Why Big Vendors Can’t Completely Rule Security

As markets mature, they tend to consolidate but, according to Gartner’s research, the opposite is happening in the security market. Despite the aggressive mergers and acquisitions (M&A) activity of the leading players, their market share has fallen from 60 percent in 2006 to only 44 percent in 2010.

Five years ago, Symantec was the market leader with almost a third of the market. In the intervening years this share has fallen from 29.5 percent to 18.9 percent. Symantec is still the market leader though its 17 point lead over McAfee fell to 8.5 by 2010.

Free Products Disrupting The Market

Probably one of the biggest impacts on the top three vendors (Symantec, McAfee and Trend Micro) has been the blossoming of free anti-virus products in the worldwide consumer markets they once dominated. The Czech Republic and neighbouring Slovakia have three companies, Avast (1), AVG (3) and Eset (4) in the top four, according to figures just published by software management SDK vendor Opswat (November 2010- February 2011). These companies hold 38 percent of a very fragmented market. With the addition of the paid-for Avira product from Germany in the number two slot, the top four control half of the anti-virus market.

The reason for the popularity of these products, apart from the price – or lack of it, is the reluctance of the average high street punter to pay for security software and the need for periodic updates. The fact that these free products show up very well in comparative tests is a bonus for many of their customers. The downside is that the proliferation of products has left a hole for the Fake AV spammers to exploit.

A friend of mine is a good example of the kind of thinking that governs the consumer logic. He asked me to take a look at his PC because it was running slowly and he was not happy with the Internet speed he was getting. I noticed that he’d activated Symantec’s Norton Antivirus, only to find it had not been updated since its initial test period had expired. I asked him why?

“Well, viruses have been around for a long time so it stands to reason that a recent AV product will protect me against most of the things out there,” he explained.

I ran AVG on his system which revealed the PC to be more of a wormery than a computer. Worms, Trojans and all manner of malware had turned his Dell into the Internet equivalent of Pandora’s box.

New Threats Spawn Niche Opportunities

The Gartner analysts take a broader view, looking beyond anti-virus. They suggest the main reason for the fragmentation trend is that the established leaders have been losing market share to start-ups that developed new offerings to meet newly introduced threats and vulnerabilities, combined with better go-to-market strategies.

It is similar to other related markets, the analysts claim, such as the IT operations management market. Security relies heavily on continuous innovation because of the constant influx of new vulnerabilities and threats. Corporates are looking for quick fixes from niche players who specialise in the area and have an agility that the larger players such as CA, IBM and EMC find it hard to compete with.

There is also the rise of targeted attacks that are specifically aimed at a company or even a single employee. These are too specific for most of the big players to spend time on because their culture is based on curing major outbreaks. This means there are still quite a few viruses and vulnerabilities out there that have no solution because the affected numbers don’t make the investment worthwhile. The smaller providers are only too happy to step into the breach, so to speak.

Even so, the security specialists’ M&A departments at the top end of the market are busy patching gaps in their portfolios by snapping up the more successful niche players – while the hacker and malware developers find new ways to attack, thus providing a catalyst for new companies which will swell the ranks of specialist security solution providers.

Government Espionage Adds To The Challenge

This is being even more fragmented by the arrival of extremely complex advanced persistent threats and government-sponsored malware development teams. These are designed to be difficult to discover and, in the case of the state-sponsored malware such as Stuxnet, variants are developed that build on their basic principles.

The Gartner analysts conclude that any consolidation at the top is contrasted by an expansion of the market at the bottom – and this looks like continuing for some time to come. For the leaders, the M&A market is like trying to vacuum the sand off a very large beach – the more they suck up the smaller, successful companies, the faster a tide of malware deposits more niche players.

The security market will be investigated further at Gartner’s Security & Risk Management Summit 2011 in September.