Report: Security Spending Soars

As the telecom industry continues to smolder, security may be the one thing most companies are still investing in. According to an Infonetics Research Inc. report published last week, security spending in the U.S. and Canada will more than double over the next five years (see Infonetics: Security Spending to Boom).

The report -- “User Plans for Security Products and Services, US/Canada 2002” -- states that end-user spending on security products, services, and public key infrastructure (PKI) will increase 154 percent by 2006, jumping to $9.5 billion from $3.8 billion this year.

On a global scale, security spending will increase even more, according to the report. Worldwide, end-user spending on managed firewalls is expected to see a 158 percent hike, while spending on auditing and vulnerability testing services will soar 616 percent during the period.

The report is based on in-depth, hour-long interviews with 240 network managers making the purchasing decisions at organizations of all sizes. All the organizations in question are already using major security products or services, according to Infonetics. Firewalls, authentication, encryption, vulnerability testing, VPNs, intrusion detection, virus scanning, denial of service (DOS) attack prevention, and PKI are among the products being bought, according to the report.

The interviews showed that most organizations are planning large security investments over the coming years. More than half of the respondents indicated they will purchase integrated security appliances by 2004, and 75 percent said they will have implemented some form of intrusion detection by that time. As for the newer security technology needed to protect wireless networks, only two respondents said they aren’t planning to do anything to protect their wireless LANs by 2004.

In these uncertain time, there are several elements driving the security spending surge, says Infonetics analyst and author of the report, Jeff Wilson. “There’s the increased paranoia,” he says. In addition, he points out, the federal government is continuing to invest heavily in security, and homeland security initiatives have led to new regulatory requirements in the health and finance sectors, and continued spending for critical infrastructure like power and electricity. There is also a lot of pressure on organizations of all kinds and sizes to increase their levels of security -- “as an act of patriotism... Sure, it’s propaganda, but [the industry] needs some bright spots.”

Cisco Systems Inc. (Nasdaq: CSCO) seems to be the vendor benefitting most from the growing security trend. 37 percent of all respondents said that they currently use Cisco security equipment, Wilson says, emphasizing that survey responses are not representative of market share. “Cisco’s done a lot of hard work in [the security] area and it’s paying off."

Following Cisco was Symantec Corp. (Nasdaq: SYMC), with 26 percent of respondents using its products.

The survey also reveals that companies are investing more and more in hardware-based, integrated security products, Wilson says. “There’s definitely a drive towards hardware. Obviously, it’s moving in that direction with firewalls, but also with just about [all other security products]. Even with virus scanning, we’re seeing a push towards putting it on hardware.”

Wilson says the drive towards hardware-based solutions is much stronger in North America than in Europe, where Infonetics did a similar study earlier this year. “There’s a stronger tendency towards managed services in Europe,” he says, pointing out that in the U.S. there are more large organizations, which tend to prefer doing their own security. In addition, “Europeans tend to be more trusting of their service providers. In North America, you just don’t take the carrier’s word -- especially now. The incumbents have much more influence in Europe.”

— Eugénie Larson, Reporter, Light Reading
lackeyluster 12/4/2012 | 9:22:29 PM
re: Report: Security Spending Soars ???? Your message peetered-out.

Intrusion Detection products operating at the physical layer do exist but cannot detect and identify many types of breaches.

If you are not also integrating physical layer security of some sorts on an optical fibre link, then your network is indeed vulnerable to numerous types of eavesdropping and intrusion methods.

Do you not lock your doors at home once you have had an alarm system installed? (and if so, let us all know where you live.)

Groups and individuals operating in the industrial espionage and government espionage circles are well versed in such methods and prefer optical fibre taps in the local loop where access to fibre is relatively simple, the amount of relevant information is the greatest, and where intrusion detection, not to mention physic layer security, techniques are rarely if ever implemented today.

While your local Baby Bell there in the US will certainly argue their overall network security, I challenge you to get such assurances against optical fibre taps in writing and incorporated into your service level agreements. (and if so, let the rest of us know what carrier you are using.)
pbartnik 12/4/2012 | 9:22:37 PM
re: Report: Security Spending Soars Not true. Solutions for detecting physical intrusion on optical fiber links in real time have been commercially available for a couple of years now.

