A decade ago, a company looking to secure its computer systems would have purchased antivirus software, a firewall, and perhaps an intrusion detection system. Today, the growing variety of attacks has given rise to nearly 70 different security niches, including markets for firewalls that specifically protect Web-based applications and for systems that prevent data loss across an enterprise. Meanwhile, each submarket is getting increasingly complex. In 2009 one of the biggest security companies, Symantec, generated 2.9 million separate signatures, or digital patterns associated with malicious software–an increase of 71 percent over the previous year.
In response to this complexity, larger security firms have acquired many smaller firms. According to the 451 Group, an analysis firm, Symantec has spent $2.7 billion in the past three years to scoop up 10 companies, including the e-mail protection firm MessageLabs and the encryption provider PGP. McAfee acquired seven companies, including e-mail security firm MX Logic, for $1.1 billion during the same period. But the market remains fragmented: last year the top five security software companies accounted for 47 percent of the industry’s revenues, down from 55 percent in 2007, according to the IT research company Gartner.
The labyrinth of modern security creates opportunities for companies offering managed security and cloud-based services. For example, experts from IBM or SecureWorks will, for a monthly fee, monitor a business’s firewall logs, manage intrusion detection systems, block spam, and protect Web-based applications from malicious traffic. These kinds of services are getting more popular–especially cloud-based systems, which require no on-site hardware. A quarter of firms now outsource their e-mail filtering, and that number could grow to more than a third this year, according to Forrester Research.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.