The prominent image on Internet Security Systems’ (ISS) promotional literature shows a businessman about to be hit by a speeding train, representing the myriad of security risks threatening to overrun him.
But what the illustration fails to show is the small army of vendors clamouring to block the train. The network security market is noisy, crowded and confusing. Whereas vendors used to keep to their niches, most are now expanding into each other’s product sectors and markets.
This trend is making it hard to tell vendors apart, and in response, they are seeking to emphasise any differentiation they may have. ISS – which wants to break out of the high-end market cultivated by its close links with the US government – cites its X-Force development labs and research capabilities. The company spends around 17% of its revenues on R&D, manifesting itself in secure managed services, vulnerability assessment of customers’ networks and the resale of its technologies to third-party product suppliers. ISS’s security management service, for example, guarantees against 206 application vulnerabilities.
ISS claims its independence from the networking infrastructure is an advantage, but like other vendors the entry of network hardware giants Cisco and Juniper into the security products market has prompted a flurry of activity.
In late 2003, ISS began to move from software into appliances, with the introduction of the multifunction network security device Proventia. This device simplifies security management and is able to scan traffic without affecting performance; it now makes up around half of ISS’s revenues ($246 million in 2003).
The launch of Proventia also signalled an important move from intrusion detection systems (IDS) – which ISS claims it invented – into intrusion prevention systems (IPS). The former merely detect an attempt to break into a network; the latter actually seek to block rogue packets.
Analyst group Gartner says IPS will overtake IDS by the end of 2005, while ISS CEO Tom Noonan predicts the security industry will consolidate around the IPS engine. But he is taking no chances: over 2004, ISS has added firewall, virtual private network, anti-virus, content filtering and anti-spam functionality to Proventia to make the device a suite-in-a-box.
Aside from Cobion, a small ($33.5 million) technology acquisition, ISS’s growth has been organic – in contrast with rival Symantec’s five-year spending spree, consulting firm @stake being the latest buy.
Gartner analyst Greg Young warns that acquiring in this way risks a “widening gap in vision and execution”. “The builders are winning out right now,” he says. “Integration takes longer so builders can bring products to market quicker.”
Young believes ISS’s experience in IDS should help it make better IPS products. “Any vendor that invests in zero-day threats [exploits of previously undisclosed software vulnerabilities] will have an advantage. But no vendor is able to do end-to-end security right from network to end point, despite their claims.”
Infonetics Research puts Cisco and ISS “neck and neck” for leadership of the IPS/IDS market, holding around a fifth each. ISS hopes that its knowledge and management capabilities will edge it ahead before the rest of the security crowd block it in its tracks.