BANGALORE, INDIA: With a threat spectrum that is growing wider and becoming more complex, the Indian security landscape has become more dynamic than ever. The Web has become one of the biggest areas of attack using it to launch and spread into the mainstream. Also, organizations are no longer bound by perimeter, employees are accessing work from anywhere and at any time, and businesses are being conducted using collaborative applications over the Web.

To add to the complexity, the threats are blended and there is convergence of email and Web attacks while new medium of attacks like VoIP and SMS are emerging. The result: during FY 08 vendors further intensified their focus on newer threat vectors and worked toward strengthening their position in emerging security areas like data leakage prevention (DLP), identity and access management (IAM), etc, through acquisitions.

The Indian security market (comprising both products and services) crossed the thousand crore revenue mark, as it touched Rs. 1,416 crore in FY 08. Growing at 48 percent the market outdid the modest growth registered by the industry as a whole. It also outperformed its previous years growth of 30 percent. The key factors shaping the growth story were compliance and regulatory norms, increasing number of network entry-points (laptop PCs, PDAs, Blackberrys, etc) and the growing proportion of mobile workforce.

To some extent the higher growth is accounted for by high growth in the security services space, pushing up the overall growth numbers. The services segment grew 73 percent to reach Rs. 456 crore. The high growth in the services market itself can be attributed to the lower base as well as key market dynamics driving the demand for security services. While system integration and consulting services accounted for a major chunk of the services revenues, the segment witnessed incremental growth on account of demand generated in the areas of managed security, compliance audits and certification.

Though slower than the services growth, the product story kept the momentum going in terms of absolute numbers. At Rs. 960 crore, products accounted for 68 percent of the Indian security market. Up from Rs. 735 crore, this market grew 31 percent. While Firewall/IPSec VPN took away the cake on the appliances/hardware front, the software market was dominated by anti-virus in terms of revenue. However, when it comes to sheer growth the focus was on newer product categories like UTM, Web content filtering, identity and access management, vulnerability assessment management, etc.

Overall, the market witnessed a shift in software and service delivery models, creating an opportunity to better address the SMB sector in India. During FY 08 opportunities also emerged around the SaaS model.

Even as spamming and phishing incidents increasingly started affecting Indian enterprises and cyber terrorism became mainstream, the market geared up to face the challenges posed. Result: the Indian security market broke the thousand crore barrier.

IDC India predicts the market to grow at a CAGR of 28 percent over the next five years. India being an emerging market, it has not yet reached the same level of maturity as the developed markets. In fact, areas like unified threat management (UTM), IAM, and DLP, which are considered to be hot in the Indian market today, are past their prime in developed markets.

Threat Trends
Overall, solutions targeting the new age attacks spanning across spam, phishing, pharming, spyware, malware, botnets, etc, became the new age faces of the Indian security market. This was in sync with the Web becoming central to the threat landscape.

Among the biggest threats to the organizations have been phishing attacks, which were steadily on the rise. In the last six months of 2007, Symantec itself observed 345 unique phishing URLs with IP addresses hosted in India. The vendor also found more than 400 unique phishing attacks on Indian banks. Some out of these involved the use of compromised .gov servers to launch phishing attacks on other brands.

Though the traditional anti-virus software ensured the growth of the secure content management market, other software like Web content filtering, anti-spam solutions and email filtering too emerged in the mainstream. It was the perhaps the sign of the times; social networking sites like Orkut and Facebook have become the latest media for malware transmission. As per the 2007 Internet Security Threat Report (ISTR) compiled by Symantec, social networking sites have become the latest target of hackers to attack home and enterprise computers

Also particularly of concern were the increasing botnet activities in India. India had 38,502 bot-infected computers and more than 60 command and control servers, a 50 percent increase from the last reporting period. A majority of bot-infected computers were tracked in Mumbai (56 percent), Chennai (16 percent) and New Delhi (14 percent). The increase in botnet activities led to a high number of distributed denial-of-service attacks (DDOS) on Indian enterprises. In terms of spam, over 90% of all e-mail messages sent over the Internet have been spams. As senders of spam have changed, spam messages themselves have shifted away from selling legal products and services to the underground economy of illegal products and scams. Also at the center stage in FY 08 have been identity theft and pharming attacks, which will continue to be major concerns for the coming years as well.

From an overall perspective, one of the biggest trends emerging in the threat landscape is the change in the very nature of these threats. On one hand, the threats are becoming more sophisticated and blended combining viruses, worms, Trojans, etc. A blended attack will also come over multiple ports like SMTP or POP as well as HTTP. The threats have become part of organized criminal activity with monetary gains becoming the primary motive. During FY 08 there was a surge in the number of organized criminals funding the development of new threats to steal information and make money.

