Professional Documents
Culture Documents
www.idc.com
IDC OPINION
P.508.872.8200
Security software spending remains a top priority in many organizations, and the
security software market achieved $8.4 billion in revenue in 2003, representing 17.5%
growth over 2002. IDC currently forecasts this market to reach $16.3 billion in
revenue in 2008, representing a compound annual growth rate (CAGR) of 14%.
Highlights are as follows:
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA
! Viruses and worms continue to be the most serious threat facing corporations.
However, new threats like spyware and phishing attacks are quickly moving up
the priority list of corporate security concerns.
In This Study 1
Executive Summary.................................................................................................................................. 1
Methodology ............................................................................................................................................. 1
Security Software Market Definition.......................................................................................................... 1
S i t u a t i o n O ve r v i e w 5
Key Trends ............................................................................................................................................... 6
Leading Vendors in 2003.......................................................................................................................... 9
Future Outlook 16
Forecast and Assumptions ....................................................................................................................... 16
Essential Guidance 24
Learn More 25
Related Research ..................................................................................................................................... 25
P
1 Worldwide Security Software Revenue by Market, 2003–2008.................................................... 16
2 Worldwide Security Software Revenue by Region, 2003–2008 ................................................... 17
3 Key Forecast Assumptions for the Worldwide Security Software Market, 2004–2008 ................. 17
P
1 Threats to Enterprise Security...................................................................................................... 5
2 Worldwide Security Software Revenue for Top 10 Vendors, 2003............................................... 9
3 Worldwide Secure Content Management Software Revenue for Top 10 Vendors, 2003............. 10
4 Worldwide Identity and Access Management Software Revenue for Top 10 Vendors, 2003....... 11
5 Worldwide Security and Vulnerability Management Software Revenue for Top 10 Vendors,
2003 ............................................................................................................................................. 12
6 Worldwide Intrusion Detection and Prevention Software Revenue for Top 10 Vendors, 2003..... 13
7 Worldwide Firewall/VPN Software Revenue for Top 10 Vendors, 2003....................................... 14
8 Worldwide Other Security Software Revenue for Top 10 Vendors, 2003..................................... 15
Executive Summary
This IDC study examines the worldwide security software market for the period 2003–
2008. Worldwide market sizes and trends are provided for 2003, and a five-year
growth forecast for this market is shown for 2004–2008. Vendor competitive analysis,
with vendor revenues and market shares of the leading vendors, is provided for 2003.
This study also identifies the characteristics that vendors will need to be successful in
the future.
Methodology
! The information contained in this study was derived from the IDC Software
Market Forecaster database as of July 6, 2004.
For more information on IDC's software definitions and methodology, see IDC's
Software Taxonomy, 2004 (IDC #30838, February 2004).
Firewall/VPN Software
The firewall/VPN market consists of software that identifies and blocks access to
certain applications and data. These products may also include virtual private network
(VPN) encryption as an option. Software firewalls fall into two distinct categories:
enterprise and desktop. The desktop firewall is itself divided into corporate and
consumer categories. In more detail:
! Desktop firewalls cost less than $100 and are used to determine if a given IP
packet should be passed to the desktop device. Generally, the products are used
to control what desktop applications can communicate with the Internet. They are
also evolving to control the functionality of the Web browser. The desktop firewall
market is divided into those sold to the corporate customer and those sold to
consumers.
! Consumer desktop firewalls are generally used to protect home and small
business offices that have a high-speed, always-on connection through a cable
or DSL modem. These products have the same technology as those of the
corporate desktop firewall, but remote management of these products is not
possible.
Products in this category will grow into their own categories or eventually be
incorporated into the other market segments. For 2003, areas covered by other
security software include, but are not restricted to, encryption toolkits, file encryption
products, database security, storage security, standalone VPN and VPN clients,
wireless security, Web services security, and secure operating systems. In addition,
SITUATION OVERVIEW
Viruses and worms continue to be the most serious threat facing corporations today.
According to a 2004 IDC survey of 600 firms across North America, 31% of
respondents indicated that viruses, trojans, and malicious code were the single
greatest threat, and another 10% indicated that network worms were the greatest
threat, as shown in Figure 1. The interesting finding in the study was that spyware
ranked fourth on the list of single greatest threats in 2004. This clearly shows that
spyware is moving up the priority list of corporate security concerns.
FIGURE 1
Internet worms
Spyware
Hackers
Sabotage by current employee
or business partner
Application vulnerabilities
Spam
Cyberterrorism
Inability to meet government
regulatory mandates
Other
0 5 10 15 20 25 30 35
(% of respondents)
n = 606
Source: IDC, 2004
The problem of coordinating and managing multiple security technologies across the
enterprise is a major obstacle facing organizations today. A growing number of
security products across the enterprise require frequent upgrades and
reconfigurations as new threats and vulnerabilities are detected. The time and costs
associated with coordinating and managing the updates and upgrades for the various
security technologies are overwhelming IS departments and corporate executives
alike. In the past, organizations commonly standardized on a "short list" of best-of-
breed antivirus, firewall, VPN, vulnerability assessment, and intrusion detection
technologies. Since the best-of-breed products often came from different vendors, the
technologies worked independently of one another and each technology had its own
individual management console. As security technologies became more complex,
manageability of large networks that integrated a variety of point products became
significantly more difficult and more costly.
Today's ebusiness world requires fully integrated and more comprehensive security
management solutions to deal with the multiple security products implemented across
the enterprise. Consolidated consoles for managing various security solutions along
with aggregated reporting, analysis, and control functions can reduce IT
administration chores and costs as well as personnel costs.
IDC expects to see more and more hardware in the identity management area.
Tokens, smart cards, and biometrics, to a lesser extent, will become parts of
comprehensive identity and access management solutions.
The challenge of controlling electronic communications as they flow into and out of an
organization is becoming increasingly more critical. Government and industry
regulations such as HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley, and SEC have
placed unprecedented pressure on corporations to secure the use of their electronic
communications. Each of these regulations can carry criminal penalties and/or civil
penalties.
The convenience and efficiency of electronic mail has been dramatically reduced by
the extremely rapid growth in the volume of unsolicited commercial electronic mail.
Spam has become more than just a nuisance; it is quickly becoming both a major
productivity drain and potential legal liability in organizations across the globe. Spam
fills networks, servers and inboxes with unwanted and often offensive content. The
business impact of spam only grows more serious as the volume of spam continues
to rise. The volume of spam sent worldwide every day will jump from 7 billion in 2002
to 23 billion in 2004, according to IDC estimates.
The first is that enterprise firewall/VPN software will gradually become part of a threat
management security market. This market will incorporate the firewall/VPN software,
along with firewall/VPN security appliances, and intrusion detection and prevention.
This is already happening in that all enterprise-level firewalls (both software and
hardware) are incorporating more sophisticated intrusion and worm protection
Figure 2 shows the top 10 vendors in the security software market for 2003.
