The anti-virus market in India is still quite tiny with piracy and lack of awareness being the twin bugbears. Akhtar Pasha and Pankaj Mishra found MNC vendors gaining ground in a market where R&D spend is crucial to a company’s fate. At the same time, while the Rs 31 crore accruing to vendors in 2001 is small potatoes, the impact of virus attacks is anything but that

Goh Chee Hoh says Trend Micro updates its virus pattern files at least once a week or less

A Nasscom-IDC report put the total anti-virus software market at Rs 31.3 crore in 2001. This segment is projected to grow to Rs 39.7 crore in 2002, Rs 50.4 crore in 2003 and Rs 64 crore in 2004. IDC has stated that the gateway protection sub-segment (Internet gateways) will witness the highest growth in the anti-virus market, with a projected CAGR of 43 percent from 1999 to 2004. IDC also projects that this growth will raise the segment’s share in the overall market from an estimated 24 percent in 1999 to a projected 41 percent in 2004.

With Big 5 consulting major KPMG reporting that 77 percent of Indian organisations do not have a formal security policy, there’s obviously a big opportunity for anti-virus vendors. Similarly, another Big 5 major, PricewaterhouseCoopers, in its IT Security Survey among top Indian corporates has revealed that though 74 percent of companies stated that information security was a high priority for their business, only 17 percent had complete and descriptive methods to monitor security. This, despite the fact that 60 percent of those surveyed reported security breaches.

“Although the Indian market is tiny, the anti-virus segment is still the largest segment. The highly malicious Nimda and Klez attacks have definitely had their impact on Indian corporates as well. There are no reliable estimates available for the market. Estimates range from Rs 40-80 crore for the anti-virus market and it is growing at 25 percent CAGR over the last year,” says Rajeev Wadhwa, COO, Global E-Secure.

Though there is no independent research available regarding market shares of the anti-virus vendors in India, industry observers believe that Network Associates is leading the pack, followed by Symantec and K7 Computing. However the gap between K7 and Symantec is understood to be huge. “We are striving hard to reduce this gap and are hopeful of climbing up the ladder,” says J Kesavardhanan, CEO, K7 Computing, Chennai.

J Kesavardhanan of K7 Computing says branding has become essential to survive the MNC onslaught

Trends
Customers prefer an end-to-end security solution, including gateway, mail server and desktop protection with good product support, rather than buying a product off the shelf. Gateway and server-based anti-virus protection have become popular as awareness goes up.

Gateway security: Companies such as Yahoo and Sify have tie-ups with Symantec and Trend Micro to protect their subscribers’ e-mail boxes from virus attacks. By implementing an anti-virus solution at the gateway, ISPs and service providers are able to intercept viruses before they reach the end user’s machine. In this manner, damage is averted even if a subscriber’s system is not updated with the latest anti-virus data files.

Indian ISPs are also becoming large customers for anti-virus solutions. Internet outsourcing is a new business model, which allows ISPs to provide content security services. By adding a content security solution, which can prevent both viruses and spam, ISPs can offer better levels of service to their subscribers. Though this market is currently a niche, it is expected to grow substantially in 2002.

Server anti-virus dominates: Server-based anti-virus is accounting for an increasingly large chunk of the overall anti-virus market. Companies have realised the need to move away from desktop security toward securing a central gateway and thereby the network, containing viruses at the point of entry. Govind Rammurthy, MD and CEO, MicroWorld, says, “In 2000 the ratio of server-based anti-virus revenues to desktop was 65:35 while in 2001 more than 70 percent of revenues came from server sales.” Networks Associates’ server to desktop revenue ratio was 55:45. Server-based anti-virus is easier to administer than keeping umpteen desktops up to date with the latest patches. This is perhaps a key reason for its growing popularity.

Indian anti-virus vendors losing to MNCs: The lack of funds to execute and carry out R&D and product development has resulted in many Indian anti-virus vendors leaving the battle. MNCs like Network Associates, Trend Micro, Symantec and CA have gained ground, while several local vendors closed down operations. Among them were Knoxcard, Checkmate, Red Alert and Nashsoft. Industry sources say that N and N Systems too has stopped sales from May this year. Rammurthy says, “With the advent of the Internet, there is very little that a local player can do. If we do not compete in terms of technology, we will be killed overnight. We have to fight for the same customer. Look at the fate of local brands like Nashsoft, Red Alert and others. All of them have died a bitter death...MicroWorld today is an international player competing with Trend, NAI, CA, etc, on global waters.”

