WorldEndpointSecurityProductsMarkets July08

World Endpoint Security Products Markets
N40B-74
www.frost.com
Frost & Sullivan takes no responsibility for any incorrect
information supplied to us by manufacturers or users.
Quantitative market information is based primarily on
interviews and therefore is subject to fluctuation.
Frost & Sullivan reports are limited publications con-

taining valuable market information provided to a select
group of customers in response to orders. Our customers
acknowledge when ordering that Frost & Sullivan reports
are for our customers’ internal use and not for general
publication or disclosure to third parties.
No part of this report may be given, lent, resold, or

disclosed to non-customers without written permission.
Furthermore, no part may be reproduced, stored in a
retrieval system, or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording,
or otherwise, without the permission of the publisher.
For information regarding permission, write:
Frost & Sullivan

2400 Geng Road, Suite 201
Palo Alto, CA 94303-3331
United States
#N40B-74 ©2008 Frost & Sullivan www.frost.com

Table of Contents
Chapter 1
Executive Summary
Market Overview 1-1
Market Overview and Definition 1-1

Introduction 1-1
Product Definition 1-2
Revenues Defined 1-2

Vertical Markets 1-3
Geography Analysis 1-3
Market Drivers and Restraints 1-4

Key Market Drivers 1-4
Key Market Restraints 1-4
Key Findings and Conclusions 1-5

Key Findings and Conclusions 1-5
Chapter 2
Analysis of the World Endpoint Security Products Market
Overview of the Market 2-1
Overview of the Market and Introduction 2-1
Evolution of Endpoint Security 2-2

The Changing Landscape Security Market 2-4
#N40B-74 © 2008 Frost & Sullivan www.frost.com iii

Market Engineering Measurements 2-6
Market Stage 2-7
Degree of Competition 2-7
Degree of Technology Change 2-7
Customer Satisfaction 2-7
Market Drivers 2-8

Increase in Complex Attacks and Threats due to Advanced Cyber Crime Techniques 2-8
The necessity to Comply with Government Regulations 2-9
Increase in Remote Workers is Driving an upward Trend with
Wireless Devices such as Laptops, PDAs and Smartphones therefore
creating the Need for Enhanced Enterprise Solutions 2-9
Network Security has Climbed up the Management Decision Chain and is
considered an Important Business Objective for CIOS 2-9
Sophisticated Botnet Systems 2-9
Increase in Personal Internet usage threatens the Ability with obtaining
Advanced SPAM and Phishing Techniques through Personal Emails 2-10
Upward Trend in Social Networking Websites and Web 2.0 2-10
Market Restraints 2-10

Market Maturity 2-11
In 2007, the US continues to go through a Slow Growing Economy 2-11

The Market is very Competitive 2-11
Malware Writers are more Technical and are staying ahead of the Game 2-11
Lack of Attention in Malware threats from Corporate Networks 2-11

Microsoft's Entry into the Market will Drive Prices down and shift the
Dominant Participants in the Market 2-12
Lack of Customer Education about Subscription Services and Malware Threats 2-12
Unit Shipment and Revenue Forecasts 2-12
Unit Shipment and World Revenue Forecasts 2-12
Geographic Market Analysis 2-14

North America 2-16
EMEA 2-16
APAC 2-16
Rest of the World 2-17
#N40B-74 © 2008 Frost & Sullivan www.frost.com iv

Vertical Market Analysis 2-17
Education 2-18
Government 2-18
Healthcare 2-18
Financial 2-18
Other 2-18
Forecast By Product Type 2-19
Forecast By Business Segment 2-25
Distribution Forecast 2-30
Pricing Forecast 2-31
Market Trends 2-38
Demand Analysis 2-38

Consumer Trends 2-38
Enterprise Trends 2-39
Product and Technology Trends 2-39

Integration of Products 2-39
Increase in Web Security and 2-40
Content Filtering Integration with Anti-Malware Products 2-40

Mobile Malware 2-41
Pro-active Technologies 2-41
Collective Intelligence or Network Intelligence 2-41

In the Cloud Security 2-41
Application Whitelisting 2-42
Pricing Trends 2-42
Trends In Distribution 2-43

Enterprise Market 2-43
Consumer Market 2-43
Internet Service Providers and Vendor Hardware Partnerships 2-44
Legislative Trends 2-44

Payment Card Industry Data Security Standard (PCI) 2-45
Health Insurance Portability and Accountability Act (HIPAA) 2-45
Gramm-Leach Bliley Act 2-45
Sarbanes-Oxley Act (SOX) 2-45
#N40B-74 © 2008 Frost & Sullivan www.frost.com v

Competitve Landscape 2-46
Market Structure 2-46
Market Leader 2-51
Market Challengers 2-52

McAfee 2-52
Trend Micro 2-53
Market Contenders 2-54

Panda Security 2-54
Microsoft 2-55
Kaspersky Lab 2-56
Sophos 2-57
Market Specialists 2-58

BitDefender 2-58
ESET 2-59
Emerging Participants with Integrated Anti-Malware Products 2-60

Cisco 2-60
Check Point 2-61
Other Participants 2-62

AVG Technologies 2-62
eEye Digital Security 2-63
Sunbelt Software 2-63
SkyRecon Systems 2-64
Niche Participants 2-65

Aladdin Knowledge 2-65
Finjan 2-65
Strategic Recommendations 2-66

Ease of Use 2-66
Branding 2-66
Performance 2-67
Integration of Products 2-67
Pro-Active Protection 2-67
#N40B-74 © 2008 Frost & Sullivan www.frost.com vi

List of Figures
Chapter 1
Executive Summary
1-1 Endpoint Security Products Market:

Unit Shipment and Revenue Forecasts (World), 2004-2014 1-5
Chapter 2

Market Drivers Ranked in Order of Impact (World), 2008-2014 2-8

Market Restraints Ranked in Order of Impact (World), 2008-2014 2-10


Percent of Revenues by Geographic Region (World), 2004-2014 2-14

Percent of Revenues by Geographic Region (World), 2007 2-15
#N40B-74 © 2008 Frost & Sullivan www.frost.com vii

Percent of Revenues by Vertical Market (World), 2007 2-17

Percent of Revenues by Product (World), 2004-2014 2-19

Revenue Forecasts—PC's (World), 2004-2014 2-20

Revenue Forecasts—Email Servers (World), 2004-2014 2-21

Revenue Forecasts—Gateway Products (World), 2004-2014 2-23

Revenue Forecasts—Other Servers (World), 2004-2014 2-24

Percent of Revenues by Business Segment (World), 2004-2014 2-26
2-13 Endpoint Security Products Consumer Market:

2-14 Endpoint Security Products SMB Market:

2-15 Endpoint Security Products Enterprise Market:


Percent of Revenues by Distribution (World), 2004-2014 2-30

Pricing Forecasts for Desktop Products (World), 2004-2014 2-32
#N40B-74 © 2008 Frost & Sullivan www.frost.com viii

Manufacturer Pricing Forecast by Channel (World), 2004-2014 2-33


Manufacturing Pricing Forecast by Channel (World), 2004-2014 2-35
2-21 Endpoint Security Products Enterprise Market:

Pricing Forecasts by Product (World), 2004-2014 2-36

Competitive Structure (World), 2007 2-47

Company Market Share by Revenues (World), 2007 2-48
#N40B-74 © 2008 Frost & Sullivan www.frost.com ix

List of Charts
Chapter 2
2.1 Endpoint Security Products Market:

Evolution (World), 2007 2-2

Various Security Technologies that are Combined into the
Endpoint Security Product (World), 2007 2-3

Market Engineering Measurements (World), 2007 2-6


Revenue Forecast (World), 2004-2014 2-14

Percent of Revenues by Geographic Region (World), 2004-2014 2-15

Percent of Revenues by Geographic Region (World), 2007 2-16

Percent of Revenues by Vertical Market (World), 2007 2-17
#N40B-74 © 2008 Frost & Sullivan www.frost.com x

Percent of Revenues by Product (World), 2004-2014 2-19

Revenue Forecasts—PC's (World), 2004-2014 2-20

Revenue Forecasts—Email Servers (World), 2004-2014 2-22

Revenue Forecasts—Gateway (World), 2004-2014 2-23

Revenue Forecasts—Other Servers (World), 2004-2014 2-25

Percent of Revenues per Business Segment (World), 2004-2014 2-26
2.15 Endpoint Security Consumer Market:

2.16 Endpoint Security SMB Market:

2.17 Endpoint Secruity Enterprise Market:


Percent of Revenues by Distribution (World), 2004-2014 2-31


Manufactuer Pricing Forecasts by Channel (World), 2004-2014 2-33
#N40B-74 © 2008 Frost & Sullivan www.frost.com xi


Manufactuer Pricing Forecasts by Channel (World), 2004-2014 2-35
2.23 Endpoint Security Enterprise Market:

Pricing Forecasts by Product Type—PC's (World), 2004-2014 2-36

Pricing Forecasts by Product Type—Email Servers (World), 2004-2014 2-37

Pricing Forecasts by Product Type—Gateway (World), 2004-2014 2-37

Pricing Forecasts by Product Type—Others (World), 2004-2014 2-38

Company Market Share by Revenues (World), 2007 2-48

Competitive Landscape (World), 2007 2-49

Competitive Landscape (U.S.), 2007 2-49

Competitive Landscape (EMEA), 2007 2-50

Competitive Landscape (APAC), 2007 2-50
#N40B-74 © 2008 Frost & Sullivan www.frost.com xii

1
Executive Summary
Market Overview
Market Overview and Definition
Introduction
Malware is defined as code which has been written with a malicious intent and is designed to
make a changes to computer systems without the owner’s knowledge. Malware includes a
variety of different software including computer viruses, worms, Trojan horses, rootkits,
spyware, adware and other malicious software.
As we discuss the endpoint security market, we must first understand the origin. Once before,
the market was named anti-virus and then anti- malware and now referred to as endpoint
security market. With the growing number of threats which include viruses, Trojan, worms,
the use of endpoints as DDos Zombie hosts and spyware, endpoint security has emerged and
replaced the anti- malware market. New threats and emerging blended threats continue to
evolve. Endpoint security emerged and continues to protect malware which is defined as any
sort of code which has been written with a malicious intent. Endpoint Security is security
software that is distributed to the end- user device but centrally managed. Endpoint security
software works on a client/server model.
#N40B-74 © 2008 Frost & Sullivan www.frost.com 1-1

