With a threat spectrum that is growing wider and becoming more complex, the Indian security landscape has become more dynamic than ever. The Web has become one of the biggest areas of attack using it to launch and spread into the mainstream. Also, organizations are no longer bound by perimeter, employees are accessing work from anywhere and at any time, and businesses are being conducted using collaborative applications over the Web. To add to the complexity, the threats are blended and there is convergence of email and Web attacks while new medium of attacks like VoIP and SMS are emerging. The result: during FY 08 vendors further intensified their focus on newer threat vectors and worked toward strengthening their position in emerging security areas like data leakage prevention (DLP), identity and access management (IAM), etc, through acquisitions.

The Indian security market (comprising both products and services) crossed the thousand crore revenue mark, as it touched Rs 1,416 crore in FY 08. Growing at 48% the market outdid the modest growth registered by the industry as a whole. It also outperformed its previous years growth of 30%. The key factors shaping the growth story were compliance and regulatory norms, increasing number of network entry-points (laptop PCs, PDAs, Blackberrys, etc) and the growing proportion of mobile workforce.

To some extent the higher growth is accounted for by high growth in the security services space, pushing up the overall growth numbers. The services segment grew 73% to reach Rs 456 crore. The high growth in the services market itself can be attributed to the lower base as well as key market dynamics driving the demand for security services. While system integration and consulting services accounted for a major chunk of the services revenues, the segment witnessed incremental growth on account of demand generated in the areas of managed security, compliance audits and certification.

Though slower than the services growth, the product story kept the momentum going in terms of absolute numbers. At Rs 960 crore, products accounted for 68% of the Indian security market. Up from Rs 735 crore, this market grew 31%. While Firewall/IPSec VPN took away the cake on the appliances/hardware front, the software market was dominated by anti-virus in terms of revenue. However, when it comes to sheer growth the focus was on newer product categories like UTM, Web content filtering, identity and access management, vulnerability assessment management, etc.

Overall, the market witnessed a shift in software and service delivery models, creating an opportunity to better address the SMB sector in India. During FY 08 opportunities also emerged around the SaaS model.

Even as spamming and phishing incidents increasingly started affecting Indian enterprises and cyber terrorism became mainstream, the market geared up to face the challenges posed. Result: the Indian security market broke the thousand crore barrier

IDC India predicts the market to grow at a CAGR of 28% over the next five years. India being an emerging market, it has not yet reached the same level of maturity as the developed markets. In fact, areas like unified threat management (UTM), IAM, and DLP, which are considered to be hot in the Indian market today, are past their prime in developed markets.

Threat Trends
Overall, solutions targeting the new age attacks spanning across spam, phishing, pharming, spyware, malware, botnets, etc, became the new age faces of the Indian security market. This was in sync with the Web becoming central to the threat landscape.

Among the biggest threats to the organizations have been phishing attacks, which were steadily on the rise. In the last six months of 2007, Symantec itself observed 345 unique phishing URLs with IP addresses hosted in India. The vendor also found more than 400 unique phishing attacks on Indian banks. Some out of these involved the use of compromised .gov servers to launch phishing attacks on other brands.

Also particularly of concern were the increasing botnet activities in India. India had 38,502 bot-infected computers and more than 60 command and control servers, a 50% increase from the last reporting period. A majority of bot-infected computers were tracked in Mumbai (56%), Chennai (16%) and New Delhi (14%). The increase in botnet activities led to a high number of distributed denial-of-service attacks (DDOS) on Indian enterprises. In terms of spam, over 90% of all e-mail messages sent over the Internet have been spams. As senders of spam have changed, spam messages themselves have shifted away from selling legal products and services to the underground economy of illegal products and scams. Also at the center stage in FY 08 have been identity theft and pharming attacks, which will continue to be major concerns for the coming years as well.

From an overall perspective, one of the biggest trends emerging in the threat landscape is the change in the very nature of these threats. On one hand, the threats are becoming more sophisticated and blended combining viruses, worms, Trojans, etc. A blended attack will also come over multiple ports like SMTP or POP as well as HTTP. The threats have become part of organized criminal activity with monetary gains becoming the primary motive. During FY 08 there was a surge in the number of organized criminals funding the development of new threats to steal information and make money.

Growing competition to grab as much share as possible of the dynamically changing security market, in turn, forced vendors to innovate and differentiate by bringing to the table a holistic and wholesome approach toward security, including overall security management.

Products Market
The products market comprises network security and UTMs on the appliances side, with secure content management and 3A (authentication, authorization and access) making up the software pie. Network security and UTM made up the bulk of the products revenue, with 59% share. SCM and 3A contributed 27% and 14% each.

BFSI, IT/BPO and telecom remained the top spenders on security. Compliances and regulations of the Reserve Bank of India, along with the BASEL II framework, aided the growth of IT security investments in the BFSI vertical.

The US recession did not hit the Indian market as badly as expected, largely due to the increased IT spending by domestic IT companies. The spend was mainly on their expansion plans and customer support operations for other global markets. Indian telecom players also embarked on massive network expansion projects, and with many global players preparing to set up their operations in the Indian market, security spending from the service provider vertical is expected to continue growing. Retail became the new buzzword in FY 08 with major corporates making their entry into this segment by setting up large format retail chains. They started out with setting up the baseline security and will drive further growth next year with the next level of security investments.

There has also been an increase in the number of companies setting up and expanding their operations in India. The M&A market has made smaller companies a part of global entities, forcing them to look at security more seriously than ever before. The contribution from the SMB segment moved up further driven by their increasing dependence on the Web. It also got a push from the integrated appliances market, owing to the cost factor. Large enterprises, on the other hand, continued to upgrade and augment their existing security infrastructure.

Page(s)   1  2