FIGURE 2
Symantec
McAfee
Computer
Associates
Check Point
Software
Trend Micro
IBM
VeriSign
Internet Security
Systems
Microsoft
RSA Security
FIGURE 3
Symantec
McAfee
Trend Micro
Sophos
Websense
SurfControl
Computer Associates
Panda Software
Sybari Software
F-Secure
FIGURE 4
Computer Associates
IBM
VeriSign
RSA Security
Netegrity
Entrust
Novell
Fujitsu
Hitachi
AOL
FIGURE 5
Computer Associates
Symantec
NetIQ
HP
BindView
Cisco Systems
Enterasys Networks
Ubizen
0 20 40 60 80 100
($M)
FIGURE 6
Symantec
Tripwire
Cisco
Ubizen
Computer Associates
NFR
Secos
Enterasys Networks
AirDefense
0 20 40 60 80 100 120
($M)
FIGURE 7
Microsoft
Symantec
Novell
Secure Computing
Sun Microsystems
Sygate Technologies
StoneSoft
FIGURE 8
Certicom
RSA Security
Hitachi
Network Associates
F-Secure
Fujitsu
Finsiel
Gemplus International
0 5 10 15 20 25 30 35
($M)
The worldwide security software market achieved $8.4 billion in revenue in 2003, a
17.5% growth over 2002. IDC currently forecasts the security software market to
reach $16.3 billion in revenue in 2008, representing a compound annual growth rate
(CAGR) of 14% (see Tables 1 and 2). Key forecast assumptions for the security
software market are shown in Table 3.
T ABLE 1
2003 2008
Share 2003–2008 Share
2003 2004 2005 2006 2007 2008 (%) CAGR (%) (%)
Secure content 3,427 4,206 4,994 5,815 6,665 7,477 40.6 16.9 46.0
management
Identity and access 2,213 2,408 2,642 2,904 3,195 3,508 26.2 9.7 21.6
management
Security and 1,210 1,489 1,809 2,176 2,593 3,043 14.3 20.3 18.7
vulnerability
management
Intrusion detection 366 374 381 391 402 416 4.3 2.6 2.6
and prevention
Firewall/VPN 912 982 1,041 1,098 1,153 1,203 10.8 5.7 7.4
Other 307 354 412 476 548 623 3.6 15.2 3.8
Total 8,435 9,813 11,279 12,860 14,555 16,270 100.0 14.0 100.0
2003 2008
Share 2003–2008 Share
2003 2004 2005 2006 2007 2008 (%) CAGR (%) (%)
North America 4,133 4,790 5,478 6,180 6,898 7,614 49.0 13.0 46.8
Western Europe 2,556 2,983 3,446 3,980 4,585 5,206 30.3 15.3 32.0
Asia/Pacific 1,324 1,548 1,787 2,049 2,333 2,619 15.7 14.6 16.1
ROW 422 493 568 651 739 830 5.0 14.5 5.1
Worldwide 8,435 9,813 11,279 12,860 14,555 16,270 100.0 14.0 100.0
T ABLE 3
Accelerator/
Inhibitor/ Certainty of
Market Force IDC Assumption Impact Neutral Assumption
Macroeconomics
↑
from 2001 levels to traditional impact on IT spending.
levels, which will be slightly
####$
below those in Consensus
Economics' April 4 forecast.
↑
10% in the United States. begin to increase as individual
Consensus Economics' April 4 company profits improve.
####$
forecast will hold.
Accelerator/
Inhibitor/ Certainty of
Market Force IDC Assumption Impact Neutral Assumption
↔
and other potential armed and project initiation will begin
political conflict will neither in line with a better economic
###$$
escalate nor abate. outlook.
↔
for the forecast period in the election years have been good
short term. for the economy; the issue will
####$
be what happens in 2005.
Energy Oil prices are on the rise. High. Oil prices are less
predictable, which is not so ↓ ####$
good for business.
Accelerator/
Inhibitor/ Certainty of
Market Force IDC Assumption Impact Neutral Assumption
↔
Europe, and Asia/Pacific are
that consumer prices will rise
####$
by less than 2%. Eastern
Europe and Latin America,
however, will continue to see
double-digit inflation. There will
be no deflation.
↑
Europe. There will not be a lot indicator of an economic
of job creation in the United recovery; job creation should
###$$
States. be accompanied by a
willingness to invest in other
areas.
↔
Telecom The telecom industry will begin Low. The IT industry has
to recover. already factored this in.
####$
↔
strengthen somewhat. The
mood of Europe toward the
###$$
United States is a concern;
anger over the war in Iraq may
create an informal
protectionism.
