Digital Transactions Authoritative, insightful and timely information for payments professionals
As network security managers scramble today to combat the so-called MyDoom virus, one of the most malicious network attacks security experts have seen yet, the Boston-based consulting firm Yankee Group has released a report predicting that the frequency and virulence of such incidents will create a flourishing new market in outsourced network security services. According to a study released this week, the firm projects that this new managed-security industry will reach $2.3 billion in revenues this year, up 21% from 2003, and will hit $3.7 billion in 2008. The market includes one-time professional services, such as network auditing or design, and routine, ongoing management, such as managed firewalls, event monitoring, remote endpoint services, and anti-spam and anti-virus services. According the report, network managers are turning increasingly to outside management services in part because of the sheer volume and rising sophistication of attacks. “The increase in vulnerabilities and threats to communication systems is driving the rapid evolution of security technologies,” the report says. “These developments are outpacing the enterprise's ability to stay up to date on the latest countermeasures and techniques to thwart attacks.” In 2003, the number of incidents of worms and other network bugs shot up 67% over what had been reported for 2002, according to the CERT Coordination Center at Carnegie Mellon University. CERT reports there were 137,529 incidents last year, or 43% of all incidents reported since 1988. The Yankee Group says this mounting volume of security problems is causing a shift away from patchwork solutions and threat detection towards comprehensive solutions aimed at threat prevention. The outsourced security-management market is taking advantage of this shift. Says the report: “The key technologies and services that are converging to solve these enterprise requirements are security intelligence services; security event management (SEM) technologies and security monitoring services; patch, update and configuration (P/U/C) management; vulnerability scanning and assessment services (VSASs); vulnerability management solutions (VMSs); and asset inventory systems (AISs).” Until these disparate services and solutions can be integrated, network managers will have their hands full dealing with problems that firewalls, intrusion-detection systems, and anti-virus software aren't addressing, the consulting firm warns. “Unpatched, outdated and misconfigured software is the choice target of hackers,” the report says.
