printer friendly version

CBR 10 Most Influential - Security

Check Point

Much-admired Israeli security company, Check Point, has dominated the firewall market since it launched the first commercially available firewall, FireWall-1, way back in 1994. It has hardly missed a step since.

Regarded as the leader in both the firewall and virtual private network (VPN) spaces, there appear few chinks in its armour.

The company has just launched a new platform, NGX, said to be a unified security platform for perimeter, internal and web security. New features include unified perimeter, internal and web security management that enables administrators to centrally define and manage perimeter, internal and web security policies from a single console; expanded inspection technologies that secure more network and application types from more threats; and advanced VPN capabilities such as dynamic routing, which allows enterprises to manage large and complex networks more efficiently with fewer resources, according to the company.

Cisco Systems

Cisco Systems retains a ranking position on the Most Influential list not only for maintaining its leading share of the security software and appliance market, estimated at 30%, but also due to the ripple effects of its recent moves in the field of network access control.

Its Network Admission Control (NAC) program seeks to give customers a way to limit access to key resources to only those PCs that have shown themselves compliant with security policies such as patch level and antivirus freshness.

The 18-month-old program, which is now starting to see serious production deployments, influenced not only Microsoft to launch its own Network Access Protection (NAP) program, but also the Trusted Network Connect initiative from the Trusted Computing Group, which is packed with Cisco competitors and has a more standards-oriented strategy.

While NAP is not expected to be delivered until after the Longhorn release of Windows, late next year or beyond, TNC and NAC are already bearing fruit, and will become even more important over the coming year.

Computer Associates

International Computer Associates' 2004 acquisition of Netegrity helped the company round out its identity and access control platform by getting hold of one of the best selling web access control suites and one of the best selling identity provisioning systems.

The company in March outlined how it intends to bring to market a framework for unifying these components, using standards such as WS-Security, SAML, SPML, Kerberos and X.509, to bring together authentication, authorisation and auditing mechanisms across multiplatform environments.

CyberTrust

CyberTrust earns a place on the list largely for the fact of its coming into existence. The company became the fifth-largest pure-play security vendor, with a $160m-a-year revenue stream, when TruSecure and BeTrusted merged last September. Its key businesses are managed security services, security consulting and public key infrastructure services.

While Symantec and VeriSign were named as target competitors, the company most closely resembles VeriSign's security wing. CyberTrust has already succeeded in tempting Network Solutions, a former VeriSign subsidiary that sells SSL certificates, into partnership with its BeTrusted unit.

Juniper Networks

When Juniper Networks bought firewall vendor NetScreen Technologies about 18 months ago it not only acquired a business that still sells a lot of perimeter security appliances, but set out the groundwork for a strategy of making security an integral part of the network infrastructure.

In May this year, the company started to deliver more of this strategy, with the announcement of the Enterprise Infrastructure roadmap. Juniper's idea is to combine access control, threat mitigation and application delivery into its routing platform, based primarily on technologies it has acquired.

While its hand is being forced somewhat by key rival Cisco, helping to make basic security a feature, not a product, gets Juniper onto the Most Influential list.

Microsoft

While not traditionally thought of as a security player, the last two years have changed all that for Microsoft.

While the company has dabbled with antivirus, antispyware, gateway mail security and firewalls, arguably the most influential move it has made over the last year was the release of Windows XP Service Pack 2.

XP SP2, which has been downloaded almost 200 million times, was designed to make it harder for users to hurt themselves and others, with features designed to prevent people from launching executable e-mail attachments and from inadvertently downloading executable nasties from the Web.

The update also considerably improves the default settings, by making Windows Update automatic, setting browser security to higher levels, and blocking pop-up and ActiveX content. It also turns on Windows Firewall, improved from previous versions, by default.

In a connected world, where batches of compromised machines are used to cause security issues for others, such a widespread move to reduce the number of vulnerable or compromised boxes earns Microsoft the title of Most Influential, even if much of it is just for correcting its own past oversights.

Postini

While spam as a vehicle for hype has slowed down somewhat to be replaced by spyware, the problem itself has not, and Postini is still showing itself to be a market leader among the pure-play e-mail security service providers.

The company scored 2000 new customers last year, bringing its customer base up to around 4600 enterprises. The company bragged that 95% of those customers switched from a competitive offering, demonstrating the strength of its services, but this also indicates fewer greenfield opportunities for the company.

Postini recognises that too, and is rapidly signing up resellers in Europe, its newest arena, where it hopes to make a dent in the market share of dominant players such as MessageLabs and Blackspider. The company also hopes to broaden its addressable market by taking aim at small and medium-sized businesses.

One to watch

Symantec

Symantec's gutsy acquisition of Veritas Software is, depending on who you ask, either a game-changing alliance of two market-leading software vendors, or a synergy-free defensive manoeuvre designed to limit Symantec's exposure to the consumer antivirus market.

While the benefits of Symantec entering the storage management space may not be clear to everybody, chief executive John Thompson has shown himself to be a shrewd operator in his six years heading up the company, and it is possible that not all of Symantec's cards have yet been shown.

While antivirus still drives much of Symantec's revenue, the company has been ploughing cash from its consumer sales into its enterprise business, getting into pretty much every point security segment out there.

As part of its effort to create a one-stop shop for infrastructure management purchases, the company has built or acquired its way into managed security services, e-mail security, antispyware, intrusion detection and prevention systems, back-up and remote management software.

VeriSign

VeriSign makes it to the list this year for its efforts to shake up the one-time password authentication token market by not only greatly undercutting market-share leader RSA Security on price, but also organising RSA's competitors in an effort to undermine its proprietary leadership.

While the jury is out on how useful this Initiative for Open Authentication (OATH) project will be, its mere existence did have the effect of forcing RSA's hand. In response to OATH, RSA recently released a batch of six specifications that arguably will be more useful to competition in the authentication market than VeriSign's OTP-generation algorithm specification.

Webroot

Software Recipient of the second-largest venture capital injection so far this year, $108m, Webroot Software is the most well-funded of the independent anti-spyware players, giving it the best shot at surviving in an industry on the cusp of consolidation.

The company's Spy Sweeper has been downloaded over five million times, making it the second most popular paid-for consumer antispyware tool, according to CNet Download.com. Webroot says it has sold over two million enterprise seats to about 7000 companies, weighted towards small and medium-sized enterprises, since it launched its enterprise suite a year ago.

While other antispyware software is more popular, Webroot's funding makes it a more reliable enterprise vendor than its privately held peers.

Sharing former investors and executives with the now Symantec-owned Brightmail, and enough cash in the bank to help it expand into related areas of security, Webroot's gameplan could equally support an independent future or a high-profile acquisition.

Best of the rest

While security is not usually thought of as an area that easily lends itself to the application service provider model, Qualys is proving otherwise with its market-leading vulnerability scanning services, which enable companies to automatically scan their networks for hidden entry points without having to install any software.

Lavasoft, maker of Ad-Aware, has become the runaway market leader in the consumer free anti-spyware software space, but faces challenges adapting its strategy to the enterprise.

McAfee has successfully recreated itself as a pureplay security company with the emphasis on intrusion prevention.

Share this article:

Further reading: