|
Though
anti-virus solutions have been available in the Indian market
for a long time, India Inc. still has a dismal record of adoption.
With new virus threats looming on the horizon, the anti-virus
market is itself undergoing a paradigm change. Rajneesh
De & Chitra Padmanabhan examine these changes and
analyse the emerging trends
 |
Ambarish
Deshpande reiterates that all Indian firms are vulnerable
because viruses are not country-specific |
India
might be crying hoarse about Pakistan’s nefarious designs
on exporting terrorism beyond its borders, and while such
arguments do leave scope for greater debates, there can be
no doubt that computer viruses have been Pakistan’s most
important, though unwelcome contribution to the IT world.
Unlike other physical threats this is one malice that transcends
cyber boundaries. Lahore-based brothers Basit, Shahid and
Amjad Alvi are credited as being the creators of the very
first computer virus christened as ‘Brain’ sometime
in the mid-80s. Though they claimed later that they merely
wanted to protect their program from illegal copies, the fact
that today there are more than 50,000 known viruses alone
in the virtual world is evidence of the Pandora’s box
they had opened.
With the growing dependence of businesses on the Internet,
virus outbreaks are perennially on the rise and are a global
phenomenon. According to a Computer Emergency Response Team
Coordination Centre survey in January 2002, there were 3,734
virus attacks in 1998; 9,859 in 1999; 21,756 in 2000 and 52,658
in 2001 globally. Since the Internet has demolished all physical
boundaries between countries, one just cannot expect India
to be insulated from the resultant risk. In fact, Ambarish
Deshpande, channel manager, Symantec India, reiterates that
viruses are not country-specific and therefore all computer
establishments in India are vulnerable to each of these malicious
trouble-mongers.
Virus strains
The evolution of viruses over the years has followed an interesting
pattern. In the early 90s, polymorphic viruses like Tequila
were the main culprits, while the mid-to-late 90s saw the
arrival of remote control Trojan horses like NetBus and mass
mailer viruses like Love Letter and Melissa. Even PDA viruses
like Palm Liberty made their first appearance during this
period. The new century has witnessed the emergence of metamorphic
viruses like W32.FPRM and more recently, blended threats like
Code Red and Nimda.
Vishwajeet Deshmukh, country manager, Network Associates India,
believes that blended threats, which can spread without human
intervention, are today the most malignant form of viruses
that affect computers. Besides, unlike predecessors, these
malicious codes contain a variety of tools that are capable
of detecting and exploiting vulnerabilities in a system. Moreover,
these not only allow hackers to control the system, but also
conceal the fact that the system has been compromised. The
magnitude of blended threats can be gauged from these figures:
Code Red caused losses to the tune of $2.6 billion, while
Nimda caused losses of over $530 million (estimates by Computer
Economics). These losses mainly accrued due to downtime of
over 24 hours and subsequent clean ups. Though specific figures
on how these viruses affected Indian businesses are not available,
Vaidyanathan Iyer, national manager, eSecurity business, Computer
Associates India, is certain that it would be substantial
considering India Software Inc’s close business dealing
with the US and other markets. Says Deshpande, “Recent
high profile international virus attacks like Code Red and
Nimda have contributed to the high incidence of virus-related
breaches in Indian companies.”
 |
With
close to 80 percent of viruses coming from the Internet,
Ajit Pillai says anti-virus is no longer a desktop
utility |
Shocking
Indian scene
Indian
statistics regarding virus vulnerabilities are quite worrying,
especially as they still show a gaping lack of awareness.
According to a CII-PricewaterhouseCoopers (PwC) survey, 80
percent of India Inc reported a security breach during the
last 12 months, compared to 60 percent in 2000-01. Virus attacks
have emerged as the single largest factor for security breaches.
75 percent of the respondents to the survey reported having
suffered a virus attack in 2001-02, up from 49 percent the
previous year. In a large number of cases, Indian businesses
were forced to shut down external connections to the Internet,
resulting in large losses due to downtime and lost business
opportunities. The CSI/FBI 2001 Computer Crime and Security
Survey states that 94 percent of respondents, mostly large
US corporations, detected viruses in their incoming e-mail
as Web downloads and unfortunately a large proportion of this
e-mail originated in India. Most security experts also agree
that in India most employees are known to abuse privileges
made available to them by accessing or distributing inappropriate
material over the Internet. Plus, the threat from disgruntled
employees is always lurking in the background. However, to
be fair, this risk is true for any other country in the world
too.
