Many experts in the security technology felt like momentum was on their side in 2001, and that the rash of high-profile viruses, hacks and DoS attacks had finally convinced CIOs and enterprise executives that it was time to get serious about security.
Then Sept. 11 happened. While security was soon at the front of everyone's mind and enterprises, the terrorist attacks had a negative effect on the economy, sending IT spending into an even deeper slump and scaring off potential buyers.
The momentum, however, didn't succumb and security technology has received more attention than ever before in the last year. A year removed from Sept. 11, vendors and solution providers are beginning to turn that attention into tangible business, mining new markets with bold products and strategies.
Mike Menegay, vice president of channels and alliances at Network Associates, said his company's McAfee Security division is now focusing on the growing opportunities around managed security services. "You have to have managed services for security because you can't rely just on human beings," Menegay said.
Network Associates recently rolled out a new channel strategy to incorporate partners into its managed services business. The company recently started a new managed service called Reseller Management Console, which essentially is a new version of the VirusScan ASAP managed scanning service that will let solution providers integrate and brand their own versions of the virus scanning service into portals hosted for their customers.
Menegay said the idea is to build the infrastructure and solution base for managed services operations and then outsource the services work to partners. Menegay, however, said the security market is still a relatively new game for the channel and there's a lack of expertise in the reseller community. "It takes time for channel partners to build the security skills," he said. "Security is a big word with a lot of little pieces."
Brian Kelly, president and CEO of iDefense, an IT security firm based in Chantilly, Va., said his firm is concentrating on building threat assessment and analysis solutions and sees the area as a major opportunity for technology vendors. Kelly said that while the federal government has taken threat assessment seriously, enterprises have been slow to react and consider themselves not as big a target as the government. Wrong, Kelly said.
"The threat is the same for public companies and the government," Kelly said. "It's important for them to move aggressively and identify threats rather than wait around for something to happen."
Kelly also said he sees more rounded, comprehensive security offerings instead of point solutions in the future. "There's a risk to selling point solutions like firewall, VPN and anti-virus because you're not looking at the whole picture," he said.
Several companies have moved from simply offering one- or two-point solutions to offering combined security tools. Network-1 Security Solutions, for example, created an intrusion-prevention system based on its firewall and intrusion-detection technology, called CyberwallPlus. Richard Kosinski, president and CEO of Network-1, said the product offers a "true multi-layered defense" that offers packet filtering and stateful inspection for incoming traffic.
Some solution providers are banking on totally new security technology instead of traditional solutions. Aubrey Brown, president of network security firm Corsa Networks, said his company began selling threat management solutions last December and partnered with Neoteris to resell its popular instant virtual extranet appliance. Brown said he was doubtful last year about the security technology market and wasn't sure if his business could survive in a complex market during such a poor economy.
"We did some soul-searching about a year ago because we weren't sure if we were in the right market," Brown said. "But we focused on building our expertise and technical knowledge and built a security-focused company around that."