The IT security industry as we know it could be said to be enjoying its 25 anniversary. Of course, there has been a need for IT security for longer than this, but the release of HTML and the birth of the web in 1991, which saw widespread internet use take-off, was a game changer. Device-based security measures from existing anti-virus vendors like Norton (acquired by Symantec in 1990) and McAfee (acquired by Intel in 2011) had to be adapted from monitoring the occasional arrival of new content via portable media to the internet as a major new threat source. Checkpoint was founded in 1993 and released Firewall 1; network security barriers were being put in place.
In those 25 years, the IT security industry has created some giants; multi-billion dollar concerns such as Symantec, Trend Micro, Checkpoint and Intel Security (the former McAfee). These security giants keep adjusting their portfolios, mainly through the acquisition of, and sometimes through divestiture of, companies and assets.
There are many aspects to security but broadly speaking they either address network threats, monitoring stuff in motion; or protect against host threats, monitoring what is happening on device or platform which can be anything from a smartphone to a cloud storage service. That the giants want a foot in both camps was made clear by this week’s announcement that Symantec plans to acquire the network security vendor Blue Coat.
As Quocirca wrote in Feb 2016, Blue Coat was already on rapid expansion curve under the ownership of Bain Capital. Bringing Blue Coat into the fold will add a wide range of network security capabilities to Symantec’s portfolio. Furthermore, Blue Coat was in the process of extending many of its network security capabilities from being appliance-based to cloud-enabled services, an area where Symantec has been flagging. Symantec’s move mirrors Trend Micro’s 2015 acquisition of Tipping Point from HP, which was also an extension into network security.
Can such security giants be a force for good in IT security or do they just close down choice? Over 25 years, the rate of change in IT security has been rapid. This often means organisations end up with a wide range of point security products from many vendors; eventually this can become costly and unmanageable. For some, working with the giants make sense.
At the InfoSec Europe tradeshow last week, Quocirca met a CISO of a UK regulatory body who took this view. Accumulated point security products had become an expensive and hard to manage problem rather than an integrated security solution. It was felt that many core requirements including anti-virus, port control, vulnerability management, web gateways, email security etc. could now be single sourced from one of the broad portfolio IT security giants.
A short list of three vendors was drawn up and after a two-week test deployment of each vendor’s solution as available at the time, Trend Micro was selected over McAfee and Kaspersky Labs. All three vendors had their merits, not least in reduced licence and maintenance costs. However, Trend Micro scored well on having a single integrated management console and “spectacular” security for virtualised environments. Trend Micro Deep Security operates at the hypervisor level securing multiple virtual machine including desktop VDIs. The efficiency of the way Deep Security operates meant the regulator improved the efficiency of its use of virtual platforms by about 25%.
The savings of licence fees, ease of management and platform capacity more than covered the cost of investment for the organisation which is faced with government-imposed budget cuts of 15%. Furthermore, public cloud is seen as a likely way for future lower cost deployments and Trend Micro’s Hybrid Cloud Security, which provides a common set of tools for both internal data centre and external cloud platforms, ensures the current investment made now can be utilised flexibly in the future.
Small and innovative vendors will continue to emerge and drive the IT security industry forward as new threats emerge. There have been many such pulses of innovation over the years; email filtering, SSL VPNs, data loss prevention, next generation firewalls and so on. One of the most recent has been the rise of cloud access security brokers (CASB) to address the rise of shadow IT, this has been led by new vendors such as Skyhigh Networks, Netskope and Elastica. Oh sorry, Elastica is no more as it, was acquired by Blue Coat in November 2015 and it now set to become part of Symantec. The giants will prevail!