in one box to cut down on cost and management of
these devices.
With the bundling of security products in a single package, a new way to look
at the integrated box concept was floated by companies like Fortinet, Watchguard,
and Sonicwall. These vendors brought in multiple-function boxes for
price-sensitive companies that did not want to spend on multiple equipment and
management of these boxes. The SMB segment bought these devices. They came with
default anti-viruses and firewalls with options to include IDP, anti-spam,
authentication, or patch management solutions.
Services Gaining Ground
The security services market had been growing at over 80% in the last couple
of years, and in FY 2007–08 it grew by 72%. In fact, in the total network
security market, services last year occupied more than 20%. This is set to rise
with the services component in any security deal increasing by the day.
Last year, the market also favored managed services. Enterprises realized
that security is not just about best-of-breed technology or buying boxes and
putting them up, rather, it is a process that needs constant service support to
work effectively.
However, last year, most security service providers experienced a rise in
their services revenue. Services like consulting on network security design,
processes, certifications, and selection of technology and its implementation
became part of the normal security integration. The network integrators came up
with firewall management, patch management, intrusion detection, email and
content management, vulnerability assessment, and testing kind of managed
services to attract customers.
Though offsite remote management did not take off much, a combination of
offsite and onsite management offerings found acceptance. There has been a lot
of talk about security operating centers (SOCs) just like network operations
centers.
Gyana Ranjan Swain
gyanas@cybermedia.co.in
Page(s) 1
Print
Comment
Email
Digg
Del.icio.us
Reddit