Product Definition
Frost & Sullivan defines the endpoint security market is by manufacturer revenues in the
enterprise and consumer segments for endpoint security products. Frost & Sullivan further
defines endpoint security products as products that perform one or more of the following
functions:
■ Gateway or host based Anti- virus
■ Gateway or host based Anti-spyware
■ Host Based Firewall
■ Host IDS/IPS,
■ Host based behavior blocking software
As we see the market transform, endpoint security protects at all endpoint systems including
laptops, desktops, servers and handheld mobile devices. In this study, only client or gateway
endpoint security products that contain at least one proprietary anti- virus engine are
included.
Today’s endpoint security market includes a multi- layered outlook that includes
anti-malware technology, manufacturer’s revenues from products at the desktop, server, and
at the gateway. Within the study we evaluated vendors that include endpoint security for each
segment and also will evaluate revenue at a holistic view of endpoint security.
Managed service security providers are excluded as well as Network Access Control (NAC),
DLP, content filtering- consisting of email, web and IM filtering.
Revenues Defined
Total revenues are derived from market participants who provide one or more of the
following: client anti spyware, client firewall, host IDS/IPS, behavior blocking software and
integrated suites and sold their Endpoint Security solutions direct to end users or through all
distribution channels excluding OEM’s.

Ve rt i c a l M a r k e t s
The following vertical market segments defined in the study include:
Financial Markets
Government
Education
Healthcare
Others: others include manufacturing, construction, utilities, entertainment, professional

services and transportation, retail
Geography Analysis
The geographic regions analyzed in this study include:
North America
Europe: Western, Central and Eastern Europe
Asia Pacific: Countries on the western border of the Pacific Ocean, including those of the
Indo- Chinese peninsula, Pacific islands and Central Asia.
Rest-of-World: Regions not mentioned above including Central America, South America, the
Middle East and Africa.
Frost & Sullivan will review the endpoint security market by analyzing the growth, demand,
pricing, channel distribution, legislation, and technology trends. The analysis will also be
followed with regional and vertical market forecasts along with an in-depth analysis of the
competition within the endpoint security market. The competitive analysis will review the
market share for each competitor and will also provide detailed profiles for the key vendor’s
in the market. The base year used for this study is 2007 and the revenue forecasts and trends
are provided through 2014. Historical data are quantified to reveal trends occurring since
2004.

Market Drivers and Restraints
Key Market Drivers
■ Increase in complex attacks and threats due to advanced Cyber Crime techniques
■ The necessity to comply with government regulation
■ Network security has climbed up the management decision chain and is considered an
important business objective for CIOs
■ Sophisticated Botnet Systems
■ Increase in personal Internet usage threatens the ability in obtaining advanced SPAM and
Phishing techniques through personal email.
■ Increase in remote workers is driving an upward trend with Wireless devices such as
laptops, PDAs and Smartphones therefore creating the need for enhanced enterprise
solutions
■ Upward trend in Social Networking websites, Web 2.0
Key Market Restraints
■ Market maturity
■ In 2007, the US continues to go through a slow growing economy
■ Microsoft’s entry into the market will drive prices down and shift the dominant
participants in the market
■ Competitive market structure
■ Malware writers are more technical and staying ahead of the game
■ Lack of attention in Malware threats from Corporate Networks
■ Lack of Customer education about subscription services and malware threats

Key Findings and Conclusions
Key Findings and Conclusions
Figure 1-1 depicts the world endpoint security market unit shipment and revenue forecasts
for 2004-2014.
Figure 1-1
Endpoint Security Products Market: Unit Shipment and Revenue Forecasts (World),
2004-2014
Unit Revenue
Units Growth Rate Revenues Growth Rate
Year (Million) (%) ($ Million) (%)
2004 47,602 --- 3,334.8 ---
2005 53,521 12.4 3,799.0 13.9
2006 59,556 11.3 4,400.7 13.9
2007 69,390 15.5 4,980.7 15.2
2008 82,277 18.6 5,613.5 12.7
2009 99,029 20.4 6,287.1 12.0
2010 119,031 20.2 7,003.1 11.4
2011 142,010 19.3 7,724.4 10.3
2012 167,091 17.7 8,408.4 9.8
2013 193,343 15.7 9,218.2 8.7
2014 221,048 14.3 9,937.1 7.8
Compound Annual Growth Rate (2007-2014): 10.4%
Note: All figures are rounded; the base year is 2007. Source: Frost & Sullivan
The market is at a highly competitive and mature market. Figure 1-1 shows the estimated
endpoint security market for 2007 is 4.9 billion and with a growth rate of 10.4%. The main
drivers include the increase in cybercrime, compliance and the fact that security has moved
up the corporate objective. The main restraint is market maturity. North America is the
largest market in 2007 at 42%, but is the most mature and EMEA follows with 35%. The
Asia Pacific market presents strong growth and as well as other emerging countries in the rest
of the world. The PC market continues to represent the largest product segment with 50% of
the market and gateway products continue to grow strong over the forecasted period

In the distribution channel, retail continues the strongest with 67% of the market and online
retail follows with 25%. Although retail is still a strong channel, many competitors are
seeing faster growth with online retail. ISP’s will also grow in the future as a result of several
new and upcoming partnerships. Pricing had in affect in 2006 with Microsoft entering the
market with 3 licenses into one product and in 2007, top competitors followed this strategy.
The addition of functionality continues as the theme for this year and we continue to see
more integrated suites in the market. Average pricing remains stable for 2007, but intense
competition will drive a slight decline in average pricing for the forecasted period. More
integrated suites continue to create with higher functionality.
The leading competitors in the market is Symantec with 42% of the market, McAfee follows
with 9% of the market and Trend Micro with 7%. Smaller anti- malware vendors and other
infrastructure network vendors lag in terms of market share, but some have been growing
rapidly and continue to place much emphasis in R&D therefore developing superior compet-
itive products.

2
Analysis of the World Endpoint Security
Products Market
Overview of the Market
Overview of the Market and Introduction

In 2007, we saw the emergence of the endpoint security market. The endpoint security
market has emerged and offers a suite of security features that help protect consumers and
enterprises from the many threats out there today. The endpoint security market is a mature
market and is expected to have stable growth in the future. The growing number and variety
of threats to endpoints have made the market shift to encompass more functionality into
endpoint security solutions. The days of only having an anti-virus is no longer sufficient and
vendors continue to revamp the endpoint security market.
With Microsoft entering the market, endpoint security vendors have tried to stay ahead of
the game and prepare for what may happen in the future, which is a shift in dominant
vendors. Although vendors have not felt any changes in the endpoint security market since
Microsoft's entry, they do expect that to change in the next several years. Microsoft is still
new to the market and the security element to its product still needs to mature before
competing in such a competitive market.
For 2007, integration appears to be the trend for the endpoint security market. Mergers and
acquisitions are occurring between security vendors to gain leverage in functionality and
broaden the endpoint security portfolio. For example, in 2007 McAfee acquired SafeBoot
Holding BV. With this acquisition, they will be able to provide customers with endpoint,
network, web, email and data security, including encryption, as well as risk and compliance
solutions. In 2007, Symantec, acquired Altiris, a provider of IT management software. The
goal with the merger is to build a better enterprise product through better management and
improve IT governance, compliance and visibility. Symantec also completed the acquisition
with Vontu, a known leader in the data loss prevention market. The solution will be added to
Symantec's security 2.0 vision and the solution will help organizations prevent the loss of
confidential or proprietary information wherever it is being stored or being used. Again, this
is another example of where endpoint security is heading and why the trend of integration
has become a key initiative for dominant Anti-Malware vendors.

The debate today is whether the integration of a wide variety of security features is necessary.
According to many vendors, the changing security landscape and customer demands make
integration a necessity. Another factor is competition. The more broad the portfolio, the
more value added and this is enticing for the consumer. To meet the demands of the
consumer, security vendors must look outside the company to develop the needed technology.
Since the market hit maturity, vendors such as McAfee and Symantec shifted focus to the
enterprise market and believe that in the continuation in building better security solutions.
The result of the changing landscape, integration and adding value features to endpoint secu-
rity solutions is necessary.
Frost & Sullivan believes that as the security landscape continues to evolve, the integration of
security features will continue to be important in the endpoint security market. For dominant
vendors, we expect them to continue to add enhanced features to the product lines and for
the smaller vendors; they will continue to concentrate on research and development in order
to offer better endpoint security products. It is clear that integration is here to stay and
expect that there will be a decrease in pure play security companies as dominant vendors
continue to build on to their core products.
Evolution of Endpoint Security

Chart 2.1 shows the evolution of the world endpoint security products market, 2007.
Chart 2.1
Endpoint Security Products Market: Evolution (World), 2007
First Computer Virus Macro Viruses and Internet Worms poses

Emerges, problem to networks,
Polymorphic Viruses Emergence of Emergence of Botnets, Adware and
Floppy Disk Viruses Spyware
sophisticated viruses
Next Generation: Collective

Intelligence
1990’s 2000 2004-2008
1980’s
Second Generation Vendors add Proactive
First Generation Anti- Virus Era: Anti- Malware: and Behavior software technologies
Technology included Signature Vendors integrated personal to combat CyberCrime
Detection Firewall and Spyware
Source: Frost & Sullivan