Vishwajeet Deshmukh, country manager-SAARC, Network Associates, says, “The advantage of being a global player is that we are in touch with the late trends and requirements of our customers. Besides, MNC R&D budgets are much higher, and therefore we are in a better position to come up with superior solutions to handle blended threats.”

Vaidyanathan Iyer, national manager, e Security Business, CA, gives another reason for the demise of local anti-virus players—the advent of the Internet. “The Indian players kind of backtracked when the Internet happened. The Net demanded a paradigm shift that most of them couldn’t undergo effectively,” he says. Moreover, local players have also not been able to invest consistently in R&D activities. “Products require constant updating and R&D efforts across time zones around the globe.

CA has established such centres to address that.” The company has also formed an R&D alliance with Kolkata-based The Chatterjee Group (TCG). “Lack of funds to invest in making constant technical advancements in products is responsible for the demise of local players,” says Joy Ghosh, CEO, Symantec India. 24/7 R&D, according to Vaidyanathan, is very essential for any anti-virus vendor and Indian players lack this key ability.

Chennai-based K7 Comp-uting however seems to be waging a lone battle against the MNCs. The company attributes its survival to fast response time in coming out with anti-virus updates. “The attacks by local viruses like ‘Shankar’ and ‘WIZ’ have played an instrumental role in sustaining our successful presence,” says J Kesavardhanan, CEO, K7 Computing. Keeping up with global and local technology trends is another reason, according to him. “At times we have even done two updates within a single day.”

Vaidyanathan Iyer of CA says the advent of the Internet resulted in the demise of most local Indian players, who did not have global technology capabilities

Targeting SMEs: The SME segment is being targeted by almost all security solution providers. CA and Trend Micro have announced packaged solutions for SMEs. Common solutions offered to SMEs are firewall protection, intrusion detection devices and content inspection. It is widely believed that SMEs are major users of pirated anti-virus solutions, and one possible reason for the SME focus could be that vendors want to deal with this problem. However, Iyer believes that pirating an anti-virus package is very difficult. “Anti-virus packages are updated very frequently, and therefore it is an uphill task for anyone to pirate it.” But Ghosh of Symantec argues that piracy in the segment is affecting business. “According to Nasscom, around 60 percent of software packages in India are pirated. At Symantec, the percentage will definitely be higher,” he says. Symantec India is working closely with Nasscom for curbing piracy and is hopeful that the scenario is improving. “Large corporates are now going for legal versions of anti-virus packages. The home and SOHO segment is also showing increased adoption of legal software,” says Kesavardhanan.

State of the mart
Awareness level in India: Awareness about anti-virus products in the market has definitely risen and enterprises are increasingly seeking end-to-end security solutions. “There is no need to educate customers today on how crucial it is to avoid downtime, and the other implications of a virus attack. The only thing left is to gain mindshare in the market. With MNCs coming in, branding has become essential,” says Kesavardhanan.

“There is greater awareness and sensitivity to the threats that corporates face with regard to their IT infrastructure. This has definitely led to a rise in the purchase of anti-virus solutions by corporates. But there is still a lack of understanding about how to approach such threat scenarios among corporates. Purchasing and installing an anti-virus software is not a complete solution in itself,” says Rajeev Wadhwa, COO, Global E-Secure. “Security needs to be looked at from the more holistic perspective of enabling business to continue operations in a safe and secure manner,” he adds.

Indian customers, especially large enterprises, are no longer going for a single anti-virus package. Instead, they are opting for solutions from different vendors to address security at various levels. “The market is definitely growing and we are expecting a three digit growth rate this year. Piracy still remains a dogging issue in the SOHO segment,” says Ghosh of Symantec.

“Indian customers have definitely become more mature, but there is still a long way to go when it comes to vulnerability management and business-centric security policies,” says Ghosh. “A standalone player cannot survive in the market because customers want end-to-end solutions, including intrusion detection and content inspection,” says Iyer.

