By Joel Snyder
Network World, October 15, 2007
Original Article on Network World Web Site
Trend 1: The messaging security shakeout is nearly over
The messaging security gateway market has dropped to a mild simmer since the heady growth phase we saw from it in 2003 and 2004. From a peak of over 125 vendors then, a handful of key players in the market have consolidated much of the business and offer products with similar features and common functionality. A recent wave of acquisitions has helped to separate out companies with long-term financial resources and broader technology from those who are likely to slowly fade away. While there remain critical differences between products and clear evaluation criteria to distinguish them, most enterprise customers will find the same set of product vendors on their short lists out of these technology leaders: Ironport (now part of Cisco Systems), Secure Computing (which bought Ciphertrust), SonicWALL, Symantec (which purchased Brightmail), Trend Micro, and Tumbleweed Communications. Barracuda Networks and Proofpoint, neither of which are public companies, also have gained substantial market and mind-share even if they don’t have the same financial resources of their publicly-traded competitors.
Trend 2: The argument about whether message security should be delivered as a hosted or an appliance is not over
No other business security requirement translates as nicely to a hosted service as anti-spam/anti-malware filtering. While on-site messaging security gateway appliances are cost-effective, the benefits of having a focused team doing nothing but anti-spam on your behalf have certainly kept the hosted service providers growing and profitable. Key players in this hosted service provider space, including MessageLabs, Microsoft (through its Frontbridge acquisition), and Postini (now part of Google) are as strong as they ever were and have legions of happy customers.
There is no clear trend to or from hosted services; it seems that companies go one direction or the other based on a wide variety of factors. Most of the reasons our security clients cite for changing to or from hosted anti-spam/anti-virus have little to do with product technology and much more to do with other factors, such as internal staffing costs and expertise, strategic IT direction, and vendor relationships.
Trend 3: Spam is not abating
Based on our continuous testing of anti-spam solutions for five years, we see no signs that the amount of spam is dropping or that spammers are giving in to the nearly-universal presence of anti-spam gateways. In fact, because enterprise-class anti-spam gateways are successful at blocking 95% or more of incoming spam, this has simply increased the number of spam messages that are being sent as spammers and (increasingly) phishers push harder to get their message through the gate.
Heavy use of messaging security gateways has also pressured spammers to be more ingenious in how they deliver their messages. The implications of this trend are that any enterprise buying a security gateway needs to be assured that the vendor has the R&D resources needed to keep abreast of spammers’ rapidly-changing techniques. In addition, security gateways should be purchased with significant performance reserves, as new spam filtering techniques (along with the ever-escalating load of email and spam in general) are requiring more and more resources in the gateway.
Trend 4: Bells and whistles differentiate a perceived commodity
Messaging security gateways, despite the best efforts of the vendor community, are being increasingly perceived as a commodity product, with almost all of the emphasis being placed on their anti-spam features as the biggest commodity. Our testing suggests there are substantial differences in the functionality of different anti-spam engines. Nevertheless, many vendors are content to propagate the myth that the engines perform equally well, since this works to their advantage because it puts them on similar footing with the leading vendors. Enterprise buyers, because of the difficulty of actually measuring differences in anti-spam engines, are also happy to go along with this perception.
To try and differentiate themselves above their anti-spam engines, vendors have turned to putting a large numbers of bells and whistles in their products. Some of these additions represent features that may not be appropriate for a messaging security gateway (such as IM logging and filtering); others are messaging-specific features, such as encryption, that focus on particular niches or vertical markets. The most critical features for the enterprise, including centralized management and reporting, scalability, and high availability, are still only available in a handful of high-end products.