The Security Management Industry
Security management is the combination of hardware, software, and services that normalizes, aggregates, correlates, and visualizes data from disparate security products. Security management is a broad term that encompasses several currently distinct market segments.
With the presence of the Internet, spam is becoming increasingly costly and dangerous as spammers deliver more virulent payloads through email attachments. According to a recent IDC (2004) study, the volume of spam messages sent daily worldwide jumped from 7 billion in 2002 to 23 billion in 2004.
The Hong Kong Population has increasingly Internet users. This boom in the electronic commerce creates ease in communication and on business transactions however this has also compromised the internal data security with the presence of hackers. Industry analysts believe that increased spending on internet security products and the establishment of a corporate data security policy is equally important in avoiding information leakage. Estimated information security spending in Hong Kong will reach USD 231 million in 2003 and will maintain a stable growth to reach USD 252 million in 2004. U.S. security products enjoy an excellent reputation in Hong Kong and should continue to dominate the market.
According to Braunberg (2004), “a major early driver for security management products is the need to get a handle on event data emanating from intrusion detection systems. Many security management products are chiefly concerned with the consolidation, correlation and prioritization of this type of data. These event management and correlation products address the volume of data and its heterogeneous origin, both in terms of devices and vendors.”
SECURITY MANAGEMENT MARKET IN HONG KONG
The continuous increase in demand for communication internationally, internet has been increasingly in demand. With the Internet in business transactions, companies expanded sales opportunities through e-commerce and reduce business costs. With the presence of Internet, companies can broadly expand customer base.
However, in spite of all these benefits that companies experienced with Internet, it has also brought some costs to companies. Internet opens up network and servers to external and internal attacks. In order to guard against these attacks, Hong Kong companies have increasingly felt the need to purchase Internet security.
According to the report of HKCERT (2004), the number of PC’s installed in Hong Kong has skewed to the low end. In the survey conducted, it shows that 63.5% of the surveyed companies had installed 1-9 PCs and only 1.3% had installed 100 PCs or above.
In the report of HKCERT (2002), industry players estimated that the Hong Kong market for internet security products and services in 2001 was USD 231 million and will reach USD 252 million in 2004. Generally U.S. internet security products are the major players and are enjoying an excellent reputation in Hong Kong and are continually dominating the market.
The survey of HKCERT in 2004 showed that Hong Kong companies adopted security technologies to secure their computer form attacks. The survey includes 3,000 companies from different industry sectors in Hong Kong. According to the survey “anti-virus software” was the most popular security measure, being used by 90.9% of the companies interviewed in 2004. “Physical security” (65.5%), “Firewall” (65.4%) and “Password” (60.6%) were the next three common security measures adopted (HKCERT, 2004). The information security awareness of the companies in Hong Kong has increased considerably as the percentage of companies without any security measures in place dropped from 10.1% in 2003 to 3.6% in 2004 (HKCERT, 2004)
As the survey shows, the use of firewall has significantly increased in 2004. This is due to the increasing awareness of a number of companies that the basic security tools can not completely stop virus and because software vendors pay great effort in promoting their products.
From the table above, US rank number one in the list showing that US is the major host of malware in 2006. On the other hand, Hong Kong only is on the 9th place however it is still a major contributor of malware in the world.
Sophos notes that up to 90% of all spam is now relayed from zombie computers, hi-jacked by Trojan horses, worms and viruses under the control of hackers. This means that they do not need to be based in the same country as the computers being used to send the spam (IET, 2007).
Sophos found that the most prolific email threats during 2006 were the Mytob, Netsky, Sober and Zafi families of worms, which together accounted for more than 75% of all infected email (IET, 2007).
According to the report, email will continue to be an important vector for malware authors, though the increasing adoption of email gateway security is making hackers turn to other routes for infection (IET, 2007). Malware infection will continue to affect many websites. SophosLabs is uncovering an average of 5,000 new URLs hosting malicious code each day (IET, 2007).