Organisations in verticals like finance, banking and telecom are relatively more alert compared to other verticals. This is because the implications of a possible virus attack are scary in these verticals. Downtime is not an option for them.

Rammurthy of MicroWorld says, “Awareness is higher in the corporate segment. They are shifting their attention to securing gateways rather than workstations or desktops. Almost all large corporates have anti-virus products in their priority list of product purchases.”

Vishwajeet Deshmukh of Network Associates says anti-virus and security policies need to be clearly defined and enforced by Indian firms

Says Deshmukh, “In Western countries there is greater emphasis on ‘policy-based management’ with centralised control. Anti-virus and security policies are clearly defined and enforced.” He suggests that Indian companies need to focus on these areas since it is these policies that will save the network during an outbreak. Besides, if these policies are enforced strictly, the chances of a virus outbreak in the network are reduced. Also, there has been a tendency of having distributed networks with decentralised management. However, with viruses spreading across the network, there is a need to have centralised management and control.

Anti-virus market dips after September 11: Most anti-virus vendors term the September 11, 2001 event as ‘cyber terrorism’ and emphasise the need was for robust disaster management, rather than anti-virus solutions. Rammurthy says, “The September 11 tragedy was more of a general event. Actually, demand for anti-virus solutions dropped because of global business uncertainties. Our customers delayed their buying decision because of the event. But subsequently markets slowly picked up in the first quarter of 2002.”

Deshmukh of NAI says, “Awareness has definitely increased. Just one of our customers—the US Department of Defence, entered into a contract last quarter to protect over two million systems on their network.” Manish Kochar, CEO, Office Efficiencies, a reseller for Command anti-virus products in India says, “The 9-11 event has basically highlighted the need for distributed IT enterprises to ensure that businesses do not suffer because of connectivity to any specific geographic or physical locations.”

Piracy level in India: “Piracy levels are very high in this market segment,” says Rammurthy. According to him, the growth in the SME and retail segment has not been very encouraging because of the high level of piracy. Consider this—an SME can buy a copy of an anti-virus solution and can install it on ten PCs. “There is no way we can stop piracy. We need to take a decision on a larger way—probably involving Microsoft or Sun to conduct user licenses forums and seminars on piracy,” he adds.

Kochar says, “Piracy is a question of extreme relevance for the financial fortune of any software company. Unfortunately Indian laws do not offer sufficient scope. Nasscom made some efforts but one thing has been seriously missing—a conscious effort to percolate the advantages of the anti-piracy drive to the smallest software developers should have been made. We also feel that perhaps our pricing policy should be structured in such a manner that people use legal software instead of pirated stuff.”

Mechanism for virus updates: MicroWorld provides daily updates from their website and many a times there may be more than one update, depending on the seriousness of a virus being detected. The company has 14 mirror servers spread across the globe—in Australia, Hong Kong, Singapore, Texas, New York and New Zealand. Patches can also be downloaded from MicroWorld’s partner websites. MicroWorld’s customers can buy subscriptions ranging from one to five years. The company supports their customers using e-mail, 24/7 phone, chat servers—Yahoo Messenger, MSN and AOL, and online support.
NAI too provides all updates and upgrades from its website. DAT files are updated every Friday, but in case of a new high-risk virus, an extra DAT may be put up for download immediately. Generally, updates come free as product support for one year but users have the option to pay nominal charges for a two-year period.

Trend Micro provides different types of updates. The most frequent are virus pattern files, which contain the ‘fingerprints’ needed to precisely identify, block and remove any newly-discovered viruses. “We update our virus pattern files at least once a week, but in practice they are updated more often—whenever a significant threat is discovered in the wild. Other types of updates enhance our scan engine or add a patch to our AV software applications,” says Goh Chee Hoh, regional sales director, Overseas Business Unit (OBU), Trend Micro.

Command Anti-virus provides updates from its website too. “But in times of emergency or if a customer requires so, we also send updates and other software on other media like floppy disks or CDs,” says Kochar.

