Print

Comment

Email

Digg

Del.icio.us

Reddit

The network security market showed positive growth trends in FY 2004–05. There was an increased awareness of
security-related issues resulting in increased compliance levels. Both large enterprises and SMBs across almost all industry segments prepared themselves for eminent threats and attacks. As the networks crossed geographical boundaries and increasingly more applications being run on them, there was a growing realization to protect and secure the information flowing over the networks and this fuelled the market's growth. According to VOICE&DATA estimates, the security products market, including appliances and software products, grew by almost 37 percent to reach Rs 299 crore. In FY 2003–04 it was Rs 219 crore.

Cisco emerged as market leader with its integrated security approach. It clocked almost Rs 140 crore from its security business. The leadership of Cisco comes from the fact that it supplies major portion of enterprise equipment in the market. No other security or network equipment vendor has such a market share in both the segments combined.

Juniper has been trying to eat into the Cisco market but would take some time to really catch up.

Attacks and threats to networks have not only increased in the last couple of years but the nature of these attacks has also changed. From simple virus infections or a malicious codes snooping around the network, the threats have become blended-combining the characteristics of viruses, worms, trojans, and malicious codes. Blended threats exploit the vulnerabilities to initiate, transmit, and spread an attack by using multiple methods and techniques and cause widespread damage. As the complexity of threats and the affected areas increased, demand for security solutions also went up.

Spyware and adwares added new dimensions to the security threats encountered by networks. Such harmless-appearing software residing on the networks or the desktops ate into the bandwidth and also transmitted information outside the networks. Key loggers were another menace the network managers had to deal with, to stop sensitive data being captured and transmitted. Even the denial of service (DoS) attacks evolved and became distributed (DDoS).

As more employees went mobile and business houses opted for wireless in the last mile and IP to connect their branch and remote locations, threat perceptions also changed. Wireless access technologies like Wi-Fi demanded a new outlook towards securing a network. Use of mobile devices like laptops, PDAs, and smart phones to access the intranet also went up and securing these open ends posed great challenges.

Key Trends
The Indian security market was slowly moving towards maturity, though the benchmark markets like Japan, Korea, some European countries or even the United States were far ahead in terms of deployment, compliance, and awareness when it came to securing networks. There was a major shift in the outlook of corporations and enterprises towards their network security requirements. From being a value add for the network, they now viewed security as a part of the network infrastructure. The concept of having a chief security officer, in addition to the CIO, slowly gained momentum. The budget assigned for security services and appliances was no more seen as a burden on the capex of a company. In fact, the management realized the benefits of secure network and protecting the mission-critical applications.

The movement from only securing a network to securing the applications along with the network was another key trend. Recent attacks have been targeting the mission- and business-critical applications apart from clogging the network and eating up bandwidth. The focus shifted from securing perimeter to securing every layer-perimeter, core, applications, and wireless-of the network. Virus attacks in FY 2004–05 moved away from desktops to the servers and gateways. The concept of a vanishing perimeter has gained acceptance with more and more people accessing their corporate networks from outside. This also broke the divide between internal and external threats.

Anti-virus (AV) and firewalls occupied the largest market share in the security appliances business. However, the concept of a self-defending and self-healing network increasingly brought intrusion detection and protection (IDP) solutions to the forefront. While anti-virus and firewalls are seen more as reactive security mechanisms, IDP solutions are more proactive and get activated as soon as any abnormal behavior is detected.

The anti-virus market grew by 38 percent FY 2004–05. The anti-virus segment is now being clubbed with anti-spam solutions. But almost all the AV solutions were software based and licensed, and revenue from the renewals was also substantial. With blended threats and spam rates increasing by the day, AV companies like Trend Micro, Symantec, and McAfee started to include simple spam control and management in their products.

Today, Internet and e-mails have become part of an enterprises' working environment and the quantity of spam has affected network efficiency and brought down the overall productivity of organizations.

Identity Management Gains Ground
The blended threats-spyware/adware/phishing attacks-last year showed that signature authentication might be a valid mechanism to restrict entry into a network. However, process of updating signatures was slow when compared to the new forms of attack. This was also an indication that mere signature authentication was not enough and some identity management was required.

In the authentication sphere, RSA was the leading vendor with almost no competition. Two-factor authentication was being widely used by enterprises.

The rise in number of access points highlighted the need to effectively manage identities. Last year the trend was to move towards a single username and password, instead of using multiple identities. The need for single identity also came from a network manager's perspetive who has difficulties in managing the huge numbers within an organization and assigning restricted access on multiple identities. A single username and password with specific access rights is another security measure being actively explored by enterprises.