These products are in use in military, government, financial services and other industrial applications worldwide. They are
optical_IP 12/4/2012 | 9:22:47 PM
re: Report: Security Spending Soars test msg ..... please ignore

<img src="http://www.3dtextmaker.com/queue/light_readin_20359.gif">
lackeyluster 12/4/2012 | 9:23:00 PM
re: Report: Security Spending Soars >>What about the deployment of intrusion detectors at the physical layer, especially for optical fibre links ?<<

Intrusion detectors at the physical layer for optical fibre links is an interesting area that has not been explored much. Most solutions are in the testing and monitoring space where equipment is external, uses diagnostic ports, and most often is utilized after-the-fact, where damage has most likely already taken place. Fibre optic couplers, taps, 'microphones' and the like are what one would be searching for here. There are also various known methods which act upon a fibre's natural scattering and are thus extremely difficult, if not impossible, to detect.

To protect against all such cases, an integrated solution would be a more useful approach, where intrusion detection is coupled with some sort of physical layer security. There was some activity at the government level in the late 80's/early 90's for fibre link protection, but the solutions weren't easily applicable to commercial networks and as with many government solutions were rather expensive.

There has been some recent activity in the US with companies' using a special variation of phase-modulation to transport the optical data stream in a secure manner. This is being coupled with intrusion detectors at the physical layer and possibly in conjunction with an OTDR to detect and locate devices on the optical fibre link.

Can imagine would be useful for government applications and possibly also for some large corporate applications requiring high confidentiality/integrity/availability of data (SAN/FC, Disaster Recover, WAN, ...). Perhaps there is also a play here for carriers at some point as a secure connectivity service, although tough in current capex environment. Baby Bell Federal Systems Divisions might make sense too.

H-Burger 12/4/2012 | 9:23:03 PM
re: Report: Security Spending Soars Security spending does not create value, it prevents others from destroying or stealing an organizataions value. It is a necessary evil for any large organization. It is hard to measure the ROI for something that doesn't save money or create revenues, but an approach is to see what the potential losses a criminal could inflict on an unprotected network.

Harware vendors: Nokia, Netscreen, Crossbeam, many others...
What approach is preferred, software or hardware products?
enrico 12/4/2012 | 9:23:10 PM
re: Report: Security Spending Soars What about the deployment of intrusion detectors at the physical layer, especially for optical fibre links ?
NiceButDim 12/4/2012 | 9:23:11 PM
re: Report: Security Spending Soars Also Fortinet - AV, IDS, FW, VPN and content filtering in one box.
optical_IP 12/4/2012 | 9:23:15 PM
re: Report: Security Spending Soars Security is definitely needed ! Even if the chances someone can eventually penetrate is there, we need to develop better security to keep the expectations of the masses in check, and continue social acceptance of internet business

lightgrieving 12/4/2012 | 9:23:34 PM
re: Report: Security Spending Soars Security is definitely needed ! Even if the chances someone can eventually penetrate is there, we need to develop better security to keep the expectations of the masses in check, and continue social acceptance of internet business
Touch 12/4/2012 | 9:23:36 PM
re: Report: Security Spending Soars Another brilliant post by BobbyMax!
mha101 12/4/2012 | 9:23:40 PM
re: Report: Security Spending Soars For intrusion detection and blocking - TippingPoint, Intruvert, and iPolicy
Jamis 12/4/2012 | 9:23:41 PM
re: Report: Security Spending Soars anyone have any idea of who is doing hardware for the security?
BobbyMax 12/4/2012 | 9:23:42 PM
re: Report: Security Spending Soars Any money spent on security equipment is really not a productive investment. It is just like an incurable desease that will eat some companies alive as the cost of doing business will increase tremendously.

I think there has to be some realization that many wise companies are going to increase their capital expenditure on security equipment. Every thing is just a scare tactics that will eat up our telecom and networking industry.
Sign In