Speaking at Sydney’s Hilton Hotel, Scott Montgomery, vice president of product management at Secure Computing discussed the effects of continued market consolidation in the security space; touched on the current threat landscape and enlightened listeners with surprising views on compliance and benefits or lack thereof with user education.
“[The industry] will end up with 10 to 12 absolutely monolithic companies,” Montgomery said, who has more than ten years security engineering, deployment, and consulting experience.
He said five years ago there were hundreds upon hundreds of startups; dozens of companies in the US$50 million to $350 million range while there were only a handful of companies at the billion dollar range.
But now billion dollar range companies, such as Microsoft, have bought their way into security.
“Google has bought its way into security and Cisco continues to be very acquisitive, there’s many billion dollar companies today,” Montgomery said.
His examples referred to Google’s US$625 million purchase of Postini in 2007; Cisco’s US$830 million acquisition of IronPort in 2007; and IBM’s takeover of Internet Security Systems (ISS) in 2006.
As a reaction to the movements of big players like Microsoft and Google, Montgomery predicted that other large companies such as Hewlett Packard (HP) are probably actively looking to acquire in the security space.
“The trend has been set, companies with deep pockets will write a cheque or issue stock and just eliminate an entire space,” he said
Montgomery explained that the trend, which has accelerated in the past three years, applies more so for ownership of the technology rather that opening up additional revenue streams.
“It’s clear Google wanted Postini for the footprint not the revenue stream. They will continue to make their money from ads but what it does give them is a different vehicle for those ads and delivering those services," he said.
Innovation and best of breed technologies will also suffer as the market continues consolidating.
“The middle ground companies will keep looking at acquisition as the most obvious means to increase shareholder value. Which I think makes the problem of innovation even more difficult," Montgomery said.
"If you have these huge companies that are dominating the revenue portion of the space then these start-ups are going to be geared towards being bought not innovating and creating."
Montgomery also discussed the current threat vectors and said 2007 was a ridiculous year for spam. He said spam works and is cheap and until the costs increase it will continue to exist. He rejected the idea that user training will help secure enterprise from such threats insisting that enterprises have to remove employee access.
“People are still clicking on emails with .exe email attachments from people they don’t know. The curiosity is sometimes overwhelming," he said.
Furthermore, he said the Storm worm botnet was like nothing else ever seen in information security and phishing attacks continued to be financially motivated.
Commenting on compliance, Montgomery said it is more about fulfilling check boxes than improving the security posture.
Paul Henry, security evangelist at Secure Computing was unable to attend the seminar series which will also be held in Melbourne, and Canberra, due to prior commitments in the US.
Secure Computing launches enlightening seminar series
By Negar Salek on Mar 11, 2008 4:16PM