The big, new e-security market

You’ve seen the numbers: the managed security services market projected to reach $2.24 billion by 2003 and content security sales to achieve $952 million by 2004, according to International Data Corporation. The European Internet security market is also forecasted to grow dramatically -- to $2.74 billion by 2006 (Frost & Sullivan).

Happy days are on the horizon for security vendors. Even notorious cracker Kevin Mitnick, one of the most popular convicted felons on the security circuit, is helping out with hype as closing keynote speaker at the Giga Information Group's Infrastructures for E-Business conference held in Los Angeles. In his words, "In God we trust. Everybody else is suspect."

Good times for vendors, bad times for customers

As a cyber-security industry analyst, its my job to keep track of all the cyber-security firms out there -- both U.S. and worldwide. In other words, I need to know what they offer, their business strengths and weaknesses, their technology advantages and shortcomings, services levels, estimated longevity, and everything else in order to determine if they’re a serious player for the long haul. So many security firms are either cropping up, widening their offerings or touting Internet infrastructure security solutions that assessments are nigh impossible for customers to conduct effectively.

I’ve got to tell you this market is getting crowded and it’ll be standing room only for quite a while. Shakeouts will come, but now is not the time for several reasons:

1. On this frontier, products are primarily proprietary, making them difficult to compare.
2. Well-known security vendor products’ often come from a consumer tradition, leaving doubt about their industry depth and level of commitment.
3. Customer support varies dramatically by vendor. Small vendors may expect security expertise within their client’s staff to handle technical details while large vendors may focus on client support, assuming little in-house client security expertise. (Let’s not talk product quality and success right now.)
4. Outstanding security applications are a necessary but insufficient criteria for vendor success.
5. Too many other variables impact protection reliability including responsive support, continual updates, integrative capabilities with other security products, etc.
6. The security managed services provider market offers so many advantages that it will rival traditional software installation.
7. New vendors (i.e., less than two years in the security industry) often have underlying business agendas that differ dramatically from their marketing promotion such as acquisition, partnership, going public, "niche-and-stick."

The product-services mix is evolving quickly, further muddling vendor categories and security business models.

Security Focus has encouraged vendors to add their services to a growing list of companies offering cyber protection. Currently over 400 security-related firms are listed under: