Software & Applications Business beyond Endpoints
While endpoint security continued to be a mainstay business, vulnerabilities in cloud, social media and mobility brought in new revenue streams
New business and technology models are ever driving organizations to implement robust yet scalable IT and communications infrastructure. The triggers are many—such as the need to engage with the customers better through channels like social media, and to drive organizational excellence through mobility and collaboration tools. While responding to these triggers helps organizations build competitive differentiators and advantages for themselves, it also creates new complexities and vulnerabilities across various layers of ICT infrastructure.
In fact, the agility, capacity, performance and availability in an ICT infrastructure can be a double-edged sword. It could spawn a host of new entry and leakage points that could be exploited by external attackers when casually left open by internal people.
Key Players
Though a contribution in security software market came from endpoint, the network security software as well as identification and access management segments grew while business from security software and security and vulnerability management applications remained by and large constant.
Players like Symantec, Intel, and Trend Micro lead the endpoint security market though seeing tough competition from the local security software vendors in certain regions.
Network security continued to see good growth as it witnessed market consolidation with Sourcefire acquired by Cisco, Stonesoft acquired by McAfee and Cyberoam acquired by Sophos. With changing landscape of cyber threats and growing adoption of disruptive technologies like mobility, virtualization and cloud is pushing security vendors to expand their network security solutions capabilities and merging of technologies, for example, virtualized firewalls; hardened OS for security appliance, and running firewalls with hypervisor.
Challenges
In the more recent years, organizations have focused on innovations—in products, structures and processes—to achieve new growth markets and opportunities. The business impact of adopting models like cloud computing, mobility, big data and virtualization has been experienced by all organizations, big and small.
At the same time, in the wake of major security breaches and attacks across the globe, network security for the connected
enterprise has become a serious area of concern. For example, migrating to the cloud from an in-premise model fundamentally changes the way IT security is to be addressed. The challenge is that organizations are still developing cloud security processes and solutions, which potentially gives hackers and attackers a wide window of opportunity. Likewise, a BYOD traction creates challenges around management and security of mobile devices, which must be addressed proactively by IT.
Network security threats are also continuously evolving and expanding with added levels of sophistication with each passing phase. This has contributed to the rise in organized cyber crimes, with phishing syndicates innovating in no less measures to trick users into their traps.
Lately, online attacks, comprising blended threats, hybrid attacks, and APTs, have increased in speed and sophistication exponentially. Further, spam emails are not generally a self-contained attack anymore, but rather a social engineering component of a larger attack. These are designed to convince a potential victim to interact with the web-based content, which could crack open an organization’s security system to an ill-intending hacker.
All these developments have led the security vendors into continuously evaluating their products and enhancing protection features.
Besides, there is a growing threat due to abuse of trust within organizations. Due to lack of a thorough control or visibility, insiders are able to take organization’s intellectual property in ways as simple as copying information on a pen drive or mailing it out of the organization’s network.
Key Developments
In July of 2013, Cisco acquired Sourcefire Inc., a maker of network security hardware and software, for $2.7 billion. The acquisition is considered to have worked positively for Cisco and strengthened its position in the security market. In India, reports suggested that the security team had doubled in size in the past couple of years.
Palo Alto Networks was one player that became significantly more aggressive in India last year. It was reported to have hired 50-60 channel partners and was engaging them in roadshows to sensitize on security issues in tune with the enterprises focusing more on cloud, mobile and collaboration tools. The California-based company said it would be setting up regional offices in cities like Mumbai, Bangalore, Delhi and Chennai and also ramping up its team sizes. Until 2013, the company had a team of 15-18 people in India and up to 200 customers locally.
The surveillance function at enterprise was getting more and more integrated with the broader enterprise security strategies. Terrorism, employee and company assets safety, and theft drove a growing demand for video surveillance in government, transportation, hospitality, and BFSI sectors.
Organizations are changing gear from analog to IP-based surveillance. Urban security, hospitality, airport security, and education sectors are witnessing higher investments for installation, as well as upgrading the existing security surveillance infrastructure. Enterprises saw the benefits of integrating IP surveillance with IT security, including a single view of their security architectures, comprehensive and proactive monitoring, faster response time, greater interoperability, and reduced costs.
At the same time, surveillance market is increasingly witnessing convergence with software platforms and access control solutions. Vendors like Tyco, Honeywell, Siemens, Bosch, and Milestone and so forth are developing next-generation surveillance solutions on IT platforms from IBM, Dell, and HP that is contributing to IT convergence.
What Next?
In the coming years, Internet of things (IoT) and machine-to-machine (M2M) are going to be the growing focus areas for network security players. The industry has still not forgotten how the Stuxnet virus brought down Iran’s nuclear program to a screeching halt a few years ago.
It has been feared that similar malware could potentially spew havoc on a wider variety of systems in a developing M2M era. In fact, a Symantec study findings release in 2013 said the Stuxnet virus had not fully been doused on the computer networks globally and its traces are still out in the wild. Experts have feared that in the hands of hackers, the virus or its ilk could wreck havoc for the countries’ smart grid and smart meter programs, among other potential damages.
No wonder, vendors are gearing up to tackle the network security challenges of a fast approaching M2M era.