Network Security - Time for a Change Perhaps?

Network Security- Time for a Change Perhaps?

Aliza Kasim

Research Analyst

ICT Practice, Frost & Sullivan

2

Table of Content

Source: Frost & Sullivan.

Network Security Landscape in APAC

Mindset Shift in Network Security

Marriage of People, Process & Technology

Get on the Change Bandwagon

3






4

ANZ

Politically stable; strong

economy fuelled by primary

industries

Technologically advanced and

savvy region; IT as part of

business strategy

Early adopter of emerging

technologies and high receptivity

to managed security services

model

Japan• Weak Japanese economy,

coupled with recent slate of disasters

• Drive towards advanced technologies; security and virtualization

• Rising emphasis on CAPEX and OPEX value

• Strong focus on branding and client-oriented sales approach

South Korea• Stable political climate, albeit

with economy still recovering• Mature security market and

mindset; highly IT connected society

• Strong local vendors• Competitive replacement market

for security solutions

GCR• Politically stable, coupled with

excellent economic growth potential,

• Massive opportunities in governmental sector

• Competitive landscape with local and global vendors

• Abundance of greenfield opportunities; strong focus on threat research/Web security .

India• Rapidly recovering economic

growth; domestic market continues to expand

• Room for growth in technology adoption

• Rapid drive towards managed services model

ASEAN• Political and economic climate

gradually stabilizing• Disparate levels of security

adoption; immature levels of regulatory compliance

• Less receptive to new technologies; prefer tried/tested methods

• Lower barriers to entry for new market players

Understanding APAC

5

What’s Driving IT Security

Increasing

sophistication

of threatsRegulatory &

Compliance

Maturing customer mindset

Infrastructure

growth and

expansion

Technology Convergence


6<GPS>

Network Security MarketHistorical and Forecast Revenue Analysis 2007-2013

1,537.5

1,812.0 1,782.7 1,841.61,988.8

2,216.5

2,470.0

1,165.3

1,346.4 1,303.2 1,343.8

1,447.91,605.4

1,775.3

264.4331.7 351.9 363.6

396.1 447.6 508.1

107.8134.0 127.6 134.2

144.7 163.5186.6

0.0

500.0

1,000.0

1,500.0

2,000.0

2,500.0

2007 2008 2009 2010 2011 2012 2013

Total Network Security Market CAGR (2011-2013): 7.5%

FireWall/IPSec VPN CAGR (2011-2013): 7.0%

IDS/IPS CAGR (2011-2013): 8.7%

SSL VPN CAGR (2011-2013): 8.8%

Note: All figures are rounded; the base year is 2010. Source: Frost & Sullivan

Tota

l Re

ven

ue

(U

S$

Mill

ion

)

Network Security Market in Asia Pacific, 2007-2013

7<GPS>

1,782.7 1,841.6

1,988.8

2,216.5

2,470.0

1,208.9

1,381.4

1,640.5

1,997.5

2,439.1

452.2 522.0 617.0739.6

891.6

81.1 93.4 112.9 140.5 181.0

46.9 60.2 83.9 119.8 167.925.1 37.9 60.6 98.1 153.9

0.0

500.0

1,000.0

1,500.0

2,000.0

2,500.0

2009 2010 2011 2012 2013

Network Security CAGR (2011-2013): 10.3%

MSS CAGR (2011-2013): 20.9%

SCM CAGR (2011-2013): 19.5%

SIEM CAGR (2011-2013): 24.7%

WAF CAGR (2011-2013): 40.7%

DLP CAGR (2011-2013): 59.6%

Note: All figures are rounded; the base year is 2010. Source: Frost & Sullivan

Tota

l Re

ven

ue

(U

S$

Mill

ion

)

Market Forecast for Security Segments in Asia Pacific, 2010-2013

Opportunities in the Security Arena

8<GPS>






9<GPS>

Facebook user, forum contributor

The Role of the Individual

Human Individual

Public Domain

Personal Domain

Professional Domain

Employee, mobile worker,

remote user

Home user, website blogger

10<GPS>

What Does This Mean to Enterprises?