In 2006, it has been discovered that there is a decrease in use of spyware due to multiple Trojan downloaders. “Statistics reveal that in January 2006 spyware accounted for 50.43% of all infected email, while 40.32% were emails linking to websites containing Trojan downloaders. By December 2006 the figures had been reversed, with the latter now accounting for 51.24%, and spyware-infected emails reduced to 41.87%.”(IET, 2007)
“In Hong Kong, consumer-oriented products such as anti-virus, overseas companies usually market their products via local distributors who will then channel the products to resellers and in some cases directly to retailers. For enterprise-oriented products, which require value-added services such as system integration and after-sales support, overseas companies can go through local distributors and/or resellers. “(Chau, 2003)
The internet security market has four segments: anti-virus, firewall, encryption software, and Security Authentication, Authorization & Administration.
Anti-virus software identifies and/or eliminates harmful software and macros. Anti-virus are mostly software based. The major players in Hong Kong for the consumer market includes Symantec/Norton which possesses 50% of the market share in Hong Kong, Norman, Nai/McAfee, and Trend Micro which are basically US origin (Chau, 2003). According to Chau (2003), consumers of Anti-virus are generally price sensitive and usually seek for products with established brand name.
In the enterprise market of anti-virus, the major players include Trend Micro, NAI/McAfee, Norman and Symantec (Chau, 2003). According to the analysis, enterprise users will usually seek professional opinions from their I.T. service provider and are more likely to focus on brand reputation and offered features and pricing is not the main concern, although with the downturn in the economy, companies are becoming more price-sensitive (Chau, 2003)
Firewall software/hardware identifies and blocks access to certain applications and data. There are two categories of firewall products: software and hardware. The players in Hong Kong’s software firewall market are Check Point Software which dominates the market of 60% market share, Computer Associates, Symantec and Secure Computing (Chau, 2003).
In the hardware firewall market, the major players are Netscreen with 50% market share, Cisco (PIX) with 20% market share, Sonic Wall, Watchguard and Nokie of Finland (Chau, 2003).
According to the report, “the price for software firewalls averages USD 20 per user. On the hardware firewalls side, the number of users and the kinds of features determine the price. A low-end firewall server costs USD 600 to USD 700, a mid-range server costs USD 2,000 to USD 4,000, and a high-end server costs USD 10,000 and above. Netscreen and Sonic Wall are quite common in small to medium-sized enterprises. Cisco targets large corporations. Brand reputation and price are the prime concerns for buyers. According to industry players, there is an increasing preference for hardware firewalls over software firewalls because the hardware firewall has a speed advantage and is easier to maintain.” (Chau, 2003)
Encryption software is a security product that uses crypto-graphical algorithms to protect the confidentiality of data, applications, and user identities. According to the study, “the most commonly-used standards in Hong Kong are SSH, SSL, PGP, RSA, and DES. Different standards are used for different objectives. SSH is mostly used to secure TCP connections between remote sites. SSL is commonly used in web browsers to secure web traffic. PGP is used for email encryption. RSA is for PKI system authentication and authorization. DES or 3DES are commonly used in the banking sector.” (Chau, 2003)
According to the report of Chau (2003), the major players in encryption in Hong are PGP, Utimaco, F-Secure, SSH (Security Shell), and RSA.
Security 3A Software
Security 3A (administration, authorization, and authentication) software is used for administering security on computer systems and includes the processes of defining, creating, changing, deleting, and auditing users.
Authentication software is used for verifying users’ identities and avoiding repudiation. Authorization software determines data access according to corporate policy. Administrative software includes internet access control, email scanning, intrusion detection and vulnerability assessment, and security management. The major players in PKI system in Hong Kong are Baltimore of UK, Verisign, and Entrust (Chau, 2003).
Intrusion Detection Systems (IDS)
An intrusion detection system (IDS) examines system or network activity to find possible intrusions or attacks. Intrusion detection systems are either network-based or host-based. Network-based IDS are more common.
