It's been said most IT security professionals owe their jobs to Microsoft. Windows has an endless supply of security holes to keep them busy. And they're always looking for new tools to block attacks that come through those holes.
Several security firms seem to bolster that point in their revenue reports for the last fiscal quarter:
- New York-based Computer Associates reported $911 million in revenue for the third fiscal quarter of 2005, which ended Dec. 31 -- a 9% increase from the year before.
- Postini of Redwood City, Calif., said it nearly tripled its annual revenues while doubling its customer base. "In 2004, the company added over 2,000 new customers, bringing its total to over 4,200 direct customers, and continued to experience its historically high compounded quarterly revenue growth rate," it said in a statement. Since Postini is a private company, a company spokesman declined to offer specific revenue numbers.
- Cupertino, Calif.-based antivirus giant Symantec reported $695 million in revenue for the quarter -- a 41% increase from the previous year. For the fourth quarter, Symantec estimates it'll make up to $710 million in revenue.
But Microsoft is taking security more seriously. Last summer it released Windows XP Service Pack 2 (SP2), equipped with a firewall and other security enhancements. Earlier this month, it rolled out a beta antispyware program and a malware-removal tool that will be updated each month. The company is also developing an antivirus program.
Should security firms be worried that Microsoft's thrust into their territory will mean shrinking profits in the future? Or will enterprises always see the need for third-party tools?
Analysts believe the answer is somewhere in between.
"Microsoft is doing more to enhance security, but they're only going to go so far, to the extent where they need to show responsiveness to customers," said Trent Henry, an analyst with Burton Group of Midvale, Utah. "Others like Symantec will always be in a position to do more for enterprises than what Microsoft does. Much of what Microsoft does has been focused more on the needs of home users than enterprise users."
At the same time, security firms need to show enterprise customers they're constantly working to broaden their portfolio; always offering something more comprehensive than anything Microsoft may come up with.
"One can argue third-party tools are more sophisticated and refined, but in the end I think it's inevitable Microsoft will trod on the third-party [vendors], whether they produce firewalls, VPNs, antispam or antivirus," Jonathan Eunice, principal analyst and IT advisor for Nashua, N.H.-based research firm Illuminata Inc., said shortly after Microsoft released AntiSpyware in beta. "While Symantec and the others have a significant opportunity continuing on server-side and enterprise-scale protection tools (where the 'better, more sophisticated, more manageable' arguments hold more sway), the bull has entered the china shop. Porcelain fragments on the floor are sure to follow."
Gartner analysts John Pescatore, John Girard, Arabella Hallawell and Neil MacDonald agree. In a recent report, posted on the Stamford, Conn.-based research firm's Web site, they warned that security firms must be seen as more than just antivirus providers.
"To remain competitive, antivirus vendors must either accelerate their lagging spyware product development cycles or acquire one of the remaining smaller antispyware vendors," the report said. "Gartner believes that in mid-2005, Microsoft will deliver a combined AV/AS product for consumers and small businesses at a price point at least 20% lower than traditional stand-alone antivirus vendors…"
The report recommends enterprises look at Microsoft's beta product "on the same basis as competitive consumer-grade offerings. Evaluate all antispyware solutions on the basis of their enterprise management capabilities, including enterprise-wide site licensing, group policy configuration, system management console integration, scriptability and command line support. The absence of these features is a weakness of many smaller vendors, including Giant. [Microsoft acquired Giant in December and has based AntiSpyware on that firm's technology.]"
Henry, the Burton analyst, said there are signs security firms are starting to heed those warnings. "Symantec's acquisition of [storage firm] Veritas is an example of how these companies are trying to broaden their portfolio and do more for enterprise customers," he said.
In the end, Henry said, security firms will continue to rake in the revenue for several reasons. For one thing, he said, "Symantec and Microsoft may be competitors, but they also have a deep relationship of cooperation. Look at the SP2 firewall. It's a big improvement, but not anywhere near as extensive as what the others are doing. "
He added that most enterprise networks are comprised of more than the Microsoft components. "Symantec and others provide enterprises with the means to secure other platforms and technology," he said. "Microsoft will always be focused on Windows."