In the 1990's, the anti virus software market emerged as a result from malicious software and
has now evolved to include endpoint security software. In the past, viruses were embedded
into floppy disks. The first virus appeared in the 80's and then appeared worms, macro
viruses and spyware. Polymorphic viruses soon appeared and anti-virus vendors had to
address threats at the application layer versus the operating system. Behavior techniques
were addressed over signature based applications.
In 2005, the first detection of Botnets was found. This is an important tool used in today's
cybercrime and is expected to increase and become more sophisticated. The evolution of this
malicious software drove anti-virus to the endpoint security market today.
With the increasing trend of the mobile worker, company data has become more accessible to
attackers and security vendors have evolved to include a more holistic approach to security
through endpoint protection. Endpoint security includes anti-virus software, anti-spyware,
behavior-blocking software, firewall and host based IDS/IPS. This ensures adequate protec-
tion at all levels. Organizations currently continue to use desktop anti-malware, but new
threats are ignored. Endpoint security offers a more defense in depth strategy and organiza-
tions need to embrace this evolved security solution. The transitions from anti-malware
products have now converted towards IT products with embedded security features and are
now called Endpoint Security Suites.
Chart 2.2 shows the the world endpoint security product various security technologies
combined in 2007.
Chart 2.2
Endpoint Security Products Market: Various Security Technologies that are Combined into
the Endpoint Security Product (World), 2007
Anti-virus DLP Anti-spyware
Application Host IPS

and Device
Control
Endpoint Security
Anti-Spam Firewall
Anti- Back Up
NAC
Phishing Storage

The increase in Internet usage has also influenced the endpoint security market. As more
people use the Internet for personal and business, there is an increase of internet connections
with mobile devices, and as a result the need for endpoint security has increased.
Th e C h a n g i n g L a n d s c a p e S e c u r i t y M a r k e t
Until recently, hackers were into attacking corporate networks for fame and fun. Now, the
financial gain is the motivation behind an attack. In 2007, there is an upward trend in Cyber-
crime and the threats continue to grow. Criminal networks are growing and becoming more
like organized crime rings. For the consumer, phishing attacks are very popular. Criminals
are gaining financial information of consumers and taking over their computers to use as
botnets. From a corporate standpoint, cybercriminals are able to steal consumer data infor-
mation and corporate assets. Other attacks include DoS attacks. A DoS attack will cause
financial losses by disengaging a company's website. Cybercriminals can basically hold the
website for ransom, also known as ransomware. The lost in sales for one day to an enterprise
is costly and is detrimental to its reputation. Today's threats are a lucrative business for cyber
criminals and this will continue to flourish in the future as technology continues to advance.
Security has emerged and is affecting both businesses and consumers. There is a rapid
increase in security breaches and this is partly as a result of the increase in mobile devices
such as laptops and Smartphones with email and web-surfing capabilities. Also with tight-
ening compliance regulations, corporations realize the necessity for security. For consumers,
identity theft and online fraud is a top concern when purchasing or accessing banking
account information via the internet.
The increasingly complex attacks and has emerged the endpoint security market. Botnets
have increased their functionality and threats have become mobile so a basic security perim-
eter will be unsuccessful in protecting a corporate network. No one technology can
successfully protect the network from the various threats available today.
Since threats have become so complex, a variety of malware exists and can infect a system:
■ Through spyware and adware, Bots can drop this on the computer and use as their
zombies, or use them to send spam
■ Through adware or spyware, people can be directed to malicious sites
■ Sites hosting exploits can drop adware, spyware, bots or other malicious software
■ Spam can be used to seed malware or spyware directly as an attachment, or point the user
to a site hosting an exploit to do the same
Today's common malware attacks include: phishing attacks, Botnets, instant messaging,
online gaming, windows vulnerabilities and adware.

Phishing Attacks
Cybercriminals use phishing attacks as a way to gain consumers identity by directing then to
websites where sensitive information is required such as credit card information, user name
and passwords. Pay pals and online banks are increasingly popular. Less popular websites are
targeted and such people normally do not change passwords or user name information as
much, this has made it easier for criminals. It has become tougher for criminals to target
big-name brand sites since the response has become quicker and security has tightened up.
Botnets
The use of Botnets is an important tool for cybercriminals today. PC's can be affected with
malware and get controlled by a hacker. Organized criminals also known as "botnet herders"
run Botnets and rent them out to other criminals. In 2007, there were a handful of
high-profile prosecutions of "bot herders". As a result of this, Security companies are
expecting the "bot herders" to seek better ways of covering their tracks. The Storm Worm set
a worrying precedent out to security companies. The creators of the Storm Worm released
thousands of variants and changed coding techniques, infection methods and social engi-
neering schemes far more than any other threat in history. Storm created the largest
peer-to-peer botnet ever. The peer-to peer function made it difficult for security vendors to
take it down.
Instant Messaging Threats
Nuisance instant messaging worms have emerged. The popularization of instant messaging
created a new way for cyber criminals to attack. Million of users can be affected in a matter
of minutes and according to one security vendor, in 2007, the numbers of vulnerabilities have
more than doubled from 2006. In the upcoming future, security companies are expecting
more to follow.
Online Gaming Threats
The threat to virtual economies is outpacing the growth of the threat to the real economy. As
virtual objects continue to gain real value, more attackers will look to capitalize on this. The
evidence is already there. According to a security vendor, The number of password-stealing
Trojans that targeted online games in 2007 grew faster than the number of Trojans that
target banks.
Adware
In 2007, Adware began to decline and is expected to continue to decline in 2008. This is
mainly a result of the government crackdown against purveyors of ad-serving software.
Lawsuits, better defenses and the negative connotation associated with this form of adver-
tising helped start the decline of adware in 2006.

Market Engineering Measurements
Chart 2.3 shows the Market Engineering measurements for the world endpoint security prod-
ucts market for 2007.
Chart 2.3
Endpoint Security Products Market: Market Engineering Measurements (World), 2007
Challenge
Identification
Market
Engineering Market
System Research
Market Engineering Drives Market

Market
Engineer
Strategy and Planning Market

Implementation Strategy
Market
Planning
Measurement Name Measurement Trend

Market age Mature Stable
Revenues (2007) $4.9 billion Increasing
Potential revenues (2014) $9.9 billion Increasing
Base year market growth rate (2007) 13.2% Decreasing
Forecast period market growth rate (CAGR) 10.3% Decreasing
Units (2007) 69,390 million Increasing
Price Sensitivity Medium Stable
Competitors (active market competitors in base year) 41 Stable
Degree of competition High Increasing
Degree of technical change High Increasing
Customer satisfaction Medium Stable
Customer loyalty Medium Stable
Market concentration (percent of base year market controlled by 60% Stable

top three competitors)

Market Stage
The market for endpoint security is in a mature stage. Although it has shifted from
anti-malware to endpoint security and it is now focusing on embedding enhanced added secu-
rity features that can protect at all endpoints. Competitors are currently adding enhanced
security features to their product line as a result of partnerships and M & A's. Branding for
smaller vendors will continue to be crucial in this already mature market.
Degree of Competition
The degree of competition in this market is high. There are a variety of competitors in the
market and most of the market share is inhabited by Symantec, McAfee and Trend Micro.
The benefit that these companies have in the market share is as a result of their success in the
anti-virus market early on. They have both built strong name branding and channel relation-
ships and due to this have remained top competitors.
D e g r e e o f Te c h n o l o g y C h a n g e
The competitors in the market are continuing to remain one step ahead in product innova-
tion. As threats and access points to a company's network continue to grow, it is necessity for
new developments continue to be in a competitor's pipeline. As we have seen the evolution
from anti-virus to endpoint security arise, the technology continues to change and will
become more enhanced in the future.
Customer Satisfaction
As technology changes so will the needs of customers. The endpoint security companies are
aware of the customers needs and will continue to keep up with the customer satisfaction.
The customer satisfaction will remain medium and continue to stay stable. The consumer will
continue to look for the best price point with a solution that embeds all the bells and
whistles.

Market Drivers
Figure 2-1 shows the market drivers in order of impact for the world endpoint security prod-
ucts market from 2008-2014
Figure 2-1
Endpoint Security Products Market: Market Drivers Ranked in Order of Impact (World),
2008-2014
Rank Driver 1-2 Years 3-4 Years 5-7 Years

1 Increase in complex attacks and threats due to advanced Cyber High High High
Crime techniques
2 The necessity to comply with Government Regulations High High High
3 Increase in remote workers is driving an upward trend with High High High
wireless devices such as laptops, PDAs and Smartphones
therefore creating the need for enhanced enterprise solutions
4 Network security has climbed up the management decision chain High High High
and is considered an important business objective for CIOS
5 Sophisticated Botnet Systems High High High
6 Increase in personal Internet usage threatens the ability with High High Medium
obtaining advanced SPAM and Phishing techniques through
personal emails
7 Upward trend in social networking websites and Web 2.0 High High Medium
I n c r e a s e i n C o m p l e x At t ac k s a n d Th r e a t s d u e to
A d v a n c e d Cy b e r C r i m e Te c h n i q u e s
Gone are the days when hackers would attack computers for fun and fame. Today's cyber
criminals work in organized crime rings and the motive is for financial gain. The attacks
from these criminals include email attacks leading consumers to malicious websites and
attaching malicious attachments to emails. Cyber criminals are constantly looking for new
vulnerabilities to exploit. Cyber criminals collaborate to create blended and complex threats
and makes security solutions at the enterprise difficult. As a result of sophisticated cyber-
crime attacks, enterprise not fully protected will result in financial loss, reputation damage
and customer loyalty. Therefore, Cybercrime is the most influential driver for endpoint
security.