Guarding vs Leveraging

Technologies

Security as Business IssueConsumer Trends

Lack of ControlGrowing Threat

Exposure

Evolving Threats

11<GPS>

Paradigm Shift

Infrastructure Security

Gateway vs Endpoint

Static perspective

Defensive approach

Information-centric Security

Data protection

External/Internal viewpoints

Preventive approach

User-centric Security

Application-centric

Dynamic control

Centralized management

http://images.google.com.sg/imgres?imgurl=http://www.turnstiles.us/Fence%20Perimeter%20Detection/Image1.jpg&imgrefurl=http://www.turnstiles.us/index-old.htm&h=400&w=550&sz=45&hl=en&start=2&tbnid=T1i97DH99Lc2_M:&tbnh=97&tbnw=133&prev=/images?q=fence+prison&gbv=2&hl=en



http://images.google.com.sg/imgres?imgurl=http://russellthomas.files.wordpress.com/2007/06/01data.jpg&imgrefurl=http://russellthomas.wordpress.com/2007/08/&h=271&w=271&sz=23&hl=en&start=9&tbnid=vrGwVuO4QfatqM:&tbnh=113&tbnw=113&prev=/images?q=data+security&gbv=2&hl=en



12<GPS>

#1 Treat Users as Your Endpoints!

Blurring of responsibilities

Increasingly tech-savvy

Adoption vs Compliance

User education & enforcement

Consumer vs Enterprise

devices

Mobile Computing

13<GPS>

#2 Get Back the Power of Control!

Understanding

Managing

Power of Control

+ =

14<GPS>

#3 It Isn’t Just Defending!

Dynamic Security vs Defensive Security

Proactive vs Reactive

Assess Both External and Internal Threats

Attack Potential Security Loopholes

15<GPS>






16<GPS>

The Dynamic Application-Fluent Firewall

Static vs Dynamic

Understands the Application

language

Multi-faceted Converged

Platform

Flexible and Scalable

Centralized Reporting and Enforcement

User Identification

Software Performance Management

17<GPS>

Next Stop: Intelligent Convergence

Network Security

Effective security management requires intelligent interactionbetween the different components

Content Security

Application Security

Endpoint Security

Access Control

Data Security

http://images.google.com.sg/imgres?imgurl=http://wiki.freespire.org/images/5/5b/Firewall.png&imgrefurl=http://wiki.freespire.org/index.php/Firewall&h=256&w=256&sz=93&hl=en&start=12&tbnid=k611IWFFESeX7M:&tbnh=111&tbnw=111&prev=/images?q=firewall&gbv=2&hl=en

http://images.google.com.sg/imgres?imgurl=http://wholesaleburglaralarm.com/burglar_window.gif&imgrefurl=http://wholesaleburglaralarm.com/home_burglar_alarms.html&h=598&w=366&sz=11&hl=en&start=42&tbnid=6VuhMro0hCN3fM:&tbnh=135&tbnw=83&prev=/images?q=burglar+alarm&start=40&gbv=2&ndsp=20&hl=en&sa=N

http://images.google.com.sg/imgres?imgurl=http://gdb.rferl.org/4E204977-60FD-475C-86C5-AE47BCCCAC0C.jpg&imgrefurl=http://www.rferl.org/featuresarticleprint/2007/06/d585824b-420d-4c64-ad74-947d45c51d47.html&h=600&w=800&sz=59&hl=en&start=5&tbnid=9wKGMZgsdLacqM:&tbnh=107&tbnw=143&prev=/images?q=website+blocked&gbv=2&hl=en

http://images.google.com.sg/imgres?imgurl=http://res.sys-con.com/story/jun05/99704/mainstory.gif&imgrefurl=http://www.sys-con.com/read/99704_1.htm&h=127&w=226&sz=12&hl=en&start=294&tbnid=ZAIla7zwkmRu_M:&tbnh=61&tbnw=108&prev=/images?q=application+security&start=280&gbv=2&ndsp=20&hl=en&sa=N

http://images.google.com.sg/imgres?imgurl=http://blog.wired.com/gadgets/apple_lock-1.jpg&imgrefurl=http://blog.wired.com/gadgets/2007/08/iphone-unlock-s.html&h=500&w=361&sz=45&hl=en&start=24&tbnid=02Z38xQzz7V-EM:&tbnh=130&tbnw=94&prev=/images?q=software+lock&start=20&gbv=2&ndsp=20&hl=en&sa=N

http://images.google.com.sg/imgres?imgurl=http://www.mining-technology.com/contractor_images/gallagher/2-23750-Teresa-swipe-card_H.jpg&imgrefurl=http://www.mining-technology.com/contractors/vehicle/gallagher/gallagher2.html&h=502&w=500&sz=45&hl=en&start=1&tbnid=rHP516MHTfC6UM:&tbnh=130&tbnw=129&prev=/images?q=access+control&gbv=2&ndsp=20&hl=en&sa=N