Growing competition to grab as much share as possible of the dynamically changing security market, in turn, forced vendors to innovate and differentiate by bringing to the table a holistic and wholesome approach toward security, including overall security management.

90 percent of Indian enterprises see risk management as a means of increasing competitive advantage in comparison to just 44 percent of developed economies, and 85 percent also think that risk encourages innovation and creativity compared to 43 percent in developed economies. India is also significantly more likely to be investing heavily in risk management strategies and systems than their counterparts in the US and Europe (54 percent of developing economies to 36 percent of developed). No wonder, security services had such a higher uptake than products.

Products Market
The products market comprises network security and UTMs on the appliances side, with secure content management and 3A (authentication, authorization and access) making up the software pie. Network security and UTM made up the bulk of the products revenue, with 59 percent share. SCM and 3A contributed 27 percent and 14 percent each.

BFSI, IT/BPO and telecom remained the top spenders on security. Compliances and regulations of the Reserve Bank of India, along with the BASEL II framework, aided the growth of IT security investments in the BFSI vertical.

The US recession did not hit the Indian market as badly as expected, largely due to the increased IT spending by domestic IT companies. The spend was mainly on their expansion plans and customer support operations for other global markets. Indian telecom players also embarked on massive network expansion projects, and with many global players preparing to set up their operations in the Indian market, security spending from the service provider vertical is expected to continue growing. Retail became the new buzzword in FY 08 with major corporates making their entry into this segment by setting up large format retail chains. They started out with setting up the baseline security and will drive further growth next year with the next level of security investments.

There has also been an increase in the number of companies setting up and expanding their operations in India. The M&A market has made smaller companies a part of global entities, forcing them to look at security more seriously than ever before. The contribution from the SMB segment moved up further driven by their increasing dependence on the Web. It also got a push from the integrated appliances market, owing to the cost factor. Large enterprises, on the other hand, continued to upgrade and augment their existing security infrastructure.

Network Security & UTM
The appliances market comprising of network security and UTM appliances grew 25 percent as revenues moved up from Rs. 452 crore in FY 07 to Rs. 566 crore in FY 08. It was the lowest growth segment in the overall product landscape because of the fact that this market already stands on a high base. As a result, the incremental growth doesn't seem too high. However, this was a significant jump in the growth rate compared to last years 9 percent. From the vendor perspective, there was specific focus on strengthening the channel network in order to reach out more effectively to new customers in the tier-2 and -3 cities.

The broad drivers for growth were infrastructure build-out, regulatory compliance, and a growing awareness of the emerging security threats. Apart from new infrastructure deployment there were also a lot of hardware refreshes in head offices and data centers, for the large enterprises. At the branch office level, there were new product purchases in the areas of IDS/IPS as well as SSL VPN to connect the growing number of remote users.

Even while large enterprises continued to be the mainstay market for network security contributing significantly to overall spending, there was a significant shift toward SMBs. Due to the adoption of high-end security appliances (standalone products and SSL VPN and IDS/IPS products) at the head offices and regional offices, the large enterprises are expected to contributor the most in the forecast period. As per Frost & Sullivan, SMB spending grew over 60 percent in FY 08 as compared to the previous year. The contribution from large enterprises is expected to decrease in the future with the SMB market gaining prominence. The SMB market got the necessary push from the integrated security appliances or UTM.

BFSI and service providers emerged as the top spenders on network security, followed by IT/BPO, government, and manufacturing. According to Frost & Sullivan, within BFSI specifically, there was a spike in spending from insurance companies with both the private and government insurance companies active on security spending during the year. The tier-2 insurance companies invested in perimeter security products in FY 08 as they initiated their IT roll-outs. The governments SWAN projects also demanded security and reliability.

Firewall/IPSec VPN comprised the bulk of the Indian network security market at 75 percent share in terms of revenues, followed by IDS/IPS at 17 percent and SSL VPN at 8 percent share.

During FY 08 there was more convergence with network infrastructure vendors embedding security features in their products. Several networking vendors are expected to launch converged security solutions in year 2008 and beyond. The integrated appliances, by combining multiple security technologies on the same platform, have been quite successful in catering to the Firewall/IPSec VPN market. These two vendor categories enjoyed the majority share of the firewall market. Network infrastructure vendors also continued to bundle security in their routers and switches. Correspondingly, the sale of stand-alone Firewall/IPSec VPN appliances declined and adoption was limited to the high-end market.

The rise of behavior-based threats when compared with signature-based threats and proliferation of branch offices resulted in increased number of remote users demanding secured networks. This created demand for IDS/IPS and SSL VPN technologies in the Indian market.

SSL VPN has been gradually replacing IPSec VPN, particularly for remote access. The demand came from verticals where there was a significant movement towards mobile workforce as well as the need for connecting to global partners, suppliers and customers. The industry consolidation continued to reduce the number of independent/pure-play vendors focusing exclusively on SSL VPN technology.

