http://news.com.com/Microsoft+s
wims+upstream+on+security/2100-7355_3-6086967.html
By Joris Evers
Staff Writer, CNET News.com
June 22, 2006
Microsoft's security ambitions don't stop with the
consumer. The
company also has an eye on the multibillion-dollar
enterprise security
market.
Now that it's launched the Windows Live OneCare security
service for
consumers, Microsoft is ramping up its efforts to convince
businesses
that it is the solution to, not the source of, their
security woes.
The Redmond, Wash., company last week unveiled Forefront, a
single
brand that encompasses updated and upcoming security
products aimed at
businesses.
The moves are part of Microsoft's attempt to expand its
business and
tap new revenue sources, analysts said. Last year, security
software
sales hit $12 billion, according to research firm IDC. On
the
enterprise side, Yankee Group expects the Windows client
security
software market to grow to $3.6 billion this year.
"They are in it for the money, of course," said
Andrew Jaquith, an
analyst at Yankee Group. "Microsoft initially was very
mysterious
about its security plans. But its steady drumbeat of
announcements
over the last months shows intent to be a very broad
enterprise
security player."
Under the Forefront plan, the brand-new Microsoft Client
Protection
product, now in development, will be sold as Forefront
Client Security
for PCs and servers. In addition, updates of Antigen for
Exchange and
Antigen for SharePoint will also carry the Forefront tag,
Microsoft
said. Antigen for Instant Messaging and the ISA Server
firewall and
Web caching software are also in the Forefront group.
"We're going to provide a comprehensive set of
security technologies
for businesses that is integrated with their existing
infrastructure,
with an emphasis on the deployment, management and ongoing
usability,"
said Steve Brown, the director of product management in the
security,
access and solutions division at Microsoft.
As far as motivation goes, Microsoft sees its entry into
the security
fray as a "very broad opportunity" for itself
and for its customers,
Brown said. "The primary reason we're doing this is
that there is
clearly a customer need for this approach," he said.
Companies such as McAfee, Symantec, Trend Micro and Computer
Associates have long demonstrated that there's money to be
made in
protecting Windows systems. For Microsoft, it's simpler to
create
security add-ons than to build security into its products,
an approach
that would also make it harder for the company to make extra
money, at
least one analyst said.
"This is a rather safe play," said Charles
Kolodgy, an analyst at IDC.
"It is easier than building the security into products
and not being
able to directly capture revenue. And if their security
product line
doesn't work, they can leave the market."
Microsoft has gradually built up its security muscle in
recent years
through numerous acquisitions. It bought antivirus
specialist GeCAD,
anti-spyware maker Giant Company Software and Sybari
Software, maker
of the Antigen products. Its lineup also includes hosted
e-mail
security services, picked up through the takeover of
FrontBridge
Technologies.
Most recently, the company gobbled up Whale Communications,
a
specialist in secure remote access and Web application
firewalls. Last
October, it announced it would sell security software for
business PCs
and servers. The new product, now called Forefront Client
Security, is
due for release in the second quarter of next year.
In catch-up mode
While it's bound to attract some business for its new
products right
away, Microsoft has some work to do to become a formidable
competitor
in the security area. That's especially true when it comes
to
enterprise client security, analysts said.
"They will get some market share just for being
Microsoft," Burton
Group analyst Dan Blum said. "To take a majority
position, they need
to establish a product that is functionally on par with, or
pretty
close to, the likes of McAfee and Symantec," he said,
adding that this
likely won't happen until 2008 or 2009.
Symantec, which provides a range of products aimed at
protecting
corporate networks and systems, said Thursday that it's
ready for any
competition from Microsoft.
"With a level playing field, all the vendors in the
security space
will compete for mind share, based on what enterprise
customers
believe to be the best product to suit their needs," a
representative
of the security software maker said. "Symantec has
been the leading
provider of effective protection against viruses and other
malicious
threats for more than 15 years."
The main obstacle facing Microsoft is customer distrust.
"There are
certain customers that don't trust them because of their
previous
track record," Yankee Group's Jaquith said.
The software maker has invested heavily in security over the
past
years. Despite this, most malicious software targets
Microsoft
products, and the company still deals with lots of security
holes.
Last week, for example, it issued 12 security bulletins with
fixes for
21 vulnerabilities--the largest number ever for its monthly
"Patch
Tuesday" updates.
"You're in one camp or another with them,"
Jaquith said. Either
businesses are very loyal customers and are rooting for
Microsoft, or
they feel they were burned by the company and simply don't
trust it,
he said.
And there are those who feel the software giant is trying to
turn
lemons into lemonade with its move into the security fray.
"The idea of Microsoft coming up with antivirus
software is a sham,"
said Frank Seichal of Old Bridge, N.J., who works in IT at a
financial
institution. "Why should I purchase software from
Microsoft to stop
the operating system vulnerabilities created by Microsoft? I
can not
believe Microsoft is getting away with this."
Another factor to overcome are the high-quality products
sold by
incumbent security vendors. McAfee, for example, has earned
high marks
from its customers with the ePolicy Orchestrator, a central
security
management tool, Jaquith said.
"Microsoft needs to prove reliability, stability and
predictability.
They need some success stories," Jaquith said.
"Just saying that
they're better integrated and that they make the operating
system is
not going to cut it."
In its Forefront documentation, Microsoft promises products
that work
well together and with existing IT systems. Additionally,
the software
will be simple to install and can be centrally managed, it
says.
However, they will protect only Microsoft software and not
Linux
servers or SAP applications, for example.
"That is perhaps their greatest disadvantage,"
Blum said. "They tend
to have this somewhat myopic strategy centered around their
own
products and ignoring other products, even those that run on
Windows."
Rivals and regulators
Antitrust concerns also lurk. Microsoft may promote
Forefront products
as better integrated, but if it has used hooks into its
operating
system that are kept secret from rivals, regulators might be
all over
the software giant, analysts said.
n fact, some small Microsoft competitors are already
complaining about
the company's security pricing strategy. In a blog posting
this week,
Alex Eckelberry, president of Clearwater, Fla.-based
anti-spyware
toolmaker Sunbelt Software, said Microsoft is engaging in
predatory
pricing with its OneCare and Antigen products.
By undercutting its rivals on price, Microsoft is pushing
the
competition out of business, after which it will increase
its prices,
Eckelberry wrote.
Jaquith dismissed that complaint. "I think they are
being creative and
aggressive, but I don't think they are being predatory.
There is
plenty of room for pricing innovation in this space,"
he said.
It was about time that Microsoft fleshed out its security
strategy and
shared it with the public, Jaquith said. "Finally
we're hearing what
they are doing," he said. "It is a 'damn the
torpedoes, full speed
ahead' strategy."
Copyright ©1995-2006 CNET Networks, Inc. All rights
reserved.
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
|