Th e n e c e s s i t y t o C o m p ly w i t h G ov e r n m e n t R e g u l a t i o n s
As data breaches continues to be on the up rise, organizations are required to comply with
government regulations which helps secure customer data information and company finan-
cial information. As the increase in mobile devices, threats and technology advances occurs,
the need to secure networks has become detrimental for all organizations. Regulation and
compliance is a strong driver for the enterprise endpoint security market. Some of the most
influential legislation in the endpoint security market is from PCI, HIPAA, and Sarbanes
Oxley.
I n c r e a s e i n R e m o t e Wo r k e r s i s D r i v i n g a n u p wa r d Tr e n d
with Wireless Devices such as Laptops, PDAs and
Smartphones therefore creating the Need for Enhanced
Enterprise Solutions
Remote working has increased the usage of endpoint devices. The endpoint devices are such
as PDAs, laptops and smartphones enables the increase in internet usage and therefore has
opened a company's corporate network to cyber criminals. Today's threats and attacks leads
to denial of service attacks, consumer theft, intellectual property, and hijacking of websites
with the purpose of extortion. As a result, it is necessary that enterprises protect the network
at all endpoints
Network Security has Climbed up the Management

Decision Chain and is considered an Important Business
Objective for CIOS
Network Security is a crucial business objective for enterprises. In the past several years,
major data breaches have affected corporate businesses and consumer data is at stake.
Although, companies comply with compliance regulation in order to protect lucrative infor-
mation, hackers are still finding ways to disrupt corporate networks. Also, employees today
are using work computers to access personal email and websites. The ability to manage this
and keep malware out of the network is a challenge. For this reason, network security has
climbed the management decision chain and it is a top agenda for C-level managers.
Sophisticated Botnet Systems
In 2007, Botnet systems are becoming more advanced and growing. In result, it is becoming
harder to track and detect Botnets. Botnets are infected machines connected to one server and
they were relatively easy to take down from anti-malware companies. Today's advanced
Botnets as with the Storm Worm, there is no central server, the infected machines are
connected in peer to peer and now it is harder to take down. This is also the first time that
Botnets are retaliating and protecting itself. For this, anti-malware companies need to
educate users and enhance endpoint security techniques.

Increase in Personal Internet usage threatens the
Ability with obtaining Advanced SPAM and Phishing
Te c h n i q u e s t h r o u g h P e r s o n a l E m a i l s
Since the past decade, the usage of the Internet has increased. From a consumer standpoint,
the flourish of the Internet allows for online selling and banking transactions and hence,
making it easy for people to conduct personal usage at work. The changing working environ-
ment redefines how employees interact with an organization's system. Employees are more
susceptible to malware as they continue to use work computers for personal use.
U p wa r d Tr e n d i n S o c i a l N e t w o r k i n g We b s i t e s a n d We b
2.0
Social networking is defined as websites where individuals can set up online profiles,
describing his/her interests and add links to other profiles. Such websites include Facebook
and MySpace and they are growing at a fast pace. Social networking is a new emerging trend
that has come about as a result of the proliferation of the Internet. As social networking
makes it easier to communicate, the websites poses many security challenges in the business
world. As employees continue to use personal time browsing the web, companies fear that
corporate networks will get infected with unwanted malware as cyber criminals hijack social
networking for their own malevolent purposes.
Market Restraints
Figure 2-2 shows the market restraints ranked in order of impact for the world Endpoint
Security products market for 2008-2014.
Figure 2-2
Endpoint Security Products Market: Market Restraints Ranked in Order of Impact (World),
2008-2014
Rank Restraint 1-2 Years 3-4 Years 5-7 Years

1 Market maturity High High High
2 In 2007, the US continued to go through a slow growing economy High Medium Medium
3 The market is very competitive High High High
4 Malware writers are more technical and are staying ahead of the High High High
game
5 Lack of attention in Malware threats from Corporate Networks High High Medium
6 Microsoft's entry into the market will drive prices down and shift Medium Medium Medium
the dominant participants in the market
7 Lack of Customer education about subscription services and Medium Medium Low
malware threats

Market Maturity
The Endpoint security market is in a mature stage. The market in the past was known as
anti-virus then anti-malware and is now is shifting to endpoint protection. The market will
have to lower prices to remain competitive while continue to protect enterprises at all
endpoints.
In 2007, the US continues to go through a Slow

Growing Economy
As the US continues to look at a bleak and possible recession, organizations and consumers
will tighten up on expenses and this will cause a restraint in the endpoint security market.
Th e M a r k e t i s v e ry C o m p e t i t i v e
Companies see the lucrative business in endpoint security especially as the number of threats
continues to increase. Companies with no security background are gaining entrance into the
endpoint security as a result of the proliferation of mobile devices and other technological
advances. Competitors are joining the market such as Cisco. Cisco recently came out with
Cisco Security Agent (CSA) in order to gain entrance in the endpoint security market.
M a lwa r e W r i t e r s a r e m o r e Te c h n i c a l a n d a r e s t ay i n g
ahead of the Game
Today's attacks are increasingly becoming more advanced and malware writers are part of
professional organized crime rings. Since malware is becoming financially driven, the attacks
are more malicious and becoming more sophisticated. Take the Storm Worm that began with
malicious attachments through emails. It has now changed tactics and hides itself in websites
that are sent to a users email and it then lures you to the website to download. Security
companies need to continue to be ahead of the threats and users need to be protected at all
endpoints.
Lack of Attention in Malware threats from Corporate

Networks
It actually appeared earlier in 2007 that malware was decreasing, but now attacks are
starting to rise again. Unfortunately, corporate networks are fast to adopt new technology
such as wireless and laptops, but security seems to come second. Today, we are seeing major
data breaches on corporate networks so it is now time to begin looking at internal threats
that exist on the corporate network. Threats are no longer making global headlines and as a
result the attention towards malware is beginning to decline. The number of malware victims
will continue to increase as awareness is expected to rise as well in the future.

Microsoft's Entry into the Market will Drive Prices
d ow n a n d s h i f t t h e D o m i n a n t Pa rt i c i pa n t s i n t h e
Market
The entrance of OneCare introduces the 3 for one pricing for one household. Since Microsoft
has a major influence and market share in the PC market, it is expected to shift the anti
malware market in the future. As a result of this entrance, prices will shift and major partici-
pants will need to build stronger brand names to continue in this market.
Lack of Customer Education about Subscription

S e rv i c e s a n d M a lwa r e Th r e at s
Unfortunately, consumers believe that once they purchase software, they are always
protected from malware. This is not the case, once the subscription has expires, the consumer
then needs to purchase a new subscription. With Microsoft's Vista, alerts users when it is out
of date as well as so do other anti-malware vendors. The issue is that it is up to the consumer
to continue to subscribe to the service. There is a lack of education and awareness
surrounding anti-malware attacks, and as a result consumers do not understand the impor-
tance of security.
Unit Shipment and Revenue Forecasts
Unit Shipment and World Revenue Forecasts

The revenue forecast of the world market for Endpoint Security market for 2007 is at
$4.98 billion with a 12.7 per cent growth rate. The market is fueled by the increase in the
raising number of malicious attacks and viruses. Currently affecting the market is competi-
tion, maturity and the commoditization of the endpoint security market. Security vendors
from other fields are offering endpoint security as part of an overall solution. Security
vendors in the anti-malware space are adding increased functionality as competition
increases. The world Endpoint Security is projected to grow at 10.4 per cent CAGR from
2007 to 2014 reaching $9.93 billion by 2014.
Figure 2-3 shows the world endpoint security products market unit shipment and revenue
forecasts for the period 2004-2014.

Figure 2-3
2004-2014
Unit Revenue
2004 47,602 --- 3,334.8 ---
2005 53,521 12.4 3,799.0 13.9
2006 59,556 11.3 4,400.7 13.9
2007 69,390 15.5 4,980.7 15.2
2008 82,277 18.6 5,613.5 12.7
2009 99,029 20.4 6,287.1 12.0
2010 119,031 20.2 7,003.1 11.4
2011 142,010 19.3 7,724.4 10.3
2012 167,091 17.7 8,408.4 9.8
2013 193,343 15.7 9,218.2 8.7
2014 221,048 14.3 9,937.1 7.8
Chart 2.4 shows the world endpoint security products market unit shipment and revenue
forecast for 2004-2014.
Chart 2.4
2004-2014
12,000 Revenues ($ Million) Units (Million) 250,000
10,000
200,000
Revenues ($ Million)
8,000
Units (Million)
150,000
6,000
100,000
4,000
s
50,000
2,000
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

Chart 2.5 shows the world endpoint security products market revenue forecasts for
2004-2014.
Chart 2.5
Endpoint Security Products Market: Revenue Forecast (World), 2004-2014
Revenues ($ Million) Revenue Growth Rate(%)

12,000.00 16
14
10,000.00
12
8,000.00
Revenue Growth
10
Revenue
6,000.00 8
6
4,000.00
4
2,000.00
2
0.00 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year
Geographic Market Analysis

Figure 2-4 and Chart 2.6 shows the percent of revenues by geographic region in the world
endpoint security products market for period 2004-2014.
Figure 2-4
Endpoint Security Products Market: Percent of Revenues by Geographic Region (World),
2004-2014
North America EMEA Asia Pacific Rest-of-World

Year (%) (%) (%) (%)
2004 44.7 36.0 15.0 4.3
2005 44.7 36.5 15.4 3.4
2006 42.1 36.9 16.0 5.0
2007 42.0 35.0 17.5 5.5
2008 41.8 34.1 17.9 6.2
2009 40.2 33.4 19.0 7.4
2010 39.8 30.0 21.0 9.2
2011 38.5 31.2 21.0 9.3
2012 37.8 31.3 21.1 9.8
2013 36.3 31.5 22.0 10.2
2014 36.4 30.0 23.0 10.6

Chart 2.6

2004-2014
North America EMEA APAC other
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year
Figure 2-5 and Chart 2.7 shows the percent of revenues by geographic region in the world
endpoint security products market for 2007.
Figure 2-5

2007
2007 06/07
Company (%) Trend
North America 42.0 Decreasing
EMEA 35.0 Decreasing
APAC 17.5 Increasing
Rest-of-World 5.5 Increasing
TOTAL 100.0

Chart 2.7

2007
5%
18%
42%
35%
NAMAM EMEA APAC Other
North America
North America has 42 percent of the market and the largest. The large market share
attributes to the maturity of the market. Since it is so mature, other vendors are gaining
market share, but it is mainly due to switching of vendors. It is expected to grow slower in
the future and have a diminishing market share by 2014.
EMEA
In 2007, EMEA has 32 percent of the market. It is also the second most mature market for
endpoint security. It is expected to grow slower as well and diminish to 30% by 2014. The
downward influences should be counterbalanced with some of the emerging economies of
Eastern Europe.
APAC
APAC has 17.5 percent of the market share for 2007. The APAC market is projected to expe-
rience the fastest growth of all the regions and this is attributed to the quickly rising Internet
penetration, the rising number of threats and the influence of the information communica-
tions market particularly in China and India. By 2014, it is estimated to have 23 percent of
the market share.

