Maturing, but Slowly

VoicenData Bureau
New Update

The network security services market showed positive growth in FY 2007—08,

growing at more than 70%. Also, there was an increased awareness of

security-related issues, increasing compliance levels. Both large enterprises

and SMBs, across almost all industry segments, prepared themselves for imminent

threats and attacks.


The network security market closely follows infrastructure network

deployments as was clearly reflected in the growth. The major adopters of

security continued to be BFSI and ITeS. The large network deployments on telecom

networks did not reflect in their adoption of security, primarily because they

were still consolidating on their voice strategy.

The key driver of security adoption last year was compliance, however, the

scope of the term compliance would have to be widened a bit, if only for the

purpose of this current discussion.

The Market

In FY 2007-08, the overall security solutions market in India stood at Rs

456 crore and has grown at more than 70%. HCL Comnet, Wipro Infotech, and

Datacraft were the main players to contribute to this figure. HCL Comnet topped

the chart with Rs 70 crore from its services business and Datacraft was not far

behind with revenues of Rs 65 crore. A major chunk of HCL Comnet's revenue came

from BFSI customers; National Insurance Company and SEBI are its main customers.


Datacraft is still minting money from its deal with SBI, and BPOs are among

its major customers. It has shown a growth of 116% from the previous year. The

other player to achieve a three-digit growth was Fortinet. The company grew at

122%. Out of this, 40% came from telcos and the rest 60% from the BFSI and other

sectors. Fortinet clocked revenue of Rs 40 crore from Rs 18 crore in the last

financial year. Wipro Infotech comes second in the V&D100 chart in terms of

revenue. Its revenue for FY 2007-08 is Rs 55 crore, showing a growth of 44%. Its

revenue for FY 2006-07 was Rs 38 crore.

Secure Synergy, another player in the same space has done a business of Rs 22

crore from Rs 16 crore in the previous fiscal. Telcos are being the major

contributors to its revenue. Government/defense and SMBs are other sectors that

have significantly contributed to its overall performance.


Key Trends

One of the reasons for absence of outages was large-scale deployment of

anti-virus solutions. And also because a new category of products was added to

this product mix-'Anti-X'.

Anti-X comprises anti-virus, anti-phishing, anti-spam, URL blocking, and

other products of similar kinds. Also, customers migrated to acknowledging

threats, other than those that could be addressed by Anti-X. This realization

was driven by new threats such as electronic fraud and theft prevention

prevalent in the process of e-commerce.

Though immediate threats seemed to have become less relevant in buying

decisions, anti-viruses continued strong sales growth and the Anti-X category of

products has fast gained ground. Most of these were, however, bundled with

firewalls and gateway security solutions.


While the buying constituted of usual firewalls VPN, the growth begun with

the intrusion-detection system (IDS) and intrusion-prevention system (IPS).

These are much higher in value and currently being considered (deployment is

still not much) only by large customers.

The network security market in the country is undergoing a change marked

primarily by integration of security appliances and solutions to underlying

networks and system infrastructure.  In the same way, a trend in the form

of manageability of complex multi-vendor security products opened doors for

specialized managed security service providers in the areas of perimeter

security, vulnerability management, log monitoring, and analysis.

Globally, network and security administrators are continuously adding

multiple layers of protection in order to keep their network and systems secure

from known and unknown attacks. These layers of protection include several

appliances and integrated solutions in the form of intrusion prevention systems,

application firewalls, data leakage prevention, content inspection, and DoS

prevention solutions. Compliance like PCI/SOX is pushing enterprises to invest

more on SIEM (security incident and event management) and vulnerability

management solutions.


Also, companies face new threats, not only from the outside but also from

within the organizations. Making the growth of Intranet controllers is another

trend. There was always the threat of malicious employees making unauthorized

access to data on the LAN. Further, new threats come from mobile employees,

contract workers, and even the work-from-home culture.

Mobile employees continue to bring in infected mobile devices behind the

secure perimeters, from where these devices spread viruses and spam; contract

employees within or outside companies' premises, with the need to access certain

parts of the company's network also add to the threat, thus the security

features of a WAN need to be integrated on to the LAN networks. Now, users

within the LAN will first have to be qualified to use the network, by being

up-to-date in terms of security policies. Even when inside the LAN, different

users have different levels of access to resources.


