Attackers ultimately drive security market, analyst says

Consolidation of the security market will remain the norm, but best-of-breed security firms will continue to emerge to address gaps in technology uncovered by sophisticated attackers according to a new report issued by the Burton Group.

The bad guys are sticking arrows into the customers and the customers are therefore driving their vendors to cover up the parts of their body to which the arrows are being stuck. Bob Blakley, principal analystThe Burton Group

Large infrastructure vendors will continue to look to fill security gaps in their portfolios by acquiring best-of-breed security vendors, said Bob Blakley, principal analyst at the Burton Group. The industry will never be fully consolidated, he said. But smaller security firms will reemerge to meet new security threats being driven by cybercriminals, he said.

"The bad guys are sticking arrows into the customers and the customers are therefore driving their vendors to cover up the parts of their body to which the arrows are being stuck," Blakley said in an interview with SearchSecurity.com.

In his report, "The long tail of risk and the dynamics of the security market" Blakley said the security market has a high degree of balance based on risk. When a flaw is discovered by a security researcher or exploited by an attacker that balance is disrupted. Platform vendors then decide to buy or build new technology based on customer pressure to quickly reduce costs associated with risk.

"Risk exposure plays into the security market directly only when the risks eventuate into losses," Blakley said in an interview with SearchSecurity.com. "A risk itself isn't usually a cause of management action unless there is an external forcing function like regulation or customer or user dissatisfaction."

Blakley said point security products should be used tactically. If the point security technology is acquired by a vendor that competes with your existing technology it should be easily replaced, he said. Point security vendors can also experience growth and become a pure-play vendor, such as Symantec, which continues to broaden its portfolio into system management and storage and now competes with IBM's Tivoli product suite.

Podcast: Industry consolidation Security360 -- Industry Consolidation Andy Jones, a researcher with the UK-based Information Security Forum, explains how to develop an effective security strategy to deal with large projects and defend the budget. Paul Adamonis, director of security solutions at Forsythe Solutions Group, talks about how to navigate industry consolidation by developing a buying strategy; and Sandra Kay Miller gives her observations of the industry and explains why some companies may not fare well in this era of consolidation. (Runtime: 25:01). Download mp3

"The acquisitions in security do in fact track very closely to the exposures that are really causing losses out there in the world," Blakley said. "As soon as these exposures become business problems a real risk tax comes into existence for customers."

Blakley's risk model can be seen in some recent security acquisitions.

IBM is currently merging its acquisition of Watchfire into its Rational development platform, which provides tools for developers to model, design and build Web-based architectures for SOA, systems and applications. Dave Locke, director of offerings marketing for IBM Rational said the acquisition adds software development security and compliance testing tools for IBM customers but also gives Big Blue additional security in its software development lifecycle.

Locke said the decision to buy Watchfire was driven in part by customer pressure and the need to bolster Web application software development security testing. The acquisition was finalized last week.

"We got to point where customers were talking about needing more support from IBM and we made a made a make versus buy decision," he said.

So far Locke said no talent has been lost from Watchfire as a result of the merger.

"All the key players are definitely part of the plan," Locke said. "We're embracing them to stay with us and we want their talent to stay here."

Meanwhile, Scottsdale, Ariz.-based PatchLink said is in the process of merging SecureWave technology with its own to create a platform to secure enterprise servers and endpoints. Patchlink announced the merger in June.

Matt Mosher, PatchLink's senior vice president of sales for the Americas, admitted that combining SecureWave technology with PatchLink would take time. For now, the plan is to combine the software into a suite that could be purchased separately.

"We have a customer advisory board that we solicit customer input and it gives them access to product management so they have a voice in how we evolve this suite of products," Mosher said. "We're being very careful. With best of breed, you don't get a vision in mind and move blindly forward."