IT security: Convergence of endpoint and network security?
As you might have read in the newspapers, in the last couple of weeks one of the most significant security flaws in recent years was revealed: An error in a type of internet encryption security, known as OpenSSL, was disclosed. This standard is one of the most widely used security methods across all industries. As a result, the so-called “Heartbleed” bug was able to expose millions of passwords, credit card numbers and other pieces of sensitive information. Two-thirds of the worlds’ web-sites were affected and this vulnerability has been undetected for two years. Although a patch has been issued, all users are encouraged to update their passwords on sensitive websites.
As such high profile incidents have shown, hackers are gaining access to supposedly secure IT networks through unlikely places such as printers, thermostats and videoconferencing equipment. Therefore we believe a 100% secure IT network is nearly impossible to guarantee. An integrated security approach is needed which combines endpoint security (e.g. anti-virus) and network security (e.g. authorization of data access in a network). In this paper we describe in a first step the IT security market. Secondly, we provide an overview of the current threat landscape and its challenges. To conclude, we highlight a technological trend as a possible solution.
The market for IT security
The recent IT security incidents as well as the proliferation of mobile devices, cloud computing and available connectivity have created a significant need for modern security solutions. An emerging theme is in our opinion the convergence of endpoint security and network security.
To get a better understanding of the environment, fig. 1 shows the worldwide security spending by segment. According to IDC, annual spending for IT security, endpoint security and network security combined represent over 50% of the total product related spending (USD 9.8bn and USD 9.5bn respectively). Additionally, adjacent markets include in this context identity and access management (IAM, USD 5.8bn), security and vulnerability management (SVM, USD 5.5bn), messaging (USD 3.0bn), web (USD 2.4bn) and others (USD 0.8bn).
Continue reading: The current threat landscape in IT security