US e-Security Market
By Steve Tsai, Managing Editor, Internet Journal
The total E-Security market is about $17.2B in 2007 according to IDC.
There are 400 private companies and 20 public companies in the E-Security sector in the US It is the most fragmented sector of the IT (Information Technology) industry. In order to provide clarity to this muddy
landscape, a sound methodology must be used to provide a clear guide through the E-Security market jungle.
E-Security Market Segments
The e-Security market has many different segments. The following sections are providing a brief description of different segments of the e-Security market.
It includes the following six categories:
- Access Security
- Authentication and Identity Management
- Intrusion Detection and Prevention
- Content Security
- Security Management
- Other Security Segments
This segment also knows as perimeter security that addresses the security at
the edge access points of the private network – where it connects to the public Internet, including Firewall, VPN, SSL VPN.
This segment also includes products such as personal/host firewalls for PCs
and servers, application firewall, XML firewall, host intrusion detection and prevention, spyware protection and removal products, and other products that combat known and unknown malware.
security software side, this segment also includes software based-enterprise firewalls, firewall/VPN/SSL VPN equipment, etc.
Authentication and Identity Management
This segment includes Identity and Access Management (IAM) software, appliances and services are used
to create and manage user identities, provide authentication and permit users access to system resources based on defined criteria. The area is often called authentication, authorization and access (AAA), or
authentication, authorization and access audit (AAAA). This segment also includes Web-based management products, single sign-on (SSO) and other secure provisioning products and authentication software and hardware.
Directories and virtual directories are not included in this segment but are often associated with this category.
It also includes password management and self-service reset, user
provisioning, user administration, extranet access management, enterprise access management, authentication systems including strong two factor devices and systems, radius, enterprise digital rights management, legacy
AAA products, federated identity systems, PKI systems and services.
Intrusion Detection and Prevention
This category includes intrusion detection software products, stand-alone appliances (platforms) or service-based IDS/IPS. IDS/IPS software monitors network traffic through
observation of real-time actions, security logs or audit data to detect anomalies, identify and isolate attempts to make inappropriate or unauthorized access to network and host system resources — network equipment,
servers, files and individual PCs. IDS is sometimes includes two categories: host-based IDS and network-based IDS.
This segment includes antivirus software, appliance and hosted products that scan, detect and correct viruses and malicious mobile code at the desktop, at
the server level and, increasingly, when embedded in other devices in the network. This segment also includes malicious code treat protection.
This category include acceptable use control products, such
as uniform resource locator (URL) blocking products and e-mail filtering and spam blocking products, as well as Internet messaging protection and control, and also e-mail encryption. Secure e-mail boundary products and
services are included here.
Encryption software provides a mechanism to systematically encode and decode data so that an unauthorized party cannot decipher it. The software category includes a wide
variety of software toolkits that are sold to hardware, software and services vendors, not primarily to end users. Encryption technology is also the foundation of a large number of applications, such as Digital
Signature applications, Web Services security and XML Firewall.
E-mail encryption applications are defined as part of content filtering. It is true that PKI is an application that leverages cryptology,
but it also is included under IAM offerings.
Security Information Management (SIM) is software, appliances and services that provide a single console or integration point for collecting and displaying event alarms as well as for creating reports of
challenge/threat history trends from heterogeneous security devices, such as antivirus devices, IDS devices, VPN devices and other devices subject to threats, as well as from server and client PC logs. Security
information management is also known as IT security management.
SIM is also called Security Event Management (SEM). Some end users outsource this information function, especially the management of
network security events, to managed security service providers (MSSP), which is another segment in the security space but is not included as part of the security software space.
(VM) is also in this security management segment which takes an inventory of security devices, network devices and hosts, recommending changes in the configurations and sometimes automates deployment of changes.
This segment also includes patch management, corporate security policy compliance products and services, and regulatory compliance products and services.
Other Security Segments
This category contains miscellaneous security and business-oriented security
software tools and services and any equipment for these purposes. The category also includes miscellaneous security software for forensics, case management, policy authoring, risk assessment tools, business continuity
planning tools and services, regulatory compliance tools and other miscellaneous.
Other security software includes manufacture URL filtering, anti-spam filtering, encryption toolkits and diverse
encryption applications, disaster planning software, forensics software, software-based intrusion detection/intrusion prevention systems.
About The Author
Steve Tsai is the Managing Editor of the Internet Journal http://www.intnetjournal.com. Internet Journal provides the insights and analysis on Internet marketing, eCommerce, mobile communications, eSecurity, and global e-Business. If you have any
comments about Internet Journal, please send email to email@example.com.