To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39126605,00.htm

Re:Viewing 2004: The security industry
Consolidation, outsourcing and the Microsoft factor...

By Will Sturgeon

Published: Thursday 16 December 2004

Yesterday we revealed what the year saw in terms of the changing face of security threats but the industry itself has undergone more than a little change, as Will Sturgeon explains.

The security industry saw plenty of offline activity during 2004. The word 'consolidation' has long been inextricably linked with the sector and never was that more true than during the past 12 months.

Mergers and acquisitions were definitely back in vogue with Symantec the most active by far; among other deals it announced a $13bn merger with Veritas just before we all headed off on Christmas holiday. IPOs represented a less common exit. The only major security IPO tabled for 2004 was thwarted when Symantec bought the expectant Brightmail prior to its listing in a $370m deal.

Computer Associates, no stranger to acquisitions itself, also had the chequebook out - most notably forking out for PestPatrol to add bespoke spyware protection to its eTrust suite, and for Netegrity which it bought for $430m.

Not to be outdone, McAfee flexed its acquisition muscles, buying Foundstone for $86m and potentially putting off further questions about the alleged intentions of a courting Microsoft. The company also announced a rebranding which saw its former moniker Network Associates consigned to history.

But consolidation isn't for all tastes. Speaking at silicon.com's CIO Forum in September, Mike Lynch, founder of Autonomy, expressed his desire to see more companies swim against the tide.

"Don't get caught up in the fashions of the time," said Lynch. "CIOs do not like the idea of using the major consolidators' products."

Using the analogy of jet engines, he said passengers on an aircraft would not like to look out of the window and see "Honda" on the engine.

"Not that there is anything wrong with Honda but airplane engines, like security products, are an area where people like to assume specific specialist knowledge," he added.

Lynch's comment had little effect on the security companies however, with one prominent CEO writing it off as "utter shit" and questioning the Autonomy man's fitness to comment on the security industry.

And certainly the consolidation continued unabated.

Another merger saw BeTrusted and TruSecure unite to form a new giant on the security landscape. The deal brought together the combined weight and experience of brands such as Baltimore, TruSecure and Ubizen and represented a huge show of support for the nascent move towards managed security services.

Ubizen has long put its faith in the outsourced security model and 2004 appeared to be the year when such faith would show signs of repayment.

The new name decided for the company was CyberTrust - a former Baltimore product line.

At the time of the CyberTrust announcement the litigious CipherTrust, who this year fought IronPort over a conflict with its own IronMail brand, declined to comment on any similarities to its own brand.

Much of this consolidation appears to signal a readying for a fight in the managed services market. During 2004 it appeared as though a switch was flicked and awareness created as to the approaching obsolescence of box-shifting mentalities.

Outsourcing security was certainly a model which sparked debate over the course of the year.

Mark Sunner, CTO of MessageLabs, said: "The switch toward a managed service approach is a natural progression in line with the increasing sophistication of the problem. Filtering malware and unwanted content within email has become a highly specialised, multi-faceted, round the clock task and it is simply no longer possible to keep up with the adaptive nature of this problem at the customer end - with an appliance, gateway product or desktop software.

"Moreover, solutions of this type are deployed at the wrong end of the leased line. Given that approximately 80 per cent of all email is now unwanted content then actually having to receive 600,000 messages per hour before you can even make a decision about their validity is already too late.

"Administrators want to reclaim all this lost bandwidth and lost mail processing capacity and the only way to do this is to eliminate the problem before it even touches their corporate boundary."

While on the subject of MessageLabs, consolidation at the product level also came into focus. Customers of the Gloucester-based firm now get their spam filtering with a distinct Brightmail flavouring thanks to a deal with Symantec.

Such cross-industry cosiness appears born from the realisation that consumers should now have a layered solution in place and it's better to provide one layer - and help your customers get the others - than stick doggedly to your own guns and find yourself left out in the cold.