R e s t o f t h e Wo r l d
The rest of the world is comprised of the Latin America, Africa and the Middle East. The rest
of the world attributes to 5.5 percent of the market share. The countries in this area are less
economically developed, technologically advanced or security focused. The growth is this
area attributes to the emerging economies of the Middle East and Africa and the lack of
maturity in the market. It is expected to consist to 10.5 percent of the market share by 2014.
Vertical Market Analysis

Figure 2-6 and Chart 2.8 shows the percent of revenues by vertical market for world
Endpoint Security products market in 2007.
Figure 2-6
Endpoint Security Products Market: Percent of Revenues by Vertical Market (World), 2007
Company 2007 (%)

Education 25
Government 20
Healthcare 20
Financial 15
Other 20
TOTAL 100
Note: Others include Manufacturing, Construction, Utilities, Entertainment, Professional Services and
Transportation, Retail.
Chart 2.8
Endpoint Security Products Market: Percent of Revenues by Vertical Market (World), 2007
Other Education
20% 25%
Finance
15%
Government
Healthcare 20%
20%
Education Government Healthcare
Finance Other
Note: All figures are rounded. Source: Frost & Sullivan

Education
The education market consists of 25 percent of the Endpoint Security market share for 2007.
This is attributed to today's cybercrime and the popularization of social websites. It is not
surprising that the education market has appropriate defenses against malware especially in
regards to protecting crucial student information.
Government
The government market includes 20 percent of the Endpoint Security market for 2007. The
government itself drives security technologies implementation as a result of legislative trends
that they must follow. Also as the threat of terrorism and cybercrime continues to increase,
the government will continue to tighten up security measures.
Healthcare
The healthcare market consists of 20 percent of the Endpoint Security market for 2007. The
healthcare sector has as had the influence of tightening security measures as a result from
HIPPA, mandatory legislative law that protects confidential information of patients. The
healthcare market continues to enhance network infrastructure technologies in order to
enhance the business needs of the healthcare market. As a result of this, security measures
places a crucial part within the implementation of the new technologies.
Financial
The financial market includes 15 percent of the Endpoint Security market for 2007. The
financial market drives itself as a result of legislative requirements. The affects of GLBA and
SOX will continue to drive the implementation of security technologies. Financial institu-
tions are important to implementing security technologies. The financial institutions
understand that consumers need to have trust when dealing with banking online and the
implications of a data breach will cost dearly especially when the reputation is destroyed.
Other
Other includes manufacturing, construction, utilities, entertainment, professional services

and transportation, retail. This section consists of the remaining 20 percent in the Endpoint
Security market for 2007. Legislative continues to fuel most vertical markets, for example
PCI compliance continues to affect many sectors. PCI is discussed in the legislative trends
section. PCI continues to play an important part with any business that takes credit card
transactions. Also as other sectors continue to adopt technologies that enable better business
processes, security measures will follow suit.

Forecast By Product Type
Figure 2-7 and Chart 2.9 shows the percent of revenues by product type for the world
endpoint security products market for the period 2004-2014.
Figure 2-7
Endpoint Security Products Market: Percent of Revenues by Product (World), 2004-2014
PC's Email Servers Gateway Other

Year (%) (%) (%) (%)
2004 55.3 18.0 17.2 9.5
2005 54.8 18.2 18.0 9.0
2006 51.9 18.3 21.0 8.8
2007 50.0 18.0 23.0 9.0
2008 49.0 18.5 23.5 9.0
2009 46.0 19.5 24.5 10.0
2010 43.7 20.0 26.3 10.2
2011 41.0 20.6 28.5 9.9
2012 38.1 21.0 30.9 10.0
2013 36.0 21.4 33.1 9.5
2014 34.0 21.6 35.4 9.0
Chart 2.9
Endpoint Security Products Market: Percent of Revenues by Product (World), 2004-2014
120 PCS Email Servers Gateway Other Servers
100
80
Revenue %
60
40
20
0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

Figure 2-8 and Chart 2.10 shows the revenue forecasts for PC's in the world endpoint secu-
rity products market for the period 2004-2014.
Figure 2-8
Endpoint Security Products Market: Revenue Forecasts—PC's (World), 2004-2014
Revenue
Revenues Growth Rate
Year ($ Million) (%)
2004 1,884.1 ---
2005 2,192.3 ---
2006 2,283.9 4.0
2007 2,490.3 9.0
2008 2,750.6 10.0
2009 2,892.0 5.1
2010 3,060.3 6.0
2011 3,166.0 4.0
2012 3,231.0 2.1
2013 3,318.5 2.7
2014 3,378.6 1.8
Chart 2.10
Endpoint Security Products Market: Revenue Forecasts—PC's (World), 2004-2014
Revenues ($ Million) Revenue Growth (%)

4,000 12
3,500
10
3,000
Revenue Growth (%)
Revenue ($ Million)
8
2,500
2,000 6
1,500
4
1,000
2
500
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

The Endpoint Security desktop market is projected to hit $3.37 billion by 2014 and repre-
sents a CAGR is 3.0 percent. The PC market is the most mature product in the market. It is
expected that a downward incline is influenced by the maturity level of the product. Micro-
soft's entry and other competitors that are becoming influential in the market will help drive
the market to maturity. Growth in other emerging areas and APAC will help counterbalance
the decline.
Figure 2-9 and Chart 2.11 shows the revenue forecasts for Email Servers in the world
Figure 2-9
Endpoint Security Products Market: Revenue Forecasts—Email Servers (World), 2004-2014
Revenue
2004 600.2 ---
2005 728.1 ---
2006 805.3 11.0
2007 896.0 11.0
2008 1,038.0 15.8
2009 1,225.0 18.0
2010 1,400.0 14.2
2011 1,591.0 13.6
2012 1,780.0 12.0
2013 1,972.0 11.0
2014 2,146.0 9.0

Chart 2.11
Endpoint Security Products Market: Revenue Forecasts—Email Servers (World), 2004-2014
Revenues ($ Million) Revenue Growth(%)

2,500 20
18
2,000 16
14
Revenue Growth (%)

1,500 12
10
1,000 8
500 4
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year
The market for Email servers for 2007 is $600.2 million and is expected to reach $2.1 billion
by 2014 which represents a CAGR of 10.9. The market is less mature than the PC market
and is expected to have a slower decline.
Figure 2-10 and Chart 2.12 shows the revenue for revenue forecasts for Gateway products in
the world Endpoint Security products market for the period 2004-2014.

Figure 2-10
Endpoint Security Products Market: Revenue Forecasts—Gateway Products (World),

2004-2014
Revenue
2004 573.0 ---
2005 720.1 25.7
2006 924.1 28.0
2007 1,145.5 24.0
2008 1,319.1 15.2
2009 1,540.3 16.8
2010 1,841.0 19.5
2011 2,201.4 19.6
2012 2,620.0 19.0
2013 3,051.2 16.5
2014 3,517.7 15.3
Chart 2.12
Endpoint Security Products Market: Revenue Forecasts—Gateway (World), 2004-2014
Revenues ($ Million) Growth Rate(%)

4,000 30
3,500
25
3,000
20
Growth Rate (%)
2,500
2,000 15
1,500
10
1,000
5
500
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

The market for Gateway products for 2007 is $1.1 billion and is expected to reach
$3.5 billion in 2014 which represents a CAGR of 15.0 percent. The gateway products
continue to grow strong over the forecasted period of 2004 to 2014. With the increase in
cyber crime, it is becoming more important to stop malware at the gateway and with
real-time. This driving factor will drive the growth of the gateway market.
Figure 2-11 and Chart 2.13 shows the revenue forecasts for other servers in the world
Endpoint Security products market for the period 2004-2014.
Figure 2-11
Endpoint Security Products Market: Revenue Forecasts—Other Servers (World), 2004-2014
Revenue
2004 316.0 ---
2005 360.0 13.9
2006 387.2 7.5
2007 448.2 15.7
2008 505.2 13.0
2009 628.7 20.0
2010 714.3 13.0
2011 764.7 7.0
2012 848.0 10.0
2013 875.7 3.1
2014 895.3 2.2

Chart 2.13
Endpoint Security Products Market: Revenue Forecasts—Other Servers (World), 2004-2014
1,000 Revenues ($ Million) Growth Rate (%) 25
900
800 20
700
600 15
500
400 10
300
200 5
100
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Other servers include file servers, application servers, and Internet servers. For 2007, the
market is worth $316.0 million and is expected to reach $895.3 million in 2014, which
represents a CAGR of 10.3 percent. As gateway products continue to develop, it is expected
to have a slower decline.
Forecast By Business Segment

Figure 2-12 and Chart 2.14 shows the percent of revenues for business segment in the world

Figure 2-12
Endpoint Security Products Market: Percent of Revenues by Business Segment (World),

2004-2014
Consumer SMB Enterprise
Year (%) (%) (%)

2004 35.0 33.0 32.0
2005 34.0 31.3 34.7
2006 34.5 30.8 34.7
2007 35.0 30.0 35.0
2008 34.5 30.1 35.4
2009 33.2 31.1 35.7
2010 32.4 31.3 36.3
2011 32.2 31.5 36.3
2012 31.9 31.8 36.3
2013 31.0 32.0 37.0
2014 30.5 32.5 37.0
Chart 2.14
Endpoint Security Products Market: Percent of Revenues per Business Segment (World),
2004-2014
Consumer % SMB % Enterprise %
100
90
80
70
Revenues (%)
60
50
40
30
20
10
0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

