A decade ago, a company looking to secure its computer systems would have purchased antivirus software, a firewall, and perhaps an intrusion detection system. Today, the growing variety of attacks has given rise to nearly 70 different security niches, including markets for firewalls that specifically protect Web-based applications and for systems that prevent data loss across an enterprise. Meanwhile, each submarket is getting increasingly complex. In 2009 one of the biggest security companies, Symantec, generated 2.9 million separate signatures, or digital patterns associated with malicious software–an increase of 71 percent over the previous year.
In response to this complexity, larger security firms have acquired many smaller firms. According to the 451 Group, an analysis firm, Symantec has spent $2.7 billion in the past three years to scoop up 10 companies, including the e-mail protection firm MessageLabs and the encryption provider PGP. McAfee acquired seven companies, including e-mail security firm MX Logic, for $1.1 billion during the same period. But the market remains fragmented: last year the top five security software companies accounted for 47 percent of the industry’s revenues, down from 55 percent in 2007, according to the IT research company Gartner.
The labyrinth of modern security creates opportunities for companies offering managed security and cloud-based services. For example, experts from IBM or SecureWorks will, for a monthly fee, monitor a business’s firewall logs, manage intrusion detection systems, block spam, and protect Web-based applications from malicious traffic. These kinds of services are getting more popular–especially cloud-based systems, which require no on-site hardware. A quarter of firms now outsource their e-mail filtering, and that number could grow to more than a third this year, according to Forrester Research.
The growing number of devices that connect to the Internet, from smart phones to electricity meters, creates yet another expanding market for security firms. In the past year, several rudimentary malicious programs have targeted iPhones and Android-based phones, and security researchers have released proof-of-concept programs, such as mobile botnets, that can take over mobile devices. Firms such as Lookout and Zenprise are already helping consumers and companies lock down their phones against the possibility of such attacks. Traditional antivirus firms are targeting this market as well. The market in security software for mobile devices is predicted to reach $4 billion by 2014, according to ABI Research.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today