Large enterprises dominated the adoption of IDS/IPS technologies on a standalone basis. The bundling of IPS onto integrated appliances is expected to create a pressure on standalone IPS solutions as these bundled

IPS services are offered at competitive pricing. This impacts the potential opportunities for sale of standalone IPS solutions to the lower end of medium enterprises.

The UTM Game
UTM appliances, combining firewall, antivirus, and intrusion detection and prevention capabilities into one offering, touched Rs. 104 crore, up from Rs. 68 crore in FY 07. Growing at 53 percent, it was more skewed toward large enterprises, more specifically for deployment at the branch level.

While first-generation UTM devices saw deployment in mid-size businesses. The latest generation offerings are more robust than their previous generation counterparts. UTM vendors have started targeting mainstream enterprise adoption. However, when it comes to the demand side, large enterprises are still wary of UTM deployments on a large scale.

Vendors did their bit by trying to increase the robustness of their UTM devices with the introduction of higher-end features. Leading vendors have introduced high throughput UTM models. UTM is rapidly changing from its basic definition of Firewall, Gateway AV IPS and VPN to many more features such as content filtering, multi ISP load sharing, anti-spam, traffic management, VLAN support and SSL VPN.

Emerging trends comprise enabling administrators to prevent users from visiting certain websites, secure social networking applications, and roll out of secure socket layer virtual private network (SSL/VPN) connections to remote sites. Other features include centralized management system, facilitating greater control of the network as a whole, database security, etc.

There was also increased adoption of managed UTM solutions both under the CPE model as well as the network model mainly placed in the service provider cloud. The trend of router consolidation into UTM devices also brought about prominent shift in customer buying patterns eliminating the need for purchasing and managing separate routing devices. This led to reduced TCOs. Fortinet, CheckPoint, Cisco, Juniper, SonicWall and Cyberoam emerged as the prominent vendors on the UTM scene.

The Software Gambit
As per IDC, for a long time the security software products market was dominated by anti-virus, and it is only recently that the market has moved beyond anti-virus and investments in other security software like security and vulnerability management, identity and access management, etc, have picked up. The software part of the product story comprises SCM and the 3A software market. The SCM market emerged as the highest growth segment among products with 40 percent growth. Within SCM, anti-virus brings the major chunk of revenues, though the incremental growth came from relatively newer segments like anti-spam, Web content filtering, email filtering, data leakage prevention, etc. The 3A software market comprised identity and access management, vulnerability assessment management, NAC, web-based single sign-on, etc.

Major vendors in the security software landscape include Trend Micro, Symantec, McAfee, Websense, SonicWall, CheckPoint, Microsoft, RSA Security, etc.

Anti-virus being the biggest chunk was also the fiercest in terms of competition. The anti-virus market, especially in the consumer segment, became more or less commoditized. In FY 08, the big anti-virus vendors faced stiff competition from smaller vendors, both local and global. Specific vendors that made their presence felt during the year were Quickheal Antivirus and KasperSky. In fact, Quickhealwas was quite active in creating awareness about the brand.

DLP is one of the most exciting areas when it comes to vendor activity, and hence was a key focus for vendors. Not wanting to lose the early movers advantage, vendors have been adding the DLP technology into their portfolio through organic or inorganic routes. There have also been acquisitions by vendors in IDM to further strengthen their portfolio against emerging threats.

Security Services
While threats are becoming increasingly sophisticated and the IT infrastructure more complex, there is a lack of in-house expertise and an added pressure to adhere to regulatory compliance. There has also been network refresh due to technology migration to support growth and addition of new applications. This forced organizations to look at service providers to outsource their security operations to. Growth in adoption of specialized security technologies also resulted in an increased outsourcing trend to manage advanced technologies.

The security services market has shown a definitive shift in addressing Web-based intrusions and attacks, primarily related to the financial sector. CERT-In statistics for 2007 show that almost 6,000 websites were defaced during the year, prompting an increase in Web application security audit services. The other major highlight has been the increase in managed security services, which is one of the fastest-growing segments in the security marketplace. Even banks and financial institutions initiated projects for outsourcing security operations in FY 08.

Some prominent services that service providers are offering in the Indian market include security management (penetration testing, patch and vulnerability management), compliance monitoring (incident and event management), IT risk assessments (systems and applications), PKI and data protection services, security consulting services (enterprise security services, information assurance, compliance, BCP/DR services), implementation, integration and ongoing support services for network security solutions including firewall/VPN/IDS/IPS/Web content security/anti virus/anti-spam, etc. Among services that are coming up and finding their into enterprises are PCI DSS scanning, Web application security audits and shared security services-vulnerability assessments, and penetration testing.