Security software companies including Symantec, Network Associates and SonicWall are enjoying a boom time in the middle of an overall economic slump. They're selling more packages for locking down networks and Web sites thanks to increased worries among big companies and consumers alike about sophisticated threats such as the Nimda worm and the SirCam and Code Red viruses, along with new dangers.
For technology buyers, "viruses, Web site defacements, hacking--it keeps coming up," said Colleen Graham, an analyst with Gartner Group. "It underscores the importance of security."
Those threats are the impetus behind a worldwide market for security software that should reach $4.3 billion this year, a jump of 18 percent from last year, according to a Gartner study released Monday. Echoing that increase, many security software makers in the past few weeks reported strong earnings, and all expect demand to continue--and accelerate--throughout the year.
"If anything, the momentum behind security is building," said Laura Koetzle, an analyst with Forrester Research.
The security software business has always been cyclical, tied in large part to the latest security fear. "This market is very dependent on awareness of what's going on. Right now, security is getting a lot more attention from executives making technology (buying) decisions," Graham said.
But this time, analysts say, demand for security software may remain strong because of an increasing realization that viruses, worms and other network-based attacks are a daily concern, and are only getting more troublesome. For instance, a survey of 300 companies in 25 countries released last week by Riptech, a provider of security services, found that attacks per company increased by 79 percent between July 2001 and December 2001. More troubling, about 39 percent of those attacks appeared to be targeted at specific companies, and 61 percent may have occurred because of automated scanning techniques that uncover any system vulnerable to attack.
Although that survey--sponsored by a security services company--could be seen as self-serving, technology buyers confirm that security is a real, and growing, concern. No longer is security technology seen as a luxury or an afterthought, they say.
"I don't want to say we have a blank check, but we'll spend whatever we have to to be secure," said David Johnson, information technology director for Kyanite Mining.
The Virginia-based mining operation built a network for its 55 computer users about two years ago, complete with antivirus and security software from Symantec and others. Since that time, the company has been hit repeatedly by viruses and has sharpened its focus on updating its software with the latest virus definitions from Symantec.
Johnson said that Kyanite has "75 years of stuff on the network, and we don't intend to jeopardize that."
Ringing up sales
Buyers like Johnson are helping to boost corporate software sales for Symantec. The company is the No. 1 provider of security software with 14.7 percent of the market, according to market share data from Gartner for 2000. Three weeks ago, the company reported a huge quarter that zipped past analyst forecasts: Its corporate software business grew at a 44 percent clip from the previous year, and its consumer software business grew 20 percent, reversing a previous decline.
Symantec was recently added to the Nasdaq 100 and announced a 2-for-1 stock split in December--a rare occurrence in a down economy for technology companies. Symantec's stock also jumped 12.5 percent after its earnings report, and some analysts raised their targets for the company.
Other security companies are also benefiting from strong demand for security software:
Network Associates last month turned in fourth-quarter profits that nearly tripled analysts' expectations. The company is Symantec's most direct competitor in the market for consumer and corporate antivirus software, as well as in other markets, such as firewall software and intrusion detection systems.
Internet Security Systems, which focuses almost solely on intrusion detection, two weeks ago reported strong revenue and said demand for its security software is growing.
Trend Micro, which makes antivirus software, late last month raised its revenue and earnings projections for 2002.
NetScreen Technologies, a developer of network security systems and appliances, last month said it earned a penny per share in the fiscal first quarter, excluding charges. NetScreen expects revenue growth of 6 percent to 9 percent in the second quarter of 2002, Chief Executive Robert Thomas said last week.
SonicWall, which competes in the booming market for firewall and virtual private networking software for small to mid-sized businesses, last month said revenue grew more than 50 percent in the quarter just completed.
Executives and analysts say the Internet security market may have more to sustain itself these days, in contrast with previous growth spurts, because the sophistication of threats to computers is greater and the openness of the Internet makes it far easier to disseminate those threats.
Gartner analyst Richard Hunter says companies must carefully define what they consider to be rightful and wrongful gathering and use of personal information.
Likewise, chief information officers at large corporations surveyed by Morgan Stanley in December said security software consistently ranked among the top three spending priorities for 2002, despite flat or shrinking budgets.
Software makers are using security as a major marketing and product delivery theme in 2002. Microsoft, hoping to restore buyers' faith in its products after a rash of high-profile lapses, said it will batten the hatches of its own products and make security the top priority throughout the company. Microsoft Chairman Bill Gates said that the company intends to shift from focusing on product features to spotlighting security and privacy.
That shift will also likely boost buyers' interest in tools from Microsoft and other companies to bulletproof their networks. Symantec has placed a huge bet on security by shedding other product lines, such as development tools, so that it can focus on Internet security. It has buttressed its own technology in recent years by buying Intel's antivirus business and striking a development and sales pact with IBM.
Now the company has to focus on what it calls "blended" attacks that don't just go after a specific computer, such as a Web server, but explode across the Internet and networks at lightning speed in a multipronged onslaught.
"Probably the biggest challenge security companies face in today's climate is convincing customers of the need for comprehensive, integrated security (technology) at multiple tiers within the network," Symantec Chief Executive John Thompson said. "Securing the perimeter alone is no longer enough to provide the necessary protection from today's blended threats like Code Red and Nimda.
"An additional challenge is staying one step ahead of today's hackers and virus writers," Thompson said. "No longer are they teenagers out to prove their programming abilities--hackers today are more strategic in their attacks, using a variety of propagation methods to launch more damaging attacks from denial of service to stealing credit card numbers."
All of this has left Symantec, along with its competitors, in the catbird seat. How long they stay on that perch may depend on how dedicated virus writers are at writing programs that can hack into expensive computer systems, and how much a corporation will pay for technology to combat such an attack.
Symantec is "executing well," said Israel Hernandez, equities analyst with Lehman Brothers. "They've got a good asset in the virus business. They, with Network Associates, have the lion's share of the market. In good times, they'll do well."