Automated Patch Management
With new vulnerabilities being discovered every day and hackers launching flash attacks, patch management saw gaining importance last financial year. Security integrators and service providers like HCL Comnet, Secure Synergy, Network Solutions, Wipro Infotech, and many others have integrating patch management solutions over the networks.

Patches were being released earlier also, the change happened in the process used to install them. Increasingly, patch management moved towards becoming a service. Patch management began to involve scanning of the network for vulnerabilities, understanding the threats, downloading the relevant patches and installing them over the network; often done remotely from a security operating center. Patch management market gained impressively last year and jumped 150 percent from Rs 4 crore to Rs 10 crore. Still small compared with anti-virus or firewall market, but the growth rate is an indication of the importance being attached to it.

Focus on Early Detection
Once an attack has happened, actions taken become more of a damage control procedure. Thus, in FY 2004–05 security vendors focused on early detection of any abnormal behavior and preventing the attack from being launched. Though the market for IDP/IDS segment was around Rs 20 crore. The idea of early detection and prevention caught up and holds lot of promise. Although IDP/IDS were deployed in large numbers, organizations did not have their people and processes in place to manage the logs that were generated. IDP and IDS don't work effectively until an organization tunes them regularly and updates signatures specific to the threats. The lack of regular updation and trained pesronnel to monitor the logs resulted in a large number of false alarms and hence, IDP/IDS could not provide the promised protection.

These lapses were actively plugged through remote security management services provides by the security vendors.

Mobile and Wireless Security
The open nature of wireless access points prevents from security solutions from being deployed on them and makes intruding into the networks relatively easy. Moreover, Wi-Fi-based wireless networks and mobile networks are open to unauthorized access, and this makes them difficult to be monitored. As they were new mode of connectivity, enterprises were generally not aware of the threats through these access points. Similarly the security companies were still evolving ways and means to secure them.

On wireless networks, a client or device-end solution is the only way to protect a network from being compromised. As a result, SSL VPN emerged the most effective solution for wireless and mobile devices. Mobile device manufactures like Nokia-who have huge stake in the wireless networking market too-secured their devices with firewalls and VPN clients. However, till now, not much activity here. Neither did the hackers try their skills at SSL VPNs nor did the vendors offer any new solutions.

Integrated Box Solutions
Cisco again emerged the king in security space and it floated the idea of combining security products with the network equipments.

Last year saw integration of security solutions in two directions, the security was bundled with network equipment and secondly, the security solutions were bundled in one package.

With the bundling of security with network gear, the concept of network admission control (NAC) gained popularity both among Cisco's partners and customers. Cisco took the initiative of bringing together different security domain experts onto a common table in providing an integrated solution rather then asking the organizations to depend on an all-purpose product. Juniper promoted multiple virtual firewalls in one box to cut down on cost and management of these devices.

With the bundling of security products in a single package, a new way to look at the integrated box concept was floated by companies like Fortinet, Watchguard, and Sonicwall. These vendors brought in multiple-function boxes for the price sensitive companies, who did not want to spend on multiple equipment and the management of these boxes. The SMB segment bought these devices. They came with default anti-virus and firewalls with options to include IDP, anti-spam, authentication, or patch management solutions. However, the big enterprises still preferred discreet devices, as their traffic flow was higher and many also opted for outsourcing managed security services.

Services Gaining Ground
The security services market had been growing at over 50 percent in last couple of years and in FY 2004–05 it grew by 60 percent. In fact, of the total network security market, services last year occupied more than 20 percent. This percentage is set to rise with the services component in any security deal increasing by the day. From less than 20 percent of the deal size couple of years ago, services can get to be up to 40 percent in some cases. For companies like HCL Comnet the services-equipment split was 35:65. For smaller companies like Secure Synergy, services part was touched almost 40 percent. While for Network Solutions the split was 25:75 for services and products.

Last year, the market also favored managed services. Enterprises realized that security is not just about best of breed technology or buying boxes and putting them up. Rather it is a process that needs constant service support to work effectively. Still, outsourcing of managed security services did not happen in big way. The reason: organizations were not comfortable with the idea of handing over the security to a third party and wanted to retain control of their networks.

However, last year most security service providers experienced a rise in their services revenue. Services like consulting on network security design, processes, certifications, and selection of technology and its implementation became part of the normal security integration. The network integrators came up with firewall management, patch management, intrusion detection, e-mail and content management, vulnerability assessment, and testing kind of managed services to attract customers.

