|
Maturing, but Slowly
As cyber threats rise dramatically, heavy investments and
research are going into network security
Gyana Ranjan Swain
Tuesday, June 03, 2008
The network security services market showed positive growth
in FY 2007–08, growing at more than 70%. Also, there
was an increased awareness of security-related issues, increasing
compliance levels. Both large enterprises and SMBs, across
almost all industry segments, prepared themselves for imminent
threats and attacks.
The network security market closely follows infrastructure
network deployments as was clearly reflected in the growth.
The major adopters of security continued to be BFSI and ITeS.
The large network deployments on telecom networks did not
reflect in their adoption of security, primarily because they
were still consolidating on their voice strategy.
The key driver of security adoption last year was compliance,
however, the scope of the term compliance would have to be
widened a bit, if only for the purpose of this current discussion.
The Market
In FY 2007-08, the overall security solutions market in India
stood at Rs 456 crore and has grown at more than 70%. HCL
Comnet, Wipro Infotech, and Datacraft were the main players
to contribute to this figure. HCL Comnet topped the chart
with Rs 70 crore from its services business and Datacraft
was not far behind with revenues of Rs 65 crore. A major chunk
of HCL Comnet's revenue came from BFSI customers; National
Insurance Company and SEBI are its main customers.
Datacraft is still minting money from its deal with SBI,
and BPOs are among its major customers. It has shown a growth
of 116% from the previous year. The other player to achieve
a three-digit growth was Fortinet. The company grew at 122%.
Out of this, 40% came from telcos and the rest 60% from the
BFSI and other sectors. Fortinet clocked revenue of Rs 40
crore from Rs 18 crore in the last financial year. Wipro Infotech
comes second in the V&D100 chart in terms of revenue.
Its revenue for FY 2007-08 is Rs 55 crore, showing a growth
of 44%. Its revenue for FY 2006-07 was Rs 38 crore.
 SecureSynergy, another
player in the same space has done a business of Rs 22 crore
from Rs 16 crore in the previous fiscal. Telcos are being
the major contributors to its revenue. Government/defense
and SMBs are other sectors that have significantly contributed
to its overall performance.
Key Trends
One of the reasons for absence of outages was large-scale
deployment of anti-virus solutions. And also because a new
category of products was added to this product mix-'Anti-X'.
Anti-X comprises anti-virus, anti-phishing, anti-spam, URL
blocking, and other products of similar kinds. Also, customers
migrated to acknowledging threats, other than those that could
be addressed by Anti-X. This realization was driven by new
threats such as electronic fraud and theft prevention prevalent
in the process of e-commerce.
Though immediate threats seemed to have become less relevant
in buying decisions, anti-viruses continued strong sales growth
and the Anti-X category of products has fast gained ground.
Most of these were, however, bundled with firewalls and gateway
security solutions.
While the buying constituted of usual firewalls VPN, the
growth begun with the intrusion-detection system (IDS) and
intrusion-prevention system (IPS). These are much higher in
value and currently being considered (deployment is still
not much) only by large customers.
The network security market in the country is undergoing
a change marked primarily by integration of security appliances
and solutions to underlying networks and system infrastructure.
In the same way, a trend in the form of manageability of complex
multi-vendor security products opened doors for specialized
managed security service providers in the areas of perimeter
security, vulnerability management, log monitoring, and analysis.
Globally, network and security administrators are continuously
adding multiple layers of protection in order to keep their
network and systems secure from known and unknown attacks.
These layers of protection include several appliances and
integrated solutions in the form of intrusion prevention systems,
application firewalls, data leakage prevention, content inspection,
and DoS prevention solutions. Compliance like PCI/SOX is pushing
enterprises to invest more on SIEM (security incident and
event management) and vulnerability management solutions.
Also, companies face new threats, not only from the outside
but also from within the organizations. Making the growth
of Intranet controllers is another trend. There was always
the threat of malicious employees making unauthorized access
to data on the LAN. Further, new threats come from mobile
employees, contract workers, and even the work-from-home culture.
Mobile employees continue to bring in infected mobile devices
behind the secure perimeters, from where these devices spread
viruses and spam; contract employees within or outside companies'
premises, with the need to access certain parts of the company's
network also add to the threat, thus the security features
of a WAN need to be integrated on to the LAN networks. Now,
users within the LAN will first have to be qualified to use
the network, by being up-to-date in terms of security policies.