The consumer market is expected to stay fairly stable and have a slight decline over the fore-
casted period. SMB's and Enterprise is the main focus for many of the tier 1 and 2 companies
and therefore a greater shift in both markets will appear over the forecasted period. The SMB
and Enterprise market will continue to be affected by the increase in cybercrime threats and
compliance will continue to drive this market as well.
Figure 2-13 and Chart 2.15 shows the unit shipment and revenue forecasts in the world
endpoint security products consumer market for the period 2004-2014. For 2007, the
consumer market is worth $1.7 billion and is projected worth in 2014 is $3.0 billion which
represents a CAGR of 8.2 percent.
Figure 2-13
Endpoint Security Products Consumer Market: Unit Shipment and Revenue Forecasts
(World), 2004-2014
Unit Revenue
2004 24,882 --- 1,167.1 ---
2005 29,759 19.6 1,360.0 11.6
2006 34,189 14.9 1,518.0 14.8
2007 41,108 20.2 1,743.2 11.1
2008 51,903 26.3 1,936.6 7.8
2009 63,628 22.6 2,087.3 8.7
2010 77,972 22.5 2,269.0 9.6
2011 96,395 23.6 2,487.2 8.8
2012 116,594 21.0 2,705.0 5.6
2013 137,355 17.8 2,857.6 6.1
2014 158,638 15.5 3,030.8 6.0

Chart 2.15
Endpoint Security Consumer Market: Unit Shipment and Revenue Forecasts (World),
2004-2014
160,000
3,000
140,000
2,500
120,000
Units (Million)
2,000 100,000
1,500 80,000
60,000
1,000
40,000
500
20,000
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year
Figure 2-14 and Chart 2.16 shows the unit shipment and revenue forecasts for the world
endpoint security products SMB market for the period 2004-2014. In 2007, the SMB market
is worth $1.4 billion and is expected to reach $3.2 billion in 2014 which represents a CAGR
of 11.6 percent.
Figure 2-14
Endpoint Security Products SMB Market: Unit Shipment and Revenue Forecasts (World),
2004-2014
Unit Revenue
2004 21,276 --- 1,004.0 ---
2005 24,800 16.6 1,240.0 23.5
2006 25,995 4.8 1,377.2 11.0
2007 26,210 0.8 1,494.2 8.5
2008 28,302 8.0 1,684.1 12.7
2009 33,033 16.7 1,949.0 15.7
2010 38,017 15.1 2,205.9 13.1
2011 42,287 11.2 2,440.9 10.7
2012 46,894 10.9 2,673.8 9.6
2013 52,194 11.3 2,949.8 10.3
2014 58,303 11.7 3,229.5 9.5

Chart 2.16
Endpoint Security SMB Market: Unit Shipment and Revenue Forecasts (World), 2004-2014
3,000 60,000
2,500 50,000
Units (Million)
2,000 40,000
1,500 30,000
1,000 20,000
500 10,000
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year
Figure 2-15 and Chart 2.17 shows the unit shipment and revenue forecasts for world
endpoint security products enterprise market for the period 2004-2014. In 2007, the Enter-
prise market is worth $1.7 billion and is estimated at $3.6 billion in 2014 which represents a
CAGR of 11.2 percent.
Figure 2-15
Endpoint Security Products Enterprise Market: Unit Shipment and Revenue Forecasts
(World), 2004-2014
Unit Revenue
2004 1,444 --- 1,167.1 ---
2005 1,725 19.5 1,396.0 19.6
2006 1,741 0.9 1,505.0 7.8
2007 2,072 19.0 1,743.0 15.8
2008 2,368 14.3 1,992.0 14.3
2009 2,717 14.7 2,250.0 13.0
2010 3,042 12.0 2,528.8 12.4
2011 3,328 9.4 2,796.0 10.6
2012 3,603 8.3 3,052.0 9.2
2013 3,797 5.4 3,410.0 11.7
2014 4,107 8.2 3,676.7 7.8
Compound Annual Growth Rate (2007-2014): 11.3

Chart 2.17
Endpoint Secruity Enterprise Market: Unit Shipment and Revenue Forecasts (World),
2004-2014
3,500 4,000
3,500
3,000
3,000
2,500
Units (Million)
2,500
2,000
2,000
1,500
1,500
1,000
1,000
500 500
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year
Distribution Forecast
Figure 2-16 and Chart 2.18 shows the percent of revenues by distribution in the world
Figure 2-16
Endpoint Security Products Market: Percent of Revenues by Distribution (World), 2004-2014
E-tail Retail ISP

Year (%) (%) (%)
2004 17.0 81.0 2.0
2005 20.0 75.0 5.0
2006 22.0 69.0 6.0
2007 25.0 67.0 8.0
2008 25.0 64.0 11.0
2009 25.5 59.5 15.0
2010 27.0 56.5 16.5
2011 28.5 56.5 18.0
2012 30.5 53.5 20.0
2013 32.0 49.5 21.0
2014 34.0 47.0 22.0

Chart 2.18
Endpoint Security Products Market: Percent of Revenues by Distribution (World), 2004-2014
E-tail Retail ISP
100
90
80
70
Revenues (%)
60
50
40
30
20
10
0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year
It is expected that online sales will continue to increase as well as ISP's while the retail
declines. Although retail will continue to stay a strong segment in distribution, vendors are
taking advantage of other channels that are increasing with time. ISP's create a great avenue
to spread to mass markets and online sales continue to remain a strong distribution channel.
Pricing Forecast
Figure 2-17 and Chart 2.19 shows the world endpoint security products consumer market
pricing forecast for desktop products for the period 2004-2014. Increase in competition from
Microsoft and other vendors that offer unlimited licenses will help with the decline in prices.
Figure 2-18 and Chart 2.20 shows the world endpoint security consumer products market
manufacturer pricing forecast by Channel for 2004-2014.

Figure 2-17
Endpoint Security Products Consumer Market: Pricing Forecasts for Desktop Products
(World), 2004-2014
Price Change
Year ($) (%)
2004 46.9 ---
2005 45.7 2.5
2006 44.4 3.0
2007 42.4 4.5
2008 37.3 12.0
2009 32.8 12.0
2010 29.1 11.0
2011 25.8 11.0
2012 23.2 10.0
2013 20.8 10.0
2014 19.1 8.2
Chart 2.19
Endpoint Security Consumer Market: Pricing Forecasts for Desktop Products (World),
2004-2014
50
Price ($)
45
40
35
30
Price ($)
25
20
15
10
0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

Figure 2-18
Endpoint Security Products Consumer Market: Manufacturer Pricing Forecast by Channel

(World), 2004-2014
E-tail Retail ISP Change

Year ($) ($) ($) (%)
2004 41.2 32.0 36.8 ---
2005 40.0 31.1 35.7 2.4
2006 36.0 36.0 32.2 20.0
2007 29.6 25.4 27.5 8.7
2008 28.0 21.9 25.2 9.9
2009 28.2 19.7 22.7 8.5
2010 25.4 18.1 20.7 7.9
2011 23.2 16.6 19.1 4.5
2012 21.4 15.8 19.0 1.5
2013 19.7 15.6 18.5 4.2
2014 19.6 15.0 18.5 1.3
Chart 2.20
Endpoint Security Consumer Market: Manufactuer Pricing Forecasts by Channel (World),

2004-2014
120 Etail $ Retail $ ISP $
100
80
Price ($)
60
40
20
0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

Figure 2-19 and Chart 2.21 shows the world endpoint security SMB products market pricing
forecast for desktop products for 2004-2014. Figure 2-20 and Chart 2.22 shows the world
endpoint security SMB products market manufacturing pricing forecast by channel for the
period 2004-2014. Although more functionality continues to be added to core products,
influences from competition will continue to drive average pricing for the SMB market to a
downward trend.
Figure 2-19
Endpoint Security Products SMB Market: Pricing Forecasts for Desktop Products (World),
2004-2014
Price Change
Year ($) (%)
2004 47.0 ---
2005 50.0 6.3
2006 53.0 6.0
2007 57.0 7.5
2008 59.5 4.3
2009 59.0 0.8
2010 58.0 1.7
2011 57.7 0.5
2012 57.0 1.2
2013 56.5 0.8
2014 55.4 1.9
Chart 2.21
Endpoint Security SMB Market: Pricing Forecasts for Desktop Products (World), 2004-2014
70
Price $
60
50
40
Price ($)
30
20
10
0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

Figure 2-20
Endpoint Security Products SMB Market: Manufacturing Pricing Forecast by Channel

(World), 2004-2014
Change-
E-tail Retail ISP All Channels
Year ($) ($) ($) (%)
2004 18.8 14.1 16.4 ---
2005 20.0 15.0 17.5 6.4
2006 22.0 16.5 19.2 9.9
2007 24.0 18.0 21.0 9.1
2008 23.8 17.8 20.8 1.0
2009 23.6 17.7 20.6 1.0
2010 23.2 17.4 20.3 2.0
2011 23.1 17.3 20.1 0.6
2012 22.8 17.1 19.9 1.1
2013 22.6 16.9 19.7 1.0
2014 22.1 16.6 19.3 2.0
Chart 2.22
Endpoint Security SMB Market: Manufactuer Pricing Forecasts by Channel (World),

2004-2014
70 Etail $ Retail $ ISP $
60
50
40
Price ($)
30
20
10
0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

Figure 2-21 shows the world endpoint security Enterprise products market pricing forecast
by product type for the period 2004-2014.
Figure 2-21
Endpoint Security Products Enterprise Market: Pricing Forecasts by Product (World),
2004-2014
Change Email Change Change Change