http://images.google.com.sg/imgres?imgurl=http://www.dmacc.edu/programs/networksecurity/images/finger_print2.gif&imgrefurl=http://www.dmacc.edu/programs/networksecurity/&h=300&w=300&sz=80&hl=en&start=1&tbnid=NWQo5YF-UiXP2M:&tbnh=116&tbnw=116&prev=/images?q=network+security&gbv=2&ndsp=20&hl=en&sa=N

http://images.google.com.sg/imgres?imgurl=http://opera.inrialpes.fr/people/Tayeb.Lemlouma/NAC.gif&imgrefurl=http://opera.inrialpes.fr/people/Tayeb.Lemlouma/NAC.htm&h=699&w=581&sz=31&hl=en&start=1&tbnid=a63KTaB03afdMM:&tbnh=139&tbnw=116&prev=/images?q=NAC&gbv=2&hl=en






















18<GPS>

The Security Customer of the Future

ScalabilityPerformance

Application-centric

A need for a holistic view towards IT security that caters to multi-faceted

technology and business needs

Convergence

http://images.google.com.sg/imgres?imgurl=http://www.rtpi.org.uk/download/545/Yourbusiness-and-the-environment.jpg&imgrefurl=http://www.rtpi.org.uk/environment_planning_and_protection_network/&h=419&w=640&sz=28&hl=en&start=6&um=1&tbnid=Pr1LIn2g0wraNM:&tbnh=90&tbnw=137&prev=/images?q=environment&um=1&hl=en

http://images.google.com.sg/imgres?imgurl=http://blogs.msdn.com/blogfiles/pigscanfly/WindowsLiveWriter/BeyondHelloWorldUpdate4TreeMapControlWor_8C13/CpuUtilization%5B1%5D.png&imgrefurl=http://blogs.msdn.com/PigsCanFly/&h=332&w=640&sz=110&hl=en&start=3&um=1&tbnid=ufVmux1W4xwgBM:&tbnh=71&tbnw=137&prev=/images?q=utilization&um=1&hl=en

19

Security Trends

Mobile Security

Converged Platform

Forensic & Event Management

Compliance

Virtualized Security

Application-Centric Security

Upcoming Security Trends

20






21<GPS>

Risk Management

Threat Management

Technology People Process

Moving Towards Risk Management

http://images.google.com.sg/imgres?imgurl=http://www.lavistachurchofchrist.org/images/Holdup.gif&imgrefurl=http://www.lavistachurchofchrist.org/LVSermons/ThreePhilosophiesOfLife.htm&h=365&w=483&sz=18&hl=en&start=1&tbnid=jOkE3EBPxJgN4M:&tbnh=97&tbnw=129&prev=/images?q=hold-up&gbv=2&hl=en

http://images.google.com.sg/imgres?imgurl=http://www.jiscinfonet.ac.uk/InfoKits/risk-management/overview-pic-1&imgrefurl=http://www.jiscinfonet.ac.uk/InfoKits/risk-management/risk-mgt-overview&h=380&w=474&sz=136&hl=en&start=9&tbnid=9uh74-XspALN5M:&tbnh=103&tbnw=129&prev=/images?q=risk+management&gbv=2&ndsp=20&hl=en&sa=N

http://images.google.com.sg/imgres?imgurl=http://www.law.harvard.edu/administration/its/faculty/images/chip.jpg&imgrefurl=http://www.law.harvard.edu/administration/its/faculty/instructional.php&h=1200&w=1600&sz=840&hl=en&start=6&tbnid=QHQq3UQqHRMykM:&tbnh=113&tbnw=150&prev=/images?q=technology&gbv=2&hl=en

http://images.google.com.sg/imgres?imgurl=http://www.hsbc.com.au/1/PA_1_2_S5/content/australia/personal/financial-planning/images/p-fp-process.jpg&imgrefurl=http://www.hsbc.com.au/1/2/personal/financial-planning/process&h=430&w=460&sz=22&hl=en&start=5&tbnid=-xp2QSNlVez60M:&tbnh=120&tbnw=128&prev=/images?q=process&gbv=2&hl=en

