Security software

Growth continues

With the threat scenario becoming murkier by the day, the adoption of security software across verticals continues, writes Nivedan Prakash

The quest for security continues. At the end of the day, security stands on three pillars—technology, process and people. All three are extremely important to get the desired results behind implementing security solutions. Information security is a vital issue for every organization, vendor and individual as attackers will not wait for the market conditions to unleash deadly computer virus or spasm or Trojans. The main concern which binds organizations, vendors, as well as individuals today is that the overall trend for most security threats appears to be Web-related for financial gain or to steal identities.

The corporate sector and SMBs have been facing productivity losses on account of spam. To reduce productivity losses, organizations today need to safeguard themselves from both internal and external threats, such as, spread of malware infections phishing, data theft through portable storage devices, etc., by deploying anti-virus, anti-spam and content security solutions at gateways and endpoints for a secure working environment.

“Vendors and businesses should work towards bridging the gap between security and usability. Security is not only an organizational challenge, it is an individual challenge too and under the current scenario the developers of malicious code are too innovative and hence every individual should be proactive to address the threat,” pointed out Venu Palakirti, Sales Director-India and SAARC Region, F-Secure.

The Indian security software market is clearly slowing down—as per an estimate the security software grew by approxImately 25% in 2008 compared to 35.2% in 2007. According to industry sources, the Indian security market touched Rs 1,416 crores in FY 2008.

According to Forrester Research, though there is a pressure to cut back on IT spending this does not apply to security spending. Large firms devoted 11.7% of their company’s IT operating budget to IT security in 2008 as against 7.2% in 2007. Further, they plan to continue nudging up IT security budgets in 2009 to 12.6% of the IT operating budget. Security will also account for a higher percentage of budget allocations for new initiatives this year, going from 17.7% in 2008 to 18.5% in 2009, the report says.

Additionally, SMBs devoted 9.1% of their IT operating budget to IT security in 2008—down from 9.4% in 2007 but they intend to scale up their IT security budgets to 10.1% in 2009. Allocation of budget for new initiatives mirrors this trend, with security’s share going from 14.9% in 2008 to 15.9% in 2009.

Rajiv Chadha, Vice President-Sales, VeriSign Services India, commented, “The growth of the security market has been strong. The rise of the social networking sites has been one of the major factors in 2008 and the biggest threat that one faces is loss of digital identity of individuals.” He added, “The rise of social networking sites has been another major threat factor in 2008 and the biggest threat that one faces is loss of an individual’s digital identity.

Altaf Halde, Country Manager, Utimaco India, said, “Every company is looking out for a solution that is easy to manage, easy to deploy and use. Initially there were various security modules doing various activities.”

Trends in deployment

Security software products continue to be deployed for perimeter and endpoint security [client PCs]. Santhosh Koratt, Head-Consulting and Compliance at SecureSynergy, explained, “Security software suites that encompassing anti-malware, host level firewall, port control, data leakage prevention, full disk encryption, content filtering solutions are becoming the preferred choice for enterprises when it comes to the deployment of security software. Inline with the high adoption rates of virtualization on both desktop and server levels; there is a growing focus on securing virtualized environments as well.”

Indian enterprises are in the process of either establishing or reinforcing their network security architecture. IT budgets, with a focus on developing effective IT security management processes are becoming increasingly substantial. The good news is that most organizations today have a holistic approach towards security. They are aware that data needs to be protected while it is in transit as well as when it is residing in a data center; and have adopted an information-centric approach while investing in security.

“Trends that we feel are catching up in the Indian market are—managed security services; log management to have a comprehensive view of the data movement; and risk-based authentication or adaptive authentication for a fraud detection platform that monitors and authenticates customer activity based on risk levels, institutional policies, and customer segmentation,” said Amuleek Bijral, Country Manager-India and SAARC, RSA.

Additionally, malware writers are becoming increasingly sophisticated in delivering malicious code. Traditionally, the approach taken has been to deliver a self contained virus. Today, malware writers are developing server side polymorphic threats that are proficient at evading defenses. Server-side polymorphic malware allows authors to create and release many distinct variants that cause issues for security vendors with regard to heuristics or creating signatures.

Amit Nath, Country Manager–India and SAARC, Trend Micro, asserted, “The security industry is seeing a paradigm shift wherein the conventional security model will get phased out. Conventional content security relies on pattern file updates, which are not fast enough to keep an enterprise safe whereas a cloud-client architecture is much faster because it houses the threat intelligence in the cloud. Any company that can update the reputation databases in real-time and enterprises can quickly access this information as needed—no longer waiting for periodic downloads of static pattern files to be protected.”

Meanwhile, the two other major trends that will continue into 2009 are the increased use of virtualization, particularly on the outsourcing side, and an increased focus on the security of Web-based applications.

New technologies in 2009

Of late, most of the security vendors have built additional functionalities into their security products. Here we will take a look at some of those companies that have added new functions to their security products.

Websense plans to focus on offering its latest Websense Web Security Gateway (WSG), which will ensure that organizations are protected from Web threats on real-time basis. Apart from Web security, it is focusing on Data Leakage Prevention and Hosted Security. The company has recently introduced its latest version of Data Security Suite.