The PwC survey discloses another disturbing fact: the measures
that are presently being taken by Indian companies are not
enough to protect or prevent virus attacks. Incredible as
it may seem, even after the recent high profile virus outbreaks,
some businesses connected to the Internet have chosen not
to install anti-virus software. Only 79 percent of the respondents
used virus detection software (as compared to 91 percent that
have networks connected to the Internet) in a year when virus
attacks were at their deadliest. This is considerably low
when compared to 95 percent of respondents reported using
virus detection software in 2000-01.
The fact that no company has rolled back its anti-virus adoption
indicates that the adoption rate itself has drastically come
down. Anti-virus vendors are anxious to determine the reasons
behind this dismal conduct. According to Ajit Pillai, channel
manager, SME & SOHO segment, Trend Micro, one question
that bothers most companies is why anti-virus software cannot
eliminate viruses permanently? “Unfortunately, what they
fail to realise is that the struggle against viruses is a
continuous one, and the anti-virus software is only as effective
as the last update. IT managers have to set up appropriate
processes to ensure that the latest anti-virus patches are
obtained and deployed across the organisation. Large businesses
have to deploy multi-layered anti-virus defence with frequent
and automatic updates,” says Pillai.
One peculiar problem—almost an obsession with most Indian
corporates—is to host a plethora of anti-virus solutions
from multiple vendors. The reasoning being that if one fails
to detect some viruses, the other would. However, most experts
opine that while a best-of-breed strategy could work for multiple
modes of security (like anti-virus, firewalls, intrusion detections,
VPNs) having multiple virus detection software only complicates
the issue as there are usually severe compatibility problems.
Says Vinod Kumar, Satcom Technologhies, distributor of Sophos
Anti-Virus in India, “Running a number of products can
cause incompatibilities and also means that your IT department
needs to administer and manage several solutions instead of
just one. It also means that you have to deal with several
technical support departments and vendors instead of building
a relationship with just one.”
Today,
corporates also feel that by deploying multiple anti-virus
solutions, one at the gateway and the other at the desktop,
they become foolproof. In reality, Pillai feels that protection
is needed at four levels—gateway, mail server, file server
and desktop. It is always desirable to have a suite of solutions
from one vendor. Some vendors have utilised this mindset to
devise a new business model. Computer Associate’s eTrust
Inoculate 6.0 anti-virus solution has two anti-virus engines
built into it—one is the Inoculate IT engine that CA
had in its armoury for years, and the second is the Vet engine,
which
the company acquired through its acquisition of Vet anti-virus
from Australia. The same is true for Symantec’s Norton
line of anti-virus solutions following their acquisition of
SecurityFocus.
 |
Vaidyanathan
Iyer believes that organisations are going to invest
in integrated security solutions and not just piecemeal
ones that take care of only perimeter-level security |
Indian
market dynamics
Where is the Indian anti-virus market headed and what are
the trends it is now witnessing? According to a Gartner Dataquest
survey, the worldwide market for security solutions would
grow to $4.3 billion this year, up 18 percent from $3.6 billion
in 2001. The Indian market for information security for the
current year can be estimated to be in the range of Rs 150-175
crore and should be growing at 25-30 percent annually. Within
information security, the size of the content security and
anti-virus market is about Rs 35 crore and has been traditionally
dominated by two players: Network Associates and Symantec
with the McAfee and Norton range of products respectively.
The
third competitor, Trend Micro, has succeeded in making significant
inroads in the domestic market with its InterScan Messaging
Security Suite of products. Though Computer Associates started
selling eTrust only last year, it has performed commendably
with more than 50 installations today. Microworld, being a
new entrant, intends to first win mindshare in the Indian
market, mainly through its OEM policy with PCS Industries
and Bangalore-based component vendor, Cerebra Technologies.
However, the market leader Symantec still reigns in the OEM
space, having arrangements with leading PC vendors like HCL,
Wipro and IBM. Sophos, Europe’s leading anti-virus vendor,
is a relatively new player in the Indian anti-virus market,
and intends to take the corporate route to gain market share.
The victims of this MNC onslaught have been a host of local
vendors like Neville Bulsara’s Red Alert, Dr Panda’s
and PC-cillin among others.