Year PC's (%) Servers (%) Gateway (%) Others (%)
2004 23.3 --- 5,539.0 --- 12,917.0 --- 16.0 ---
2005 22.4 4.0 5,300.0 4.3 12,480.0 3.8 15.0 6.2
2006 21.2 5.3 5,000.0 6.3 12,000.0 5.0 14.0 6.7
2007 19.9 6.1 4,685.0 6.3 11,400.0 5.0 8.5 6.7
2008 19.0 4.5 4,461.0 4.7 10,773.0 5.5 11.7 8.5
2009 18.3 3.6 4,237.1 5 10,126.6 6.0 10.7 8.4
2010 17.5 4.0 4,067.6 4.0 9,519.0 5.9 9.8 8.0
2011 16.8 3.5 3,904.9 4.0 8,947.9 6.0 8.9 9.1
2012 16.2 1.2 3,748.7 4.0 8,411.0 6.0 8.2 7.8
2013 16.2 1.2 3,748.7 4.0 8,411.0 5.9 8.2 2.4
2014 16.0 1.2 3,599.7 3.9 7,907.0 5.9 8.0 2.4
Chart 2.23 shows the world endpoint security Enterprise products market pricing forecast
for PC's for the period 2004-2014
Chart 2.23
Endpoint Security Enterprise Market: Pricing Forecasts by Product Type—PC's (World),
2004-2014
25 PC's Change % 7
6
20
5
15
Change (%)
Price (%)
3
10
2
5
1
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

for E-mail Servers for the period 2004-2014.
Chart 2.24
Endpoint Security Enterprise Market: Pricing Forecasts by Product Type—Email Servers
(World), 2004-2014
6,000 Email Servers Change % 7
5,000 6
5
4,000
Change (%)
Price (%)
4
3,000
3
2,000
2
1,000 1
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year
for Gateway for the period 2004-2014.
Chart 2.25
Endpoint Security Enterprise Market: Pricing Forecasts by Product Type—Gateway (World),
2004-2014
14,000 Gateway Change % 7
12,000 6
10,000 5
Change (%)
8,000 4
Price ($)
6,000 3
4,000 2
2,000 1
0 0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year

for Other Servers products market for the period 2004-2014.
Chart 2.26
Endpoint Security Enterprise Market: Pricing Forecasts by Product Type—Others (World),

2004-2014
18 Others Change % 10.0
16 9.0
14 8.0
7.0
12
6.0
Change (%)
Price ($)
10
5.0
8
4.0
6
3.0
4 2.0
2 1.0
0 0.0
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Year
Prices for the Enterprise desktop are expected to have a downward pricing trend from
2007 to 2011 and then stabilize. Email Servers products are expected to follow the similar
trend. The gateway products will not have much of a change difference in pricing which is
due to the growth in this market. It is expected to hit maturity at 2009.
Market Tr e n d s
Demand Analysis
C o n s u m e r Tr e n d s
The endpoint security market is a mature market and has evolved from the PC market, to the
enterprise, SMB and consumer market as well.

As the trends for cybercrime continues, consumers will continue to protect their systems. As
the changing security threat landscape continues, only anti-virus protection is no longer
acceptable for enough protection. Consumers continue to use the Internet for personal uses
such as web surfing, e-commerce and online banking. As the proliferation of these uses
continues, consumers are now more than ever targeted attacks. Consumers are asking for
ease of products such as the integrated suites available that contain Anti-virus, Anti-Spam,
ID Theft protection, and data storage. It is also common to find more than one computer in
one household and endpoint security companies have increased the number amount of
licenses per household.
E n t e r p r i s e Tr e n d s
As threats continue to become more prevalent, we will continue to hear about data breaches.
Unfortunately, cybercrime is a profession for many and the criminal will continue to seek
ways to hack into corporate networks.
As a result of advanced technology and the increase in access points to the network, corpo-
rate networks now more than ever, need to be protected. Endpoint security market is
affecting all vertical markets including financial services, education and the healthcare
market. Also with the implementation of wireless systems, every endpoint within the network
has to be protected.
As compliance regulation such as HIPAA and PCI continues to force companies to secure its
networks, enterprises will be more adaptable to endpoint security and will expect more
enhanced features that will include the convergence of security companies. Enterprises need
better management capabilities to be included as well.
Product and Technology Trends
Integration of Products
As technology advances, the stand -alone products such as anti-virus, is no longer sufficient
to protect one's network. Endpoint Security market has arrived and it bundles security
features such as anti-malware, anti-spyware, and other security functionalities such as host
IDS/IPS and firewalls. One key benefit of endpoint security is that it is fully enterprise
management capable, therefore making network management easier.
As a result of endpoint security, we still are seeing the continuity of integration. This
continues to be a trend as product functionality increases and is added to the integrated
suites. More mergers and acquisitions are expected to occur in the future.

Some concerns remain when discussing integration. First, will this cause confusion for the
consumer, second will this cause a disruptive roadmap for the vendors and third are the prod-
ucts being tested well enough?
To address the first issue of confusion, this can exist if a consumer is receiving additional
security that may not be needed. The basic security products are needed, but additional
features can be added such as network access control (NAC) and Data Loss Prevention
(DLP). All in all, every consumer is different and adding on additional features can aid the
consumer in the long run. From an enterprise perspective, the manageability of the network
is made simpler.
Since we are seeing the increase in M&A's, the question lies on how this works for product
roadmaps. With the continuation of integration within the security vendors, one has to
wonder about the implications that affect a company's roadmap. It appears that products
continue to run separately until the unification process is done. This appears to be more of a
hassle for the vendors. There is also the concern for product testing and that throwing in so
many security features may inhibit the correct amount of testing needed for each product.
Frost & Sullivan believes that although integration will cause issues with vendor's roadmaps
and product viability, the demand for this is will continue to stay as long as threats and
attacks continue to become more sophisticated. The need for network security will not disap-
pear tomorrow and the integration trend will only make it easier for the consumer.
I n c r e as e i n We b S e c u r i t y a n d
The trend has moved towards web-based malware. Cybercriminals in the past use to use
email attacks, but now you will find links directing people to unprotected websites and this is
used to steal personal information. Over the web, criminals will infect thousands of systems
through the web and will access thousands of data records. Many security vendors such as
McAfee SiteAdvisor include technology that analyzes the results and rates websites in detail
for unsafe or annoying practices such as dangerous downloads, spamming, misuse of
personal information and browser hijacking. AVG has safe surf technology that allows the
computer to scan websites and it will also rank the protection level of the URLS. The feature
scans in real-time, which is a technology that is becoming popular with other vendors in the
market as well.
Content Filtering Integration with Anti-Malware

Products
As more threats continue to move to the web, content filtering vendors are integrating
anti-malware products. The integration of URL analysis and reputation management will
continue to be added to products. Vendors are partnering together to integrate the solutions.

Mobile Malware
As remote workers increases, the increase in mobile phones, smartphones and laptops will
continue. With this, we have already seen mobile malware and as mobile devices become
more sophisticated, the malware will continue to be a problem. The threat is still relatively
low and the malware is currently used as a nuisance, but hackers can attack via Bluetooth
and effect thousands very fast. Many security vendors include mobile anti-malware within
their portfolio and some are enhancing policy enforcement rules fir the enterprise.
P r o - a c t i v e Te c h n o l o g i e s
In the current evolving security landscape, signature based antivirus technologies are no
longer sufficient to protect against threats. New signatures are being developed on a contin-
uous basis and security companies have been developing pro-active protection methods to
protect against “zero day threats. Companies such as BitDefender, ESET and Kaspersky have
developed behavior-based detection technologies such as Host IPS (HIPS).
Collective Intelligence or Network Intelligence
Collective Intelligence (network intelligence) is based on centralized and real-time knowledge

about malware that is maintained throughout the automatic processing of all elements
scanned. Several vendors have adopted this technology. The technology allows the gathering
and capturing of data from a community. It then stores the behavioral patterns of the
malware. This technology provides to wider visibility of the threats that are in the Internet.
The data collected is then automatically analyzed and classified and then released to users as
web services (SaaS) or through signature file updates.
In the Cloud Security
Vendors are embracing software as a service (SaaS) for malware. Vendors like Trend Micro
and Panda Security offer security services in the cloud. SaaS has the ability to detect threats
in the cloud and stop them before they reach a company's network. With this service,
vendors host the software application and business application over the Internet and deliver
the application as a service through a SLA subscription basis. The delivery model uses the
information that is gathered from customers and effectively leverages real -time data from the
field. The SaaS model allows for periodic updates in real-time and will be effective against
the challenging threat landscape.

Application Whitelisting
Industry vendors are quickly adding application whitelisting to Endpoint Security solutions.
Application whitelisting is a way for enterprises to secure and control desktops, laptops and
servers. The technology provides IT administrators to identify and control applications and
protect against malware attacks. Application Whitelisting also helps to prevent data leakage
by controlling portable devices such as Flash drives. The technology will automatically
prevent the execution of any new and unknown from running on a PC.
Pricing Trends
Despite a maturing market, in 2007, pricing has remained fairly stable. Although prices have
remained stable, functionality and additional features continue to be added into the endpoint
security product. Competition in the market continues to fuel the pricing market. Gradually
more value is being added to the consumer and Enterprise products. Prices were expected to
decrease as result of Microsoft's entry, but there has been no affect on most of the security
vendors. There was a change in the amount of licenses included per product as a result of
Microsoft's entry. Security vendors are preparing now for what can happen in the future as
Microsoft continues to grow market share and security posture.
In 2003, Anti Virus was a separate solution and sold by itself. Anti Spyware and anti-spam
solutions were sold separately as well. Now as malware has evolved, anti-virus is no longer
sufficient technology, features such as firewall and IDS have been added to anti-malware
solutions. The anti-malware solution integrated anti-spyware and anti-spam. As competition
becomes fierce, the current trend is to add more functionality and anti-malware has now
evolved to endpoint security. Endpoint Security offers an umbrella of solutions and other
solutions such as NAC can be added in and managed at a single console.
In the beginning of 2007, one user per license changed when Microsoft hit the market with
3 PC licenses for the price of one. As a result, some security companies now offer the same.
Prices for the integrated suite of solutions range from $65.99 to $79.99. The 3 licenses are
standard on the suites and contain 1 year service. The vendors still offer single AV solutions
that generally range from $ 25-$40 per one license only. The key features included in the
integrated solutions are antivirus, antispyware, email scanning, firewall and they are also
including identity theft in the solutions.