Though offsite remote management did not take off much, a combination of offsite and onsite management offerings found acceptance. Everybody was talking about security operating centers (SOCs) just like network operations centers.

Another hot service area that emerged last year was device management and event correlation. Security solutions throw up huge logs of vulnerabilities and intrusions in any day. The process of filtering false alarms and creating a precise and meaningful threat report was now being done remotely and in some cases the whole process was automated.

Market Segments
The security solution and services market witnessed a push from all key industry segments. The thrust was particularly strong from enterprises that had multiple locations. However, even single location businesses were equally concerned. Also, the past year belonged to the SMB segment. The segment appeared to be slowly waking up to the threats and it currently contributes almost 40 percent to the network security appliance and services market.

As in many previous years, banking and financial sectors were the most active growth drivers for security solutions. The reason being, most of the public sector banks-State Bank of India, Punjab National Bank, Corporation Bank, Bank of Baroda to name some-and private banks like ICICI Bank, UTI Bank, HDFC Bank among others made e-banking their prime offering. And with more transactions going online and Web-based BFSI sector bought every type of security solution. Internet banking guidelines from RBI ensured that banks look at vulnerability analysis and penetration testing. In the process, banks saw the advantages of applying the solutions to other portions of their network as well.

Although a little late, many union government organizations are waking up to join the security bandwagon. In fact, e-governance projects and the various drives to put information online resulted in tenders for security products too. E-learning and telemedicine were other projects where networking was key. The dependence on networks resulted in security policies gaining importance in the organizations.

ITeS and IT companies also gave good business to the security companies. For the IT companies serving multi-national locations, securing their connectivity network was of prime importance and they bought solutions across the board. The business outsourcing companies bought more of compliance kind of solutions. Compliance to Sarbanes Oxley or HIPPA guidelines and certifications like BS7799 or BS15000 became mandatory for the BPOs as these were demanded by their clients. Financial frauds like the one at Mphasis are rare in India but it made ITeS companies pay more attention to security policies and their compliance.

Most of the manufacturing and retail companies have traditionally been on some kind of a network and already had some kind of a security solution in place. The changing nature of attacks made them evaluate their upgradation policies. This segment is expected to adopt new technologies and applications in FY 2005–06.

Similarly, the hospitality sector increasingly adopted IT. Wi-Fi access points became virtually mandatory in hotels. The implementation of wireless networks in this sector prompted wireless security measures being put up along with the networks.

Telecom operators and Internet service providers were also among the buyers last year. This segment bought SSL VPNs and IPSec apart from anti-virus, firewalls, and IDP appliances. The service providers were buying not only to make their networks secure but also partnering with other companies to provide secure connectivity to their customers.

Outlook 2005–06
If there are networks, there will be security threats and in years to come these threats will only become deadlier. Viruses and worms would continue to roam and the malicious hackers would be testing new methods and ways to intrude into the networks.

This year the enterprise focus is likely to shift to smart phones and other mobile devices, as their numbers are going to be large. The large numbers will allow hackers to spread their attacks quickly. With young and inexperienced users increasingly using these mobile devices to access anything over the Web-integrating with computing equipment, gaming, songs etc-they will be a sure-shot attack point with a wide impact.

Spyware and adware would also form a significant portion of the security threats. With Internet usage on the increase, people are visiting all sorts of sites increasing the possibility of spyware downloads/installation.

Though security equipments and appliances would have a larger share in revenue terms, security services would also drive the market in a major way. The enterprises and corporations are realizing the need for security consultancy and audit services. This year they are likely to focus on trying to improve the processes and the management of devices. Things like incident management, proper maintenance of documentation, proper change management, and impact analysis are not very frequently seen and can be a cause for security breaches and risks.

With increasing competition between the enterprises, there is a possibility for intentional attack on organizations. These attacks could be from internal or external users. Blending, segregation, and redefinition of duties would become all the more essential to reduce the threats of putting all responsibilities in the hands of a few people. The visibility of the security breaches is going to increase and these breaches would take the shape of high impact incidents rather than small incidents.

With increasing amounts of data being stored on backend storage devices, there are disaster recovery sites being developed to back up data. Hackers are going to attempts cracking these devices and even the DR sites.

With India increasingly becoming a global IT and ITeS hub, it is going to be tested for its efficiency and capability in securing global data. Compliance and certification services would attract more attention.

Everybody knows that security breaches can occur despite the best security products being deployed. The question now stretches to how soon the organization can return to normal. This depends heavily on the actions being taken to reduce the attack's impact and spread, and controlling the breach. The issues of incident management, mapping, and planning for risk assessment and management would be key for the security business in India.

Anurag Prasad