Role of R&D centre: NAI has recently announced plans to open a new product development facility in Bangalore and to utilise Indian talent. The facility is expected to be opened by the third quarter of 2002, and will deploy 50 engineers. The total cost of setting up the facility will be $5 million. This new location will complement existing company facilities in North America, Europe, the Middle East, Africa, Japan and the Asia-Pacific region. The new team will focus on research, development and quality assurance to McAfee anti-virus products and Sniffer product lines.

Deshmukh says, “The IDC will act as a AVERT Labs (anti-virus emergency response team) wherein our engineers can alert customers of a virus outbreak and immediate remedy the same.” NAI also has a support centre in Mumbai and caters to post-sales issues with customers in ‘support contracts’.

MicroWorld has 15 engineers in the R&D team located in Mumbai. Six engineers look after software testing. All the 18 products—eScan and MailScan range of products, are developed at their R&D centre. So far the company has invested Rs 4.5 crore in R&D.

Vendor strategies

Govind Rammurthy of MicroWorld says corporate users are moving towards securing gateways, rather than workstations or desktops

Network Associates (NAI): NAI offers an umbrella suite of products that provides protection to the entire network—from gateway to servers to desktops. It has a multi-layer strategy—for enterprise customers, it has a range of Eppliances (Eppliance consists of NAI’s own software bundled with Intel-based hardware) that protect ISPs and service provider gateways.

Cyquator is using E250 and Tata Internet uses E300 to secure their gateways. They provide a high sustained throughput with load balancing as an add-on feature. They support all the standard protocols (SMTP, HTTP, FTP and POP3), provide content filtering, anti-spam and anti-relay features. The E500 can provide a throughput of 120,000 messages per hour. The E250 is priced at Rs 5 lakh for 500 users and is capable of scanning 30,000 messages per hour. The E500 is priced between Rs 10 lakh to Rs 24 lakh for 500 users.

The Active Virus Defence (AVD) suite provides protection to MS Exchange and Lotus Notes, protecting servers by providing group and Net shield for networks. A new anti-virus product—Virusscan for desktops, will be released in May 2002. It will be priced at Rs 2,000 per user. TCS, ICICI and IDBI Bank are customers using AVD products.

For notebook protection NAI has the Virusscan thin client. Threatscan is another new product that is designed for an administrator to easily discover viral vulnerabilities, without assuming extensive security knowledge on his part.

NAI has offices in Delhi, Mumbai and Bangalore, which covers Chennai and Hyderabad. Large accounts are handled by the local large account manager along with partners like Trident and Texport, Vikas Global, Kinfotech and Paarakh. Besides, NAI has three distributors—Tech Pacific, Ingram Micro and Texpro Technologies, and SI partners like Netsol, DDORG, Apara, CMC and Tata Infotech.

Trend Micro: Trend Micro’s traditional core business focuses on channel sales, addressing corporate, SME and home users. It has InterScan VirusWall, which protects gateways, ScriptTrap to catch unknown script viruses, and ScanMail for Exchange and Lotus Notes detects and removes viruses from inbound and outbound e-mail in real time, and performs file attachment blockage. ServerProtect safeguards multiple servers and OfficeScan, an enterprise desktop anti-virus solution, offers centralised virus protection across the network. For home users, Trend has PC-cillin.

To address the enterprise segment, it works with eight partners—HCL Comnet, Satyam, Compaq, Tata Infotech, Wipro Infotech, Ramco, ACPL and Sonata. For the SME segment it has Ingram Micro as its main distributor in India. Trend Micro has recruited more than 300 TVSPs so far. Trend Micro is expecting Rs 16.8 crore in revenues from the Indian market.

Command: Command has anti-virus solutions ranging from gateway protection for Microsoft Exchange, to servers and desktops. Prices start from Rs 1,500 per PC. Manish Kochar says, “Our strategy has been completely customer-oriented. We realise that an Indian customer buys software not so much because of the issues of legalities but because he expects all forms of support in terms of usage. For corporate customers we do not offer just the software but complete network security.”

Command supports both Windows and Linux (Red Hat and SuSE) operating systems. “Shortly, we will witness the release of plug-ins for QuantumLink’s PostMaster. Netcore systems have already covered most of their messaging customers on their mail servers with Command anti-virus. We are expecting Rs 4 crore from the Indian market this year,” adds Kochar. Last year its revenue was Rs 50 lakh.