There is a growing perception in India Inc that to effectively
tackle the menace of viruses, enterprises need to look beyond
anti-virus solutions and make effective use of firewalls and
intrusion detection systems. Deshpande also stresses the need
to increase employee awareness of virus security procedures
and lay down measures to report incidence of virus attacks.
From the security market point of view, one of the key things
that Iyer believes will happen is that organisations are going
to invest in integrated security solutions and not just piecemeal
ones that take care of only perimeter-level security. Recent
reports suggest that 75 percent of threats are internal. Hence,
an anti-virus or a firewall is an advantage as far as protecting
the perimeter of the IT infrastructure is concerned but is
limited in scope. This is one aspect of security that Deshpande
expects the Indian market to wake up to and says this is probably
why most anti-virus vendors are coming out with end-to-end
security suites to leverage the situation when this happens.
Manish
Kocchar of Command anti-virus reveals that the most distinct
shift noticed last year was the complexity of the problems
faced vis-à-vis the expectations of consumers. With
overall market conditions not on the upswing, consumers have
presented solution providers with a challenge to deliver at
a lower cost. Therefore, while awareness of the utility and
number of users of anti-virus products have been growing,
business revenues have not been increasing proportionately.
Even Pillai believes that anti-virus is no longer limited
to a desktop utility. Security has become a serious issue
for enterprises as close to 80 percent of viruses come from
the Internet. Anti-virus plays an important role in perimeter
security along with firewall, PKI, IDS, etc, and hence corporates
want to take care of the three protocols, namely SMPT (e-mail
security), FTC (File transfer security) and HTTP (Web browsing).
This is where protection is needed the most and he feels that
only after this can anyone look at the microscopic level.
Countering blended threats
Blended threats have changed the entire paradigm of the anti-virus
game. Much like the storage business, Internet usage is one
of the biggest growth drivers in this market. Potentially
there are a billion people who live in the networked neighbourhood.
This explains the fact that today, 93 percent of all viruses
travel through e-mail. Also, the types of malware and methods
used by computer virus writers have changed to leverage the
vulnerabilities of new mediums of delivery i.e. wireless and
broadband. For example, Nimda entered as a virus, attacks
as a hacker and spreads through spam. Considering the evolving,
hybrid nature of threats, it is clear that this is a content
security issue, not just an anti-virus problem.
Adds
Pillai, “The PC is no longer the centre of the desktop
computing universe. The boundaries for the desktop have moved
beyond one location to a virtual context in which the borders
are defined by the network. Hence, the need is to move away
from desktop security to a central gateway to secure the network
and thus contain virus attacks at the point of entry.”
According to IDC, the Internet gateway is the highest growth
segment in the anti-virus market, with a projected CAGR of
43 percent from 1999 to 2004. IDC also projects that this
growth will raise this segment’s (Internet gateway) share
of the overall market from an estimated 24 percent in 1999
to a projected 41 percent in 2004.
 Deshpande
also believes that the rapid spread of wireless communications
presents new opportunities for hackers, disgruntled employees
and others to prove their prowess in spreading viruses and
malicious code. With the proliferation of mobile devices,
networks are more vulnerable to virus attacks and distortion
of data. Hence, the need for wireless security.
Almost all vendors agree on one trend that will become increasingly
visible. Some say that the anti-virus security industry is
changing form, and one of the main catalysts for this is diffusion
of broadband. An always-on environment provides more opportunity
for viruses to enter user systems, because users’ IP
addresses are static, providing hackers with a stationary
target when users are connected to the Internet continuously.
Without adequate precautionary measures, consumers and corporates
will be the targets of new viruses, with new viruses being
found daily. It is not always possible to be updated with
the latest anti-virus files, and hence security measures and
support services at the service provider level—i.e outsourcing
and managed services—are crucial.
IDC has predicted that the anti-virus market will grow globally
at a rate of 15.3 percent between 2001 and 2006. And considering
India’s less-than-adequate current status, the Indian
market is expected to grow at more than double this rate,
though the days of pure anti-virus vendors are over. Corporate
India is slowly realising the fact that an anti-virus or firewall
solution does not secure the enterprise’s information
assets. These only address perimeter-level security concerns.
Today most organisations in India are still looking at this
aspect of security, but in time the other areas will gain
importance (e.g: intrusion detection systems), as is the scenario
in the developed countries. Only then can India Inc really
claim it is impregnable against virus attacks.
|