22<GPS>

TacticalTactical

Aligning security strategy with business strategy

Strategic

Technology, people and processTechnology drivenTechnology driven

IT responsibilityIT responsibility Business + IT shared responsibility

ROI is difficult to measureROI is difficult to measure Easier ROI measurement

Viewing Threats to Assessing Risk

23<GPS>

Failure to approach security at an Organizational level

Reactive and purely technology/product based approach

Treating security as an expense/sunk cost

Failure to integrate people, processes and products

View security as purely a technology & not business issue

1

5

43

2

5 Common Mistakes of Security Management

http://images.google.com.sg/imgres?imgurl=http://www.boatnerd.com/news/newpictures04b/LawrencecliffeSunkRL.jpg&imgrefurl=http://www.boatnerd.com/news/archive/6-04.htm&h=907&w=800&sz=245&hl=en&start=19&tbnid=ZtTInS1FoqkgpM:&tbnh=147&tbnw=130&prev=/images?q=security+sunk+cost&gbv=2&ndsp=20&hl=en&sa=N

http://images.google.com.sg/imgres?imgurl=http://www.dedicatedcomputing.com/images/security.jpg&imgrefurl=http://www.dedicatedcomputing.com/index.cfm?do=News&NewsId=154&h=253&w=200&sz=22&hl=en&start=2&tbnid=RQSqxXGi0K5PzM:&tbnh=111&tbnw=88&prev=/images?q=digital+security+&gbv=2&hl=en

http://images.google.com.sg/imgres?imgurl=http://www.jdmunch.com/aboutus/index_files/image002.jpg&imgrefurl=http://www.jdmunch.com/aboutus/&h=320&w=322&sz=13&hl=en&start=20&tbnid=IHmbs4usZz5WWM:&tbnh=117&tbnw=118&prev=/images?q=integrate+people+processes&gbv=2&hl=en

http://images.google.com.sg/imgres?imgurl=http://www.mydelraybeach.com/NR/rdonlyres/ej47ygdzzvwd5hvlc3pzbfxcla65352z7dxtjncdpodpfnk24jnkz3o27i47mqwk7ncf72bzjut4jt3v3rmcmxl74uc/OfficePyramid.jpg&imgrefurl=http://www.mydelraybeach.com/Delray/Departments/Human+Resources/For+Businesses/Organizational+Chart.htm&h=138&w=138&sz=7&hl=en&start=63&tbnid=ytgxp7I5WycTYM:&tbnh=93&tbnw=93&prev=/images?q=organizational+pyramid&start=60&gbv=2&ndsp=20&hl=en&sa=N

http://images.google.com.sg/imgres?imgurl=http://www.military-information-technology.com/images/ThisIssue/10_4_Art2.jpg&imgrefurl=http://www.military-information-technology.com/print_article.cfm?DocID=1421&h=300&w=300&sz=47&hl=en&start=1&tbnid=kNR6lX9w6Nt86M:&tbnh=116&tbnw=116&prev=/images?q=security+technology+&gbv=2&ndsp=20&hl=en&sa=N

24<GPS>

Strategizing

Adapting

Controlling

Implementing

Planning

• Business Risk Perspective• Integration into Corporate Governance Framework• People, Process, Technology

• Dynamic Boundaries• Technology-Centric Businesses

• User Empowerment vs User Misuse• Beyond Systems to Individuals

• Intelligent Convergence• Security Platforms• Dynamic, Scalable• Need for Performance

• ‘Security is a process’• Sustaining Manageability• Centralized Approach• Long-term Cost Viability

A Framework for Change

25<GPS>

Value Operationalization

Improving Customer Experiences

Selling Products

Changing the Customer Approach

Mapping SolutionsPrice Competition

IT-centric Business-centricTechnical Discussions

Business Interactions

Listen First, Sell Later

http://images.google.com.sg/imgres?imgurl=http://aronsonsecuritycom.nj-web-0506.uplinkearth.com/files/whyasg.jpg&imgrefurl=http://www.aronsonsecurity.com/page.cfm?pageid=46&h=116&w=175&sz=8&hl=en&start=120&tbnid=Gjh1QGuj25feTM:&tbnh=66&tbnw=100&prev=/images?q=solutions+based+approach&start=100&gbv=2&ndsp=20&hl=en&sa=N

26<GPS> 26

Global Support

Localization

Integrated Solutions

R&D Expertise/ Tech Roadmap

Preferred Partner

Brand Strength

Financial stability

Choosing the Right Vendor

27<GPS>

http://twitter.com/frost_sullivan

Follow Frost & Sullivan on Facebook, LinkedIn, SlideShare, and Twitter

http://www.facebook.com/pages/Frost-Sullivan/249995031751?ref=ts

http://www.linkedin.com/companies/4506

http://www.slideshare.net/FrostandSullivan

http://twitter.com/Frost_Sullivan

28<GPS>

For Additional Information

Donna JeremiahCorporate CommunicationsAsia Pacific+603 6204 [email protected]

Carrie LowCorporate CommunicationsAsia Pacific+603 6204 [email protected]

Aliza KasimResearch AnalystICT+603 6204 [email protected]

Network Security - Time for a Change Perhaps?

Business

Transcript of Network Security - Time for a Change Perhaps?