Command plans to introduce a new product called Command on Demand—a browser-based application. Kochar says, “Through this a user can go to our website, download a small component by which he can scan the hard disk and clean viruses for as little as Rs 10 per session. This year we are expecting to capture 10 percent of the Indian anti-virus market.”
MicroWorld Technologies: MicroWorld has the eScan range of products for anti-virus protection. Its entry-level product, eScan pro, is priced at $40 (content security+anti-virus). For the enterprise segment it has eScan Enterprise Edition for desktops, notebooks and file servers.

The MailScan range of products includes MailServer, which is targeted at SMEs and corporates. This software is priced at $39.52 for a five-user license. The MailScan suite of products are available for SMTP, MS Exchange, Lotus Notes and VPOP3 servers, priced from $39.2 to $43.5.

Rammurthy says, “We have about 20 percent of market share (anti-virus) in India. Last year we did Rs 3 crore in revenues from anti-virus products. Of the Rs 3 crore in revenues, enterprises accounted for Rs 2.25 crore while the balance came from the SME and retail segments.” Its customers in India include RBI, Thomas Cook, Jet Airways, Mahindra British Telecom, Godrej group, Essar group and VSNL.

K7 Computing: One of the very few local players that has survived the MNC onslaught, K7 is poised to take on the big players. An interesting trend witnessed by Kesavardhanan of K7 is that corporates are today going for legal versions of anti-virus software. The company has a support centre manned by 10 professionals. K7’s Vx 2000 Plus range of products address various platforms like Windows NT, Netware, DOS PCs, etc.

Global E Secure: Global E-Secure commissioned Arthur Anderson to conduct a study on the e-security market and aims to tap the burgeoning $6.5 billion market by providing end-to-end security solutions in India and abroad. It plans to set up seven technical competence centres across the globe by 2002, with one already up and running in Mumbai. The company is moving fast to set up the other six centres. The locations identified for these centres include Bangalore, New Jersey (USA), San Jose (USA), London (UK), Singapore and Europe. Entrust/Unity and Entrust Express are some of the company’s popular offerings in this space.

Symantec: The company’s Norton anti-virus is quite popular in the Indian market and analysts believe that Symantec stands next only to Network Associates in terms of market share in India. Ghosh of Symantec says that the Indian operations have been growing at three digit rates so far and the business outlook for 2002 looks good. The company has a support centre in Mumbai.

Computer Associates: CA is targeting the personal user and big enterprise segments through a network of over 52 channel partners. These include Redington and Sonata. The company believes in providing 24/7 support to customers, and therefore it has established a 200-member team taking care of support activities through a call centre in Mumbai. The company’s eTrust suite has been certified by ICSA Labs for detecting 100 percent of ‘in the wild’ viruses. eTrust Antivirus GroupWare scans all inbound and outbound e-mail on the GroupWare server.

The future
Viral re-infections within a network is an area of concern which occurs as vulnerabilities are left behind or opened in the network. At the same time, threats are becoming more sophisticated and complex, with the ability to infect the network instantaneously. Today, anti-virus administrators and IT managers are also responsible for anti-virus management, and are judged on controlling and preventing infections and outbreaks. Vendors like NAI and Trend Micro and MicroWorld are asking their customers to adopt a proactive method for virus protection. It helps time-pressed anti-virus administrators to rapidly find viral vulnerabilities and they can act to close them quickly too.

Experts expect an increase in the number of multiple vector threats—similar to Nimda, and more worms and viruses will attempt to exploit vulnerabilities in multiple vectors. The proliferation of host-based threats—worms such as Code Red and Nimda, shows a trend of malicious code where infection and propagation happens through the Internet. According to a Virus Prevalence Survey conducted by ICSA Labs, an average company spends between $100,000 and $1,000,000 in total ramifications per year for desktop-oriented disasters (both hard and soft costs). “In addition to being more prevalent, computer viruses have become more costly, more destructive, and cause more real damage to data and systems than in the past. File corruption and data loss are becoming much more common, although loss of productivity continues to be the major cost associated with a virus disaster,” says the report. That doesn’t have to happen, provided CIOs take notice and ensure that
their anti-virus systems are up-to-date.