According to the report of Chau (2003), the major players of IDS in Hong Kong are ISS (Real Secure) which dominate in the market of 65% market share, Enterasys (Dragon), Symantec (Intruder Alert), Tripwire (Tripwire), Computer Associates (Entrust Intrusion Protection) and Cisco (Secure IDS). In the analysis it has been known that IDS end-users are mostly medium to large enterprises and the most significant purchasing criteria for end users are reliability and compatibility and price is not a key factor (Chau, 2003).
Content Security Products
The major players of content security products includes Clearswift which has 50% market share, Websense which has 25% market share, Trend Micro and Serve Control (Chau, 2003).
According to the report, on corporate side, the demand for network-based anti-virus would likely to increase than the demand for desktop-based anti-virus products since mostly viruses attacks are usually via internet (Chau, 2003).
On the other hand, in the consumer side, consumer market would likely to fade away since consumers are downloading free anti-virus from the Internet. It is expected that ISP’s will increasingly provide AV protection as a value-added service to the users (Chau, 2003).
In the firewall software, it has been expected that the demand for hardware-based appliance products would likely to increase for small and medium-sized companies. (Chau, 2003)
For Intrusion detection and vulnerability assessment, it is predicted that “it will become very popular as enterprises will shift to a balance between internal and external threats. In addition, the distinction between host-based and network-based IDS is becoming blurry with the creation of IDS consoles that receive data from both the network sensors and host agents. Integrated solutions will become the trend.” (Chau, 2003)
There are several market drivers of security management market. Chau (2003) identified some of these market drivers. In his report, he enumerated three of these market drivers which includes the Internet growth, telecommuting trend, and government generated awareness of Internet security.
In Hong Kong, the Internet has become the prevalent communication means between business transaction and even between employees with the increasing trend of globalization. According to Hong Kong Government survey in 2001, 1.25 million households or 61% of all households in Hong Kong has PCs of which 80% are connected to the Internet compared to 50% households with PCs in 2000 of which only 36% are connected to the Internet in 2000 (Chau, 2003). Generally, consumers are making use of the internet to send emails, surf the web, carry out research, conduct on line banking transactions, and make low-value purchases. The survey estimated that around 6% of all persons over 14 had used one or more types of online purchasing services for personal matters in the 12 months before the survey (Chau, 2003).
On the other hand, on the business side, more than one third of businesses in Hong Kong have internet connections. “In 2001, about 12% of businesses had delivered their goods, services or information through electronic means which is 4% higher than that in 2000. The estimated amount of business receipts received from selling goods, services or information through electronic means in 2000 was USD 1 billion. Increased connectivity to the internet creates higher chances of hacker attacks, especially if the users have a constant live connection, such as through a DSL line.” (Chau, 2003)
“According to the Hong Kong Commercial Crimes Bureau, reports of computer-related offenses increased from 235 incidents in 2001 to 210 in the first nine months in 2002. Computer attacks had affected 5,460 computers in the past 12 months. Financial loss caused by computer-related crimes rose from USD 195,000 in 2001 to USD 236,000 in 2002. The Computer Crime Section of the Hong Kong Commercial Crimes Bureau believes that only 0.3% of the victims reported hacking incidents, fearing that doing so would damage their reputation. Facing increasing internal and external hacking threats, companies are seeking security tools to protect their network and to maintain public confidence.” (Chau, 2003)
Another major driver of security products, according to Chau (2003), is the increasing decentralization of the work force, such as mobile sales teams in the insurance industry who need to access corporate networks via PDA’s. There is an increasing trend of businesses and organizations which benefit from employees’ ability to dial into corporate networks via the internet, however, this often creates information security risks within the organization, resulting in increased dependence on, and greater deployment of, security products (Chau, 2003).
Government-generated awareness of internet security
Another major driver of security products is the government awareness on the importance of Internet security. With this awareness, government organizations are formed. Like for example the SAR Government. The SAR Government is committed to providing a safe and secure environment to foster the development of e-commerce in Hong Kong in which has built a public key infrastructure (PKI) through the establishment of a public certification authority and a voluntary CA recognition scheme in Hong Kong (Chau, 2003).