Addressing that point, Ian Schenkel, MD of end-point security solutions firm Sygate, told silicon.com: "Some IT directors are looking for the Holy Grail. But they are basically kidding themselves. What IT directors want to hear is that I'm the medicine man here to cure all their ills but that simply isn't the case. Companies should always be looking at a layered solution, involving multiple vendors. To expect a single solution is unrealistic."

It represents an evolution of sorts for any industry when vendors start telling customers they should also be talking to other companies in the same space.

Surely this isn't the same industry which Richard Cross, information management officer at Toyota, described as a bastion of "bullshitting"?

Speaking to the audience at the Gartner IT Security Symposium in September, Cross spoke frankly about customers' desire for simplicity being exploited by a vendor tendency to over-promise and delivered the quote of the year in the process.

He said: "There is a temptation to go searching for a panacea but if you find yourself speaking to a vendor and it sounds as though you are being offered a panacea then it's time to change the conversation.

"Sorry if you are in the market for a panacea or you are a panacea salesman... but there is a lot of bullshitting going on."

Putting aside the chances of a late contender in the week before Christmas, it has to be the quote of the year and certainly sparked much introspection, finger pointing and defensive rhetoric from the vendors clamouring to point out that such comments were not applicable to their company.

Simon Perry, VP security strategy at CA, was a little more pragmatic in response, but still spoke of an industry which has matured from its wild frontier days.

"Five years ago it was certainly true that most antivirus vendors were talking things up but a growing sense of maturity and responsibility in the industry has definitely seen this decline," he told silicon.com.

But that's not to say maturity has made the antivirus industry staid or boring.

There was still enough bickering and in-fighting to keep headline writers happy. And many vendors saved their best sound bites for the discussion on Microsoft's anticipated move into the security space.

John Thompson, CEO of Symantec, was in a punchy mood when speaking to silicon.com in June.

"The market will acknowledge that you want to buy security products from people who know what they are doing. We've been doing this for years," he said.

"We don't do game boxes and we don't do operating systems. We do security," he added.

And any talk of Microsoft leads inevitably to a discussion of the level of attacks targeting the company's operating system. But few in the industry think writing the system off as 'less secure' represents more than a very basic assessment - most accept ubiquity plays a part.

Steve Purdham, CEO of SurfControl, told silicon.com: "You see more viruses on Windows PCs than Macs because there are more of them."

Symantec's Thompson said: "If somebody writes graffiti they're not going to write it on a wall at the end of a dead-end alley. They're going to write it on a train that travels right through the city centre."

In Thompson's opinion the ubiquity of Microsoft's operating system simply continued to offer a more attractive canvas for the virus writers during 2004.

The year saw a 50 per cent increase in the number of viruses spreading in the wild and for the nth consecutive year the majority chased the big win and targeted Windows users.

Other vendor bickering came courtesy of CA and McAfee, who fell out over conflicting claims as to who was the first to market with enterprise level spyware protection. To the neutral observer CA appeared to have the edge by one week, but that didn't deter the McAfee copy-writers or rule out further responses discounting the CA product as an incomplete offering.

While some wounds were being freshly opened another notable squabble appeared to reach a resolution of sorts this year.

2004 saw an at least temporary cessation of hostilities between Graham Cluley, senior technology consultant at Sophos and Belgian virus writer Gigabyte.

Perhaps the greatest irony surrounding her arrest was that after years of baiting one another and a series of grudge-born Cluley-themed virus outbreaks the Sophos man was actually on holiday, oblivious to it all, when the Belgian scripter was caught.

So what does 2005 hold for the industry? More consolidation is a certainty. Managed services appear to be reaching a 'tipping point' so a greater move towards outsourcing inevitable - beyond that the idiosyncrasies, reactivity and vagaries of the security industry tend to unpredictable. The only really safe prediction for the coming year is there will likely be a surprise or two and silicon.com will bring it to you first.