According to research issued today, worldwide security software revenues totaled $21.4bn in 2014, a 5.3 percent increase from 2013. However slow growth in endpoint protection platforms and a decline in consumer security software — markets that together account for 39 percent of the market — offset the strong performance of high-growth areas, such as security information and event management (SIEM), secure web gateway (SWG), identity governance and administration (IGA) and enterprise content-aware data loss prevention (DLP).
The overall market growth was up slightly from 4.9 per cent in 2013, said research outfit Gartner. Even though the SWG segment experienced single-digit growth in 2014, cloud-based and hybrid SWG deployments are becoming increasingly popular. As organisations’ corporate data traffic becomes more exposed to the Internet and moves out of the control of traditional network security boundaries, SWG technologies continue to be an important piece of the overall security technology strategy of most organizations.
Its that time of the year again
As we move into that time of the year when IT security conferences vie for our attention and the same old companies try to sell us the same old ‘solutions’, it is interesting to see how the security landscape around us is morphing.
The money people who attended the recent RSA security conference in the USA are very excited about the proliferation of Internet-connected devices. The systems in our homes, our cars, and on our persons are all increasingly monitored, with data available to us in real time.
The same is true for industrial infrastructure. Bridges, roads, power plants, and airports are all increasingly connected, with large control systems which are becoming automated. This adds even more threat surfaces for cyber criminals, with very scary implications. Security companies such as ThetaRay are being founded to better protect “operational” networks and industrial systems. ThetaRay is working with GE to secure industrial networks. For more on that see the SCADA section below.
The Cloud still makes us dizzy
The adoption of public cloud infrastructure and software as a service (SaaS) solutions in large and mid-sized companies continues at a dizzying pace. IT has less and less visibility on where critical applications are running and sensitive data is being stored. This has created more attack surfaces for cyber criminals. As a result, cyber-security companies building solutions to monitor activity in the public cloud and helping lock down critical data are gaining traction. Companies such as Palerra and Netskope provide visibility and control for companies in this arena.
Symantec suffered a second consecutive year of revenue decline, down 1.3 per cent to $3.7 billion
Symantec was once again the largest security software vendor by revenue, although the company suffered its second consecutive year of revenue decline, down 1.3 percent to $3.7 billion (see Table 1). A 6.2 percent decrease in the consumer security software segment (which forms 53 percent of Symantec’s security software revenue) was the primary cause of the decline in overall revenue growth.
Security software revenue for runner-up Intel (McAfee) grew 4.6 percent in 2014 to reach $1.8 billion. Revenue declines in two of its major markets (consumer security software and endpoint protection platforms), which form 75 per cent of its security software revenue, balanced the relatively good performance in other segments.
Since many more attacks are emanating from a compromised or ill-intentioned employee, protecting the endpoint has become the focus of some of the smartest minds in the space. That’s a good thing, because the endpoint keeps getting more complicated with the proliferation of mobile devices.
Table 1. Top Security Software Vendors, Worldwide, 2013-2014 (Millions of Dollars)
| Company | 2014 Revenue | 2014 MarketShare (%) | 2013 Revenue | 2013-2014Growth (%) |
|
Symantec |
3,690 |
17.2 |
3,738 |
-1.3 |
|
Intel |
1,825 |
8.5 |
1,745 |
4.6 |
|
IBM |
1,486 |
6.9 |
1,270 |
17.0 |
|
Trend Micro |
1,052 |
4.9 |
1,110 |
-5.2 |
|
EMC |
798.0 |
3.7 |
760 |
5.0 |
|
Others |
12,571 |
58.8 |
12,995 |
-3.2 |
|
Total |
21,422 |
100.0 |
20,348 |
5.3 |
Source: Gartner (May 2015)
In the third place, IBM’s security software revenue grew 17 percent in 2014 to reach $1.5 billion. Its SIEM software products grew 21 percent, driven by strong adoption of this category of products by organizations and managed security service providers (MSSPs) alike.
SCADA (supervisory control and data acquisition) is a system operating with coded signals over communication channels so as to provide control of remote equipment (using typically one communication channel per remote station). Unfortunately SCADA attacks have doubled in the past year, according to Dell’s 2015 Annual Threat Report.
In 2014, Dell saw a doubling in the incidents of SCADA attacks compared with 2013. International SCADA attacks increased from 91,676 in January 2012 to 163,228 in January 2013, and 675,186 in January 2014. This is worrying. The majority of these attacks targeted Finland, the United Kingdom, and the United States, likely because SCADA systems are more common in these regions and more likely to be connected to the Internet. In 2014, Dell saw 202,322 SCADA attacks in Finland, 69,656 in the UK, and 51,258 in the US. Buffer overflow vulnerabilities continue to be the primary attack method, accounting for 25 percent of the attacks.
Because companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported. As a result, other industrial companies within the space might not even know a SCADA threat exists until they are targeted themselves. This lack of information sharing combined with the vulnerability of industrial machinery due to its advanced age means that we can likely expect more SCADA attacks to occur in the coming months and years.
There are a few general ways to protect against SCADA attacks
Make sure all software and systems are up to date. Too often with industrial companies, systems that are not used every day remain installed and untouched as long as they are not actively causing problems. However, should an employee one day connect that system to the Internet, it could become a threat vector for SCADA attacks.
- Make sure your network only allows connections with approved IPs.
- Follow operational best practices for limiting exposure, such as restricting USB ports if they aren’t necessary and ensuring Bluetooth is disabled.
- In addition, reporting and sharing information about SCADA attacks can help ensure the industrial community as a whole is appropriately aware of emerging threats.