As network uptime began to be equated with business uptime, network security
emerged as a prime concern for Indian businesses in FY 2002–03. Vendors
offering network security hardware and software solutions identified India as a
key emerging market. Almost every big network integrator went for one or the
other kind of specialization in network security.
However, despite this new focus on network security wherein many enterprises
started looking at security from a more holistic perspective, the Indian market
primarily remained firewalls and anti-virus solutions-centric. This was not
surprising given the fact that the increased usage of e-mails led to widespread
virus attacks. Consequently, the most popular, and the most basic, security
measure was deploying a firewall. There was very little business in other areas
except in intrusion detection system (IDS) that emerged as an important buy for
some organizations. Also, authentication caught the fancy of large software and
BPO companies.
The
Market
VOICE&DATA estimates that the market for network security products grew
from around Rs 150 crore in FY 2001–02 to Rs 165 crore in FY 2002–03. It is
surprising that the market grew by only 10 per cent despite security being a
major concern among Indian CIOs.
The growth was largely on account of some major deals in the banking, finance
and telecom sector. Investments in network security in these segments were
primarily driven by business needs as lot of services being offered by companies
in these sectors were network dependent. Of the Rs 165 crore, Rs 145 crore, i.e.
88 percent, was accounted by firewalls and anti-virus solutions (excluding
desktop anti-virus). IDS, authentication, encryption, and PKI accounted for the
rest of the market.
n Firewalls: A significant
trend noticed in the firewall space last year was the beginning of a shift from
software-based firewalls to hardware-based firewalls.
| Major
Product Segments |
| FY
2002-03 (sales-wise) |
| 1 |
Firewall |
80 crore |
| 2 |
Anti-virus
solutions |
65
crore |
| 3 |
IDS |
10
crore |
| 4 |
Others |
10
crore |
| Total |
a |
165
crore |
| *Others
include Authentication, Encryption, PKI etc. |
| V&D
estimates |
CyberMedia
Research |
Cisco’s Pix was the leader in the hardware firewall segment while
Checkpoint was the most widely deployed software-based firewall. The third
important player in this segment was NetScreen. While these three are active
across the country, there are also vendors that are active in a particular
region of the country. For example, Watch Guard is active in south, and Sonic
Wall in west. Pix appeared to be the most deployed firewall on new networks,
while Checkpoint was popular with legacy networks.
Nortel’s Alteon (a hardware platform with Checkpoint software) was a
significant market entry in this space last year. Nortel’s entry in this space
is logical, given the fact that firewall is increasingly being integrated into
routing equipment. Also, firewall is considered a domain of routing companies.
n Gateway,
E-mail, Anti-virus Solutions: As the use of e-mail became widespread and
virus attacks became more lethal and complex, deploying anti-virus solutions
became the top priority of those looking to secure their networks. Trend Micro
was clearly the leader in the gateway anti-virus segment, followed by Symantec
and Network Associates.
n IDS: The IDS market was
driven by a realization among companies that it is a more important device than
a firewall. ISS was the leader in this space, followed by Cisco and Symantec.
NetScreen was other important player.
n Authentication: Two-factor
authentication (password and token) began to be accepted as companies began to
be attracted to its high-value proposition at lower costs. Software and BPO
companies opened up to authentication products with some manufacturing,
pharmaceutical, and banking and finance companies also showing interest. RSA was
the leading player in this segment. VOICE&DATA estimates that it did a
business of Rs 5.5 crore in the year 2002–03 in two-factor authentication.
| Major
Players |
| Firewall |
| 1 |
Cisco |
| 2 |
Checkpoint |
| 3 |
NetScreen |
| Anti
Virus |
| 1 |
Trend
Micro |
| 2 |
Symantec |
| 3 |
Network
Associates India |
| IDS |
| 1 |
ISS |
| 2 |
Cisco |
| 3 |
Symantec |
| Authentication |
| 1 |
RSA |
Roadblocks
End-to-end security is still not being considered by a majority of Indian
enterprises. Most enterprises are content with anti-virus solutions and
firewalls. Security is still not considered a critical component of the network
except in the case of big companies in the banking and finance sectors. Then,
there are organizations, which despite being aware of the need to go for an
end-to-end security, are often constrained by the lack of resources and trained
security professionals.
Also, except for a few vendors, most of them have been more interested in
short-term gains by high-value product selling.
Besides, for a large number of enterprises, awareness of network security
issues and challenges remains a critical issue that often leads them to believe
that anti-virus solutions and firewalls were the beginning and the end of
network security.
Segments like PKI failed to make any significant mark because of lack of
e-business and commercial use of Internet.
| Vendors
to Watch For |
| 1 |
NetScreen |
| 2 |
Nortel |
| 3 |
Crossbeam |
Outlook
Today, only a small number of businesses in India are networked. However,
this is likely to change in the coming years. Also, for those that are getting
networked, the first priority is to build the network. They are likely to focus
on security only when the network is in place. Once they start focusing on it,
the network security products market will see more action. Besides, networked
organizations are likely to invest in security once they begin extending and
their networks to business partners (extranets) and customers (e-business).
| If
Networks Are All-pervasive, so Are the Threats... |
| As
businesses become more and more dependent on networks, they become more
and more vulnerable to threats and attacks from hitherto unimaginable
sources. Consider these findings of the recently released Symantec
Internet Security Threat Report that surveyed more than 400 companies in
30 countries: |
| l |
On
an average, companies experienced 30 attacks per company per week during
the last six months of 2002. |
| l |
Approximately
85 percent of this activity was classified as pre-attack reconnaissance,
and the remaining 15 per cent were various forms of attempted (or
successful) exploitation. |
| l |
Despite
the decline in the attack volume over the prior six-month period, average
attacks per company during the past six months remained 20 per cent higher
than the rate recorded during the same six-month period in 2001. |
| The
same report also had another set of warning for networked companies: |
| l |
In
addition to exceeding external attacks in overall volume, the customer
self-assessments of damage were particularly high for internal cases of
abuse and misuse. |
| l |
High
self-reported damage estimates, coupled with relative simplicity with
which the perpetrators acted, should be considered a warning sign that
protecting against the internal threat is extremely important. |
Ravi Shekhar Pandey
Page(s) 1
Print
Comment
Email
Digg
Del.icio.us
Reddit