Accelerator/
Inhibitor/ Certainty of
Market Force IDC Assumption Impact Neutral Assumption
Exchange rates Improved profits in the United Moderate. This may accelerate
States, with the possibility of IT exports from exporting
interest rates going up, may countries into the United
↔
strengthen the U.S. dollar States.
somewhat. Top IT vendors'
###$$
growth will be attributable
mainly to the decline in the
dollar.
Expansion of the Increases will need to manage Low. There will be a balance of
eurozone business automation and spending, with jobs/production
↔
integration. moving to Eastern Europe
(shutting down of some existing
####$
systems), freeing up alternative
IT spending in Western Europe.
↑
increase transparency in many infrastructure software and
industries. services such as security and
####$
storage and applications areas
such as records management,
content management, and
business performance
management (to name a few).
Technology/
service
developments
Accelerator/
Inhibitor/ Certainty of
Market Force IDC Assumption Impact Neutral Assumption
↔
homegrown applications pressures.
moving first. Mainstream
####$
software is also moving toward
application serving on Linux.
Utility computing Multinational vendors will Low. This will have a low near-
continue to drive the concept of term impact on software
utility computing in various revenue. Software spending ↑ ##$$$
forms, but the concept is not may pick up toward the end of
well defined in the marketplace. the forecast period.
↔
software areas) will help drive Office suites did in the 1980s or
price performance to attractive the Internet did in the late
####$
levels that support new IT 1990s. Web services will
spending growth. continue to be mostly a
software development
technique.
Labor supply
Offshoring Skill supplies will be fulfilled Low. This will have little impact
with offshore software on overall software growth. The
↔
development. Developer jobs job market and pricing pressure
will not be returning to the are already major factors in
####$
United States or Western Western Europe.
Europe.
Accelerator/
Inhibitor/ Certainty of
Market Force IDC Assumption Impact Neutral Assumption
Capitalization
↓
stock market may be in the United States.
overpriced and may go down,
##$$$
causing some small increases
in inflation in the United States.
Market
characteristics
Large enterprise There will be extreme price Moderate. This will have an
software renewals pressure on large enterprise
software renewals.
impact on changing software
revenue growth.
↓ ####$
↑
nontraditional software overall software revenue.
licensing models will increase. Toward the back end of the
#####
forecast period, the impact on
software revenue will be higher.
↔
improve homeland security and spending is currently on
protect against terrorism. physical security. Software
###$$
growth will be affected beyond
the five-year forecast period.
Accelerator/
Inhibitor/ Certainty of
Market Force IDC Assumption Impact Neutral Assumption
Application There will be demand for clear High. This demand will require
verticalization and unique software vendor vendors to develop more
↔
product differentiation, faster sophisticated partnerships and
implementation, and more increase market applicability of
####$
relevant "out of box" solutions. offered solutions (particularly to
SMEs).
Market ecosystem
Consumption
↑
spend on mobility, and regain
the attitude that IT spending is
####$
critical to the well-being of a
company (or household). IT
spending as a percentage of
revenue (or income) will
increase.
↔
emerging geographies will
invest and new applications will
####$
drive users to multiplatform
usage.
Legend: #$$$$ very low, ##$$$ low, ###$$ moderate, ####$ high, ##### very high
Source: IDC, July 2004
Related Research
! Worldwide Antivirus 2004–2008 Forecast and 2003 Vendor Shares (IDC #31737,
August 2004)
This IDC research document was published as part of an IDC continuous intelligence
service, providing written research, analyst interactions, telebriefings, and
conferences. Visit www.idc.com to learn more about IDC subscription and consulting
services. To view a list of IDC offices worldwide, visit www.idc.com/offices. Please
contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or
sales@idc.com for information on applying the price of this document toward the
purchase of an IDC service or for information on additional copies or Web rights.
Copyright 2004 IDC. Reproduction is forbidden unless authorized. All rights reserved.