Even when inside the LAN, different users have different levels
of access to resources.
In terms of trends in the security architecture, FY 2007-08
saw the continuance of the layered architecture approach for
data centers and HQs. The new trend here was a greater adoption
of unified threat management (UTM) solutions at branch offices
and SMBs. These data centers and HQs host the most vital information
and applications servers, creating a need for engineers for
the maintenance of point solutions.
Identity Management
The blended threats-spyware, adware, and phishing-last year
showed that signature authentication might be a valid mechanism
to restrict entry into a network. However, the process of
updating signatures was slow when compared to the new forms
of attack. This was also an indication that mere signature
authentication was not enough and identity management was
required.
In the authentication sphere, RSA was the leading vendor
with almost no competition. Two-factor authentication was
being widely used by enterprises.
The rise in number of access points highlighted the need
to effectively manage identities. Last year the trend was
to move toward a single username and password, instead of
using multiple identities. The need for single identity also
came from a network manager's perspective that has difficulties
in managing huge numbers within an organization and assigning
restricted access on multiple identities.
Focus on Early Detection
Once an attack has happened, actions taken become more of
a damage control procedure. Thus, in FY 2007–08 security
vendors focused on early detection of any abnormal behavior
so as to prevent the attack.
Though the markets for IDP and IDS segments were around Rs
60 crore, the idea of early detection and prevention caught
up. Although, IDP and IDS were deployed in large numbers,
organizations did not have people and processes in place to
manage the logs that were generated. IDP and IDS don't work
effectively until an organization tunes them regularly and
updates signatures specific to the threats.
The lack of regular upgradation and trained personnel to
monitor the logs resulted in a large number of false alarms,
and hence, IDP and IDS could not provide the promised protection.
Wireless Security
The open nature of wireless access points prevents security
solutions from being deployed on them, and makes intrusion
into the networks relatively easy. Moreover, Wi-Fi based wireless
networks and mobile networks are open to unauthorized access
making them difficult to be monitored.
On wireless networks, a client or device-end solution is
the only way to protect a network from being compromised.
As a result, SSL VPN emerged as the most effective solution
for wireless and mobile devices. Mobile device manufactures
like Nokia that have huge stake in the wireless networking
market secured their devices with firewalls and VPN clients.
Integrated Box Solutions
Cisco again emerged as the king in the security space, and
floated the idea of combining security products with network
equipment.
Last year saw integration of security solutions in two directions,
the security was bundled with network equipment and the security
solutions were bundled in one package.
With the bundling of security with network gear, the concept
of network admission control (NAC) gained popularity both
among Cisco's partners and customers. Cisco took the initiative
of bringing together different security domain experts onto
a common platform in providing an integrated solution rather
then asking organizations to depend on an all-purpose product.
Juniper promoted multiple virtual firewalls in one box to
cut down on cost and management of these devices.
With the bundling of security products in a single package,
a new way to look at the integrated box concept was floated
by companies like Fortinet, Watchguard, and Sonicwall. These
vendors brought in multiple-function boxes for price-sensitive
companies that did not want to spend on multiple equipment
and management of these boxes. The SMB segment bought these
devices. They came with default anti-viruses and firewalls
with options to include IDP, anti-spam, authentication, or
patch management solutions.
Services Gaining Ground
The security services market had been growing at over 80%
in the last couple of years, and in FY 2007–08 it grew
by 72%. In fact, in the total network security market, services
last year occupied more than 20%. This is set to rise with
the services component in any security deal increasing by
the day.
Last year, the market also favored managed services. Enterprises
realized that security is not just about best-of-breed technology
or buying boxes and putting them up, rather, it is a process
that needs constant service support to work effectively.
However, last year, most security service providers experienced
a rise in their services revenue. Services like consulting
on network security design, processes, certifications, and
selection of technology and its implementation became part
of the normal security integration. The network integrators
came up with firewall management, patch management, intrusion
detection, email and content management, vulnerability assessment,
and testing kind of managed services to attract customers.
Though offsite remote management did not take off much, a
combination of offsite and onsite management offerings found
acceptance. There has been a lot of talk about security operating
centers (SOCs) just like network operations centers.
Gyana Ranjan Swain
gyanas@cybermedia.co.in
|