“Currently, there are four recognized certification authorities operating in Hong Kong which includes JETCO, Digi-Sign Certification Ltd., HiTRUST.Com and the Hong Kong Postmaster General. In addition to the establishment of the PKI systems, the Hong Kong Government has also engaged substantial resources to educate the public regarding the importance of information security. For instance, the Crime Prevention Unit of the Technology Crime Division of the Hong Kong Police is responsible for providing advice on all aspects of computer security. It also produces educational materials on raising computer security awareness and makes presentations on technology crime prevention topics.” (Chau, 2003)
In addition to the market drivers in which Chau has enumerated, there are still other market drivers of security management market. Braunberg (2004) identified two major groups of market drivers which are the near-tern market drivers and long-term market drivers. Under the near-term market drivers are manage or prevent, perimeter management, vulnerability assessment, embracing standards and the brains of the operation. Long-term market drivers include complexity and cost, device and security integration, knowledge database resources, lack of trust, on demand of computing and social engineering.
Near-Term Market Drivers
- Manage or Prevent. In the analysis of Braunberg (2004), the chief driver of event management solutions is the continuing and hugely annoying number of false positives pouring out of intrusion detection systems. According to him, a counter driver to growth in the managed security segment is the emergence of intrusion prevention systems, particularly in-line solutions that can perform real-time data blocking (Braunberg, 2004). The adoption of intrusion prevention system could inhibit spending on event management systems and security management vendors should consider these products competitive to their own (Braunberg, 2004)
- Perimeter Management. Security management products has evolve due tot to the demand of securing the perimeter. According to Braunberg (2004), security management solutions are evolving to integrate data from a host of perimeter products in which event management systems often evolved along separate lines with products for firewall, antivirus, and IDS.
- Vulnerability Assessments. According to Braunberg (2004), one of the near- term drivers for which end-users are of concern is understanding what the security risks are. Generally, clients are looking to leverage vulnerability assessments to help prioritize emerging threats. Increasingly vulnerability data is being leveraged in event management systems (Braunberg, 2004).
- Embracing Standards. According to Braunberg (2004), the industry is a long way from embracing standards for sharing event information but some progress has been made over the last year. The Internet Engineering Task Force’s Incident Object Description and Exchange Format (IODEF) draft specification is gaining some traction and its adoption would be a significant step forward for the market (Braunberg, 2004)
- The Brains of this Operation. According to Braunberg’s analysis (2004), the infatuation with IPS will be short-lived unless significant improvements can be made in reducing false positives in events however security management products will increasingly play a major role in providing the analytic smarts behind IPS solutions.
Long-Term Market Drivers:
- Complexity and Cost. With the increasingly complexity in the web-based business models, the more tangled is the security solutions for the end-users. According to Braunberg (2004), businesses building online strategies from scratch can be overwhelmed by the initial investment of security solutions, while those trying to adapt existing solutions to evolving security concerns are besieged by maintenance costs.
- Device and Security Integration. According to Braunberg (2004), equipment makers are paying much closer attention to imbedded security functionality in devices and are actively attempting to integrate security as a value-added service in order to change the thinking of the end users of security products as an “add-on” or an extraneous component of infrastructure. In addition, vendors are looking to unite service providers with standards programs that simplify client understanding and reduce the complexity of product buying (Braunberg, 2004).
- Knowledge Database Resources. Another market driver for security products is to actively secure the knowledge database from attack patterns and other descriptions of the enemies. The security products vendors should reinvent a faster response to the known threats. According to Braunberg (2004), multi-product vendors particularly will look to evolve from real-time monitoring to broader real-time management.
- Lack of Trust: According to Braunberg (2004), end users, whether they are corporate users putting a business plan on a server or a consumer buying a CD, have ingrained habits that they are not necessarily willing to give up. For example, no matter how good an online bank’s security system is, a consumer will have to be convinced that its services are not only as good as a brick and mortar bank’s services, but better (Braunberg, 2004).