Another major player in this segment, Symantec has come out with Endpoint Protection 11.0, which resets the bar for endpoint security, reducing overhead, time and costs so that customers can efficiently manage security and gain confidence that their corporate assets and business are protected. Then there is Data Loss Prevention, version 9.0, providing organizations with increased ability to discover, monitor and protect confidential information wherever it is stored or used.

Besides this, the Symantec Control Compliance Suite (CCS) 9.0 is a group of integrated products that helps reduce the cost of managing compliance through process automation. Symantec Network Access Control 11.0 securely controls access to corporate networks, enforces endpoint security policy and easily integrates with existing network infrastructure.

SonicWALL has unveiled Aventail E-Class Secure Remote Access (SRA), which delivers secure, easy-to-manage remote access control for the mobile enterprise. It is built on the powerful SonicWALL Aventail SSL VPN platform, enabling it to provide access control by detecting the security of the end point, protecting applications and connecting authorized employees and business partners for up to 2,000 concurrent users from a single appliance.

Highlighting its products, Kamel Heus, Business Development Manager–MEA and India, Sophos, said, “Sophos Endpoint Security and Data Protection will include full disk encryption against loss or theft from notebook PCs, desktops and removable storage devices. These combined functions deliver a truly world class set of tools that enable organizations to implement robust processes to protect systems, applications and data from malicious threats in addition to intentional or accidental data loss.”

MicroWorld’s eScan version 10 is an anti-virus, anti-spam and content security solution that provides proactive protection from against security threats. eScan version 10 consists of improved features such as a user friendly GUI, real-time virus and content scanning, Web protection, and eScan management console, amongst others. It also offers new features such as, Proactive Protection, Endpoint Security and Firewall.

“Cyberoam’s new features include User-MAC binding that binds a user to a computer, preventing unauthorized network access by abusing someone else’s network rights. We offer Chinese and Hindi language GUIs for improving the user experience globally and Threat Free Tunneling (TFT) technology for safe and clean traffic over the VPN,” said Digvijaysinh Chudasama, VP-Sales, Cyberoam India.

Lastly, CBO Technologies

has a network security software, LANwriter, which allows for secure and monitored data publishing over CD/DVD, USB as well as FTP. LANwriter provides a quick installation and no management overhead, ensuring that companies struggling to implement policies can have an out of the box security solution.

Securing mobile phones

Smartphones using Internet for business applications and communications and wirelessly connected notebook PCs in India is increasing and so are the instances of monetary transactions through these channels. Mobile devices are probably more vulnerable than even the Internet. Physical theft of the device is the most direct threat. Bluetooth vulnerabilities also constitute a major

security risk. Additionally, mobile devices are vulnerable to phishing and pharming. Unfortunately, the Internet underworld is hunting mode when it comes to cracking security measures, so organizations and individual users need to be careful while interacting with critical data in a mobile environment.

Today vendors have come up with various security software to protect mobile phones that are susceptible to the same vulnerabilities as a PC-viruses, spam, and spyware amongst others. Adaptive Authentication and tokens are both available for mobiles. Antivirus software are available for mobiles. Companies such as Symantec has an array of solutions to protect mobile devices, which include global mobile device monitoring, mobile endpoint security suite, Symantec Mobile Security Suite 5.1, Symantec Mobile Security 4.3, and Symantec Mobile VPN 5.1.

Jan Valcke, President and COO, Vasco Data Security said, "Vendors of anti-malware software for PCs also sell similar software for mobile phones. Hence the principles for protecting against malicious software on PCs also apply to the mobile environments. We predict that the threat of malicious software on mobile phones will rise rapidly."

Then we have F-Secure Mobile Security that allows smartphone users to experience the full potential of their devices without the fear of mobile threats. In the event phone lost, stolen, infected by mobile malware or even spied on, Mobile Security helps to safeguard the personal and confidential data.

"In the recent past, we have seen a host of applications that are being developed for the mobile platform. In fact, if you pick up, say for example, 5 security applications that can be installed on a PC like Full Disk Encryption, File & Folder Encryption, Email Encryption, Virus Protection, Spam Protection, the same are available currently on mobile phones too by various security vendors. At this point of time, it is not very common to see all of these applications being installed on a mobile phone. But, over a period of time, just like an antivirus application has become a default application on every PC; the same will be possible for mobile phones as well," added Halde.

The road ahead

Security is essential piece of an organization’s business strategy as it moves to adopt Web 2.0 platform for conducting business. In that sense, the security market is going to see good spend to secure business processes and importantly the data, which is becoming target of hackers. One of the trends that will affect spending is the consolidation of businesses—mergers and acquisition as well as downsizing.

According to Frost & Sullivan, the overall network security market in India is likely to grow at a CAGR of 25% until 2010. All of this means lot more opportunities in the Indian market. China and India represent the fastest growing and most important emerging markets, and significant opportunities are available for consulting and services organizations that understand the dynamics and the evolving nature of IT security issues here.

Moreover, organizations will expect more from their security vendor in terms of providing rich functionality to protect the organization from every increasing and complex threat.

nivedan.prakash@expressindia.com