In terms of trends in the security architecture, FY 2007-08 saw the

continuance of the layered architecture approach for data centers and HQs. The

new trend here was a greater adoption of unified threat management (UTM)

solutions at branch offices and SMBs. These data centers and HQs host the most

vital information and applications servers, creating a need for engineers for

the maintenance of point solutions.

Identity Management

The blended threats-spyware, adware, and phishing-last year showed that

signature authentication might be a valid mechanism to restrict entry into a

network. However, the process of updating signatures was slow when compared to

the new forms of attack. This was also an indication that mere signature

authentication was not enough and identity management was required.


In the authentication sphere, RSA was the leading vendor with almost no

competition. Two-factor authentication was being widely used by enterprises.

The rise in number of access points highlighted the need to effectively

manage identities. Last year the trend was to move toward a single username and

password, instead of using multiple identities. The need for single identity

also came from a network manager's perspective that has difficulties in managing

huge numbers within an organization and assigning restricted access on multiple


Focus on Early Detection

Once an attack has happened, actions taken become more of a damage control

procedure. Thus, in FY 2007—08 security vendors focused on early detection of

any abnormal behavior so as to prevent the attack.

Though the markets for IDP and IDS segments were around Rs 60 crore, the idea

of early detection and prevention caught up. Although, IDP and IDS were deployed

in large numbers, organizations did not have people and processes in place to

manage the logs that were generated. IDP and IDS don't work effectively until an

organization tunes them regularly and updates signatures specific to the


The lack of regular upgradation and trained personnel to monitor the logs

resulted in a large number of false alarms, and hence, IDP and IDS could not

provide the promised protection.

Wireless Security

The open nature of wireless access points prevents security solutions from

being deployed on them, and makes intrusion into the networks relatively easy.

Moreover, Wi-Fi based wireless networks and mobile networks are open to

unauthorized access making them difficult to be monitored.

On wireless networks, a client or device-end solution is the only way to

protect a network from being compromised. As a result, SSL VPN emerged as the

most effective solution for wireless and mobile devices. Mobile device

manufactures like Nokia that have huge stake in the wireless networking market

secured their devices with firewalls and VPN clients.

Integrated Box Solutions

Cisco again emerged as the king in the security space, and floated the idea

of combining security products with network equipment.

Last year saw integration of security solutions in two directions, the

security was bundled with network equipment and the security solutions were

bundled in one package.

With the bundling of security with network gear, the concept of network

admission control (NAC) gained popularity both among Cisco's partners and

customers. Cisco took the initiative of bringing together different security

domain experts onto a common platform in providing an integrated solution rather

then asking organizations to depend on an all-purpose product. Juniper promoted

multiple virtual firewalls in one box to cut down on cost and management of

these devices.

With the bundling of security products in a single package, a new way to look

at the integrated box concept was floated by companies like Fortinet, Watchguard,

and Sonicwall. These vendors brought in multiple-function boxes for

price-sensitive companies that did not want to spend on multiple equipment and

management of these boxes. The SMB segment bought these devices. They came with

default anti-viruses and firewalls with options to include IDP, anti-spam,

authentication, or patch management solutions.

Services Gaining Ground

The security services market had been growing at over 80% in the last couple

of years, and in FY 2007—08 it grew by 72%. In fact, in the total network

security market, services last year occupied more than 20%. This is set to rise

with the services component in any security deal increasing by the day.

Last year, the market also favored managed services. Enterprises realized

that security is not just about best-of-breed technology or buying boxes and

putting them up, rather, it is a process that needs constant service support to

work effectively.

However, last year, most security service providers experienced a rise in

their services revenue. Services like consulting on network security design,

processes, certifications, and selection of technology and its implementation

became part of the normal security integration. The network integrators came up

with firewall management, patch management, intrusion detection, email and

content management, vulnerability assessment, and testing kind of managed

services to attract customers.

Though offsite remote management did not take off much, a combination of

offsite and onsite management offerings found acceptance. There has been a lot

of talk about security operating centers (SOCs) just like network operations


Gyana Ranjan Swain