- On demand Computing: According to Braunberg (2004), the availability of ubiquitous computing resources on demand will further drive the need for sophisticated, highly flexible security management solutions that combine both identity management and event management. According to him, the demand for more esoteric offerings such as GRID computing is the major long-term driver for security management solutions (Braunberg, 2004).
- Social Engineering. According to Braunberg (2004), clients are still facing risks in security that employees represent just through the human desire to be helpful, and hackers exploit this through “social engineering.” According to him, a component of managed security will need elements of employee training to build awareness of outside threats (Braunberg, 2004).
According to the analysis of Braunberg (2004), the security segment will continually be strong in which the diversity of interest ranges from an array of different types of companies which indicates a leverage of controlling security function.
In addition, since end users demand has also evolve in which they demand for more in-depth defensive strategies ad best of breed approaches to purchasing decisions, security solution in turn has become more complex.
Case Study: Trend Micro Enterprise
In 1988, Trend Micro Incorporated was founded by Steve Chang and his wife in California. Trend Micro Incorporated is a global leader in network antivirus and Internet content security software and services. The company led the migration of virus protection from the desktop to the network server and the Internet gateway—gaining a reputation for vision and technological innovation along the way. Trend Micro focuses on outbreak prevention and on providing customers with a comprehensive approach to managing the outbreak lifecycle and the impact of network worms and virus threats to productivity and information, through initiatives such as Trend Micro Enterprise Protection Strategy. Trend Micro ha grown into a transnational organization with more than 2,500 employees representing more than 30 countries around the globe.
Many of the leading high-tech and security industry analysts have tracked Trend Micro’s growth and performance for the last several years, hailing the company as “visionary”, citing its leadership and innovation in the security industry.
According to Brian Burke, IDC Research Manager, “Trend Micro has consistently demonstrated a strong position in the Secure Content Management market. To remain successful Trend Micro has adapted quickly to market challenges and the evolution of security threats such as spyware, phishing and spam, in which financial gain has become the number one driving force. Given Trend Micro’s track record and its strong upward momentum, we expect the company to continue delivering innovative solutions that provide customers with timely protection against unpredictable threats.”
Trend Micro has earned a reputation for turning great ideas into cutting-edge technology. In recognition of the antivirus company’s strategy and vision, the analyst firm Gartner has hailed Trend Micro as a visionary malicious code management supplier for four consecutive years. Citing its flexible and efficient transnational management model, BusinessWeek acknowledged Trend Micro as one of”a new breed of high-tech companies that are defying conventional wisdom.” According to IDC, Trend Micro has held the top global market share in internet gateway antivirus for six consecutive years.
A history of innovation
In 1995 Trend Micro became an industry pioneer in the migration of virus protection from the desktop to the server level, with the launch of Trend Micro™ ServerProtec. In 1997 it launched the industry’s first virus protection for the Internet gateway with InterScan VirusWall. Since then, it has demonstrated a history of innovation in server-based antivirus products that has contributed to the leadership position it holds today in this market (according to the recent IDC report “Worldwide Antivirus 2004-2008 Forecast and 2003 Competitive Vendor Shares.”
Trend Micro continues to shift the paradigms of antivirus security with cutting-edge products, services and strategies like Trend Micro Network VirusWall, Outbreak Prevention Services, and it’s Enterprise Protection Strategy. Trend Micro is committed to following its path of innovation to help companies manage today’s ever-increasingly complex, fast-spreading malware threats.
- Business and security knowledge
- Trend Micro has been a pioneer and innovator in the antivirus software market since 1988, anticipating trends and developing products and services to protect information as new computing standards have been adopted around the world.
- Service and support excellence, that is, Trend Micro products and services are backed by TrendLabs a global network of antivirus research and support centers. TrendLabs monitors potential security threats worldwide and develops the means to help customers prevent the spread of outbreaks, minimize the impact of new threats, and restore their networks.
- Flexible workforce through contingent workers for seasonal/cyclical projects
- Loyal, hardworking, and diverse workforce who, in addition to good compensation, have an opportunity to do well
- Multinational corporation operating through regional subsidiaries to minimize cultural differences
- Low employee turnover
- Relatively rapid product development processes that allow for timely updating and release of new products
- Revenues and profits rising at 30% a year with merger/acquisition or investment in 92 companies over past five years
- Software products have high name recognition, broad-based corporate and consumer acceptance and numerous powerful features that are in use worldwide, thereby promoting standardization and competitive advantage through their ease of integration and cost-effectiveness
- Top rating from Fortune for best company to work at and most admired company
- World’s largest software company with global name recognition and strong reputation for innovative products
- Perceived by many as a cut-throat competitor that uses its dominant market position to marginalize competition by stealing/destroying the competition’s products, stifling product innovation, and decreasing the availability of competitor products
- Products have a single application focus and do not work well with or on-top of other products
- Reputation has suffered because of entanglement in antitrust and “permatemps” Vizcaino litigation
- Misperceptions of security’s value or purpose
- Cheaper global telecommunication costs open new markets as people connect to the Internet in which in turn increases the need for security products
- Mobile phone applications and exploitation of personal digital assistants represent a growth industry so that strategic alliances could provide the company with opportunity in a market where it currently has little or no significant presence
- Business Continuity
- Reduced Costs
- Potential Revenue Opportunities
- Trend Micro holds the top market share for both worldwide Internet gateway and email-server based antivirus sales.
- Currency exchange rates affect demand for application/operation software and hardware, and fluctuating currencies can negatively impact revenues in the global marketplace
- Recession or economic slowdown in the global market impacts personal computer equipment sales and their need for an operating systems which in turn would slowdown the need for security systems
- Software piracy of commercial and consumer applications software on a global scale threatens revenue streams
- Technology life cycle is shorter and shorter
- Inconsistency across the enterprise
- Loss of sponsorship or visibility
The continuous success of Trend Micro is guided by its strategies. Innovation was always been the strategy of a technological company however in Trend Micro, innovation was not the only strategy implemented. There are many essentials that are to be considered. The current strategy of Trend Micro are the following.
“Focus On the Essentials and Sacrifice the Rest”
It is known that focus is important and essential for the success of any business. According to Steve Chang, “strategy is about focusing on essential and sacrificing the rest.” (Chang, 2002) in addition, according to Peter Firstbrook, program director, security & risk strategies, META Group, Trend Micro has done just that, having an amazing laser-like focus on their business. And the authors of a Harvard Business School case study commented: “Although very entrepreneurial, Steve Chang held fast to a single strategic focus for over a decade. Rather than attempt to provide all security products to all customers, Trend Micro concentrated on developing ‘best-of-breed’ antivirus solutions.” (Pain and Bettcher, 2003)
Trend micro’s consistent and persistent focus allowed the company to build their strengths and consistently leading the market.
Innovation Isn’t Just About Your Software Products
Trend Micro has many product firsts under its belt: the first antivirus product for a server in 1993; the first Internet gateway protection antivirus software in 1996; the first e-mail anti-virus software product in 1998; the first Internet content security service in 1999.
However, for the Trend Micro innovation applies to more than just the products. It is a pervasive notion that applies to other areas of your business as well. Innovation should be seen new type of global organization and in a new service offering.
According to Steve Hamm in a 2003 Business Week article, “Borders are So 20th Century, ” Trend Micro is an example of a new form of global organization, transnational organization in which aimed to transcend nationality altogether.
Hamm quotes C. K. Prahalad, a professor at the University of Michigan Business School, who says “’There’s a fundamental rethinking about what is a multinational company…’Does it have a home country? What does headquarters mean? Can you fragment your corporate functions globally?’” (Hamm, 2003)
According to Hamm (2003) Trend micro was one of the first responder to viruses which can deliver services in 30 minutes before the market leader Symantec. He commented that “Trend Micro is able to respond so quickly because it’s not organized like most companies.” (Hamm, 2003)
The strategy of Trend Micro is to spread its top executives, engineers, and support staff around the world. “The main virus response center is in the Philippines,