ISPs are including free anti-malware protection as a selling point for the consumer market.
The price is usually included in the network connectivity solution. The security vendors have
benefited from this revenue model since they are now sharing the slice of the revenues. This
has also enables vendors to get into households where they may have not been in before.
For the enterprise market, the trend continues to include more functionality, which is key for
more added-value into endpoint security solution. Enterprises demand security with ease of
use. The enterprise market is working hard at establishing a one management console that
can handle different functionalities and give the benefit for better manageability and
performance.
Trends In Distribution
Enterprise Market
The distribution for endpoint security in the corporate space is done through various chan-
nels such as VARS, distributors, and OEM partners. It is also distributed directly from the
Endpoint security vendors. The corporate segment continues to evolve as customer needs
change. Vendors have been shifting to partnerships with ISP's and hardware vendors to
enhance distribution.
Consumer Market
The distribution of Endpoint security is distributed in many channels and has seen the most
growth with ISP's and hardware vendor partnerships. Although the retail environment still
proves to be an important distribution point, it is decreasing in growth. In the past, indirect
sales channels were important and now the large endpoint security vendors are losing domi-
nance in the retail environment. In the past, the anti-virus market was distributed in retail
and indirect channels. Smaller start up companies generally still have much distribution with
retail and direct sales. As the endpoint security market has evolved, the key distribution for
Tier 1 vendors are with: Direct, retail, Vars, OEMS, ISPs and partnerships with hardware
vendors
While retail is still notable important, the growth is lessening. Several factors and trends can
attribute to this. First, much effort has been given to the Enterprise market from McAfee and
Symantec. With Microsoft entering the market, Tier 1 vendors have concentrated in the
enterprise market and added more enhanced features to the suites. Another trend is the
proliferation of the Internet and online sales. Retail in the past was a strong distribution
channel, online sales proves to be a key distribution point for the endpoint security vendors.
Online sales offer a higher margin than retail and this explains why less emphasis is on retail.
It is noted that vendors can receive up to 80% from online sales versus retail at 30%. While
retail is still important, Frost & Sullivan expects to see more focus in the e-tail market.

The diminishing retail shelf space for Tier 1 vendors gives opportunity for tier two and three
vendors to gain more presence. Kaspersky took advantage of the retail space in 2006 and was
able to establish a strong brand name. The retail continues to be a strong market for
Kaspersky and will be for other Tier two and three vendors with high brand recognition.
I n t e r n e t S e rv i c e P rov i d e rs a n d Ve n d o r H a r dwa r e
Pa rt n e rs h i p s
In 2007, partnerships are a lifeline for many endpoint security vendors and they continue to
see more growth with the ISP chain. This is another distribution channel for the endpoint
security vendors and continues to grow. The increase in home users and the increasing
number of people accessing the Internet is attributed to the growth of this channel. Vendors
are able to reach the population that is actually using the Internet.
The ISP channel has the benefit to bundle security with the Internet access that they provide.
By gaining partnerships with popular ISP like Comcast enables endpoint security vendors to
reach mass market consumers. The trend to partner with ISPs will continue to increase, but
profit margins may decrease as more functionality is embedded into endpoint security solu-
tion. From a vendor perspective, the negotiation processes with ISPs are complicated and can
take a while to complete.
The relationship that hardware vendors have with consumers also helps aid in the sale of
endpoint security. The benefit is there when the consumer purchases hardware from a vendor
for the home or a business, the endpoint security software is added as an auxiliary sale. The
opportunity to sale the security software is relatively easier once the relationship is estab-
lished with the consumer or as well can be bundled into the initial sale. McAFee has
established a partnership with Acer and this partnership will begin for 2008.
Frost & Sullivan believes that the current trend for hardware vendors will continue to
increase as a result of Microsoft in the endpoint security market.
Legislative Trends
Several mandates are required for enterprises to follow in order to protect financial and
customer information. This has become increasingly important as threats and attacks
continue to occur daily. The largest data breach continues to be from TJMAX, a large retailer
that lost credit card information and cost the company $118 million. As a result of the wide
number of data breaches occurring, government and industry regulations have been set and
affect the overall network security market.

Pay m e n t Ca r d I n d u s t ry Da t a S e c u r i t y S t a n da r d ( P C I )
Credit card companies have pushed PCI legislation to stop financial fraud incidents. The PCI
DSS was released in 2006 and is a security standard established by credit card companies
such as Visa, MasterCard and Discover. The goal was to help ease payment security risks and
secure data account information. By the end of 2007, all organizations handling payment
credit card transactions have to be PCI compliant. Organizations that fail to be in compli-
ance are at risk for huge fines if credit card data is lost or stolen. Therefore, organizations are
required to have the necessary security standards set by the credit card companies. PCI has
affected many verticals such as retailers, healthcare and financial industries.
Health Insurance Portability and Accountability Act

(HIPAA)
HIPAA was created in 1996 and stands for Health Insurance Portability and Accountability
Act. HIPPA was created with the goal of protecting patient records and promote national
uniform security standards for the secure electronic transmission of health information. As
the healthcare market conforms to HIPAA regulations, a variety of hosted security products
are being used by hospitals, doctors, pharmacies and insurance companies. All healthcare
organizations should be in compliant in implementing the security monitoring measurements,
but some have taken a wait and see approach. HIPAA has been and continues to be influen-
tial in the health care network security market.
Gramm-Leach Bliley Act
The goal of the GLBA act is to enforce financial institutions to protect consumers' personal
information. Financial institutions such as banks, mortgage and insurance companies are
included in the GLBA act. Any company that deals with a financial product must abide and
be in compliance of this act. The act has influenced the endpoint security market by requiring
any financial institution that handles transfers and stores financial data to be in compliance
with the GLBA Act.
Sarbanes-Oxley Act (SOX)
Sarbanes Oxley Act of 2002 addresses the accounting practices and corporate governance of
public companies. If companies do not comply, hefty fines can exist. Fines can range from
10 million to 100 million and with some cases, jail time may be seen. The act requires
companies to be fair within auditing practices. The act covers the following: the accuracy of
reporting financial reporting through internal controls, the effectiveness of internal control
as on the end of the company's most recent fiscal year, the disclosure of any weaknesses
within the internal controls, and clear statement of the auditing practices through the
accounting firm, issue an attestation report on the management's assessment of the
company's internal controls.

Companies establishing endpoint security must understand that a hacker can easily cause a
data breach and gain company asset information. The endpoint security market is influenced
by this act due to the security protection that is required for at all endpoints. IT standards
must be in compliance in order to keep an organization's financial records safe. The act also
helps guide network administrators to respond to complex and blended threats in a
consistent and approved manner.
Competitve Landscape
Market Structure
The Endpoint Security market is a highly competitive market and continues to change with
technology. Vendors continue to use R&D and acquisitions to additional technologies such as
DLP and NAC into the solution. In 2007, the trend for integration continued with competi-
tors in the Endpoint Security market. Symantec continues to lead the market with
44% market share. McAfee trails with 9% and Trend Micro with 7% of the market. These
Tier 1 vendors lead the market as a result of their early on dominance in the anti-malware
market. Since then several acquisitions have been made in order to add more functionality
into the Endpoint Security product. Although Microsoft has a smaller market share for 2007,
it is expected that its market share will grow in the next several years and cause a market
shift in competitor market share.
In 2007, pure play security companies are not the only participants in this market. Network
infrastructure companies have entered the Endpoint Security market as well and offer an
umbrella of solutions. Checkpoint and Cisco have added forms of anti-malware into their
endpoint security solution hence increasing functionality and making it easier for the
consumer to use one vendor for security solutions. As cyber crime continues to increase,
participants are creating better technology and adding features to their products to tackle the
threats of today and tomorrow.
In 2007, the trend in many vendors is to focus on the SMB and Enterprise market. The shift
can attribute to Microsoft's entrance in to the market. From the enterprise view, more func-
tionality, ease of use, and working with one vendor has been the drive for many vendors to
seek market share in the Endpoint Security market. Offering integrated products means that
instead of having different security vendors for different products, the user will use only one
and manage effectively the solution.

In 2007, smaller vendors are not able to compete with larger vendors and continue to place
emphasis on R&D to produce better product portfolios. Some smaller companies are just
beginning to offer integrated suites, but focus on better technology for solving zero day
threats such as heuristics proactive technologies.
Frost & Sullivan believes that integration will continue to be a main theme in the Endpoint
Security market. Various vendors from pure play security companies to network companies
will gain leverage in the industry as they add different technologies into one bundled suite.
Figure 2-22 shows the competitive structure in the world endpoint Security products for
2007.
Figure 2-22
Endpoint Security Products Market: Competitive Structure (World), 2007
Number of Companies in the Market 41
Types of Competitors Pure plays, System Integrators

Network Security Vendors
Hardware and Software Vendors
Distribution Structure Direct, VARS, OEMS
Tiers of Competition 3 Tiers, Tier 1-Symantec, McAfee, Trend Micro

Tier 2-Panda, Sophos, F-Secure, Cisco, Checkpoint, Microsoft
Tier 3-Kaspersky Lab, AVG, BitDefender, Eset, Others
Notable Acquisitions, Mergers Symantec acquired Altiris

McAfee acquired SafeBoot Holding BV
McAfee also acquired ScanAlert, Inc.
Sophos acquired Endforce
Key End-User Groups Consumer and Vertical markets: Healthcare, Government, Education,
Financial
Competitive Factors Integrating Products or suites, Brand recognition, Pricing

Performance

Figure 2-23 and Chart 2.27 provides the company market share per revenues for the world
endpoint security products market in 2007.
Figure 2-23
Endpoint Security Products Market: Company Market Share by Revenues (World), 2007
Company 2007 (%)

Symantec 43.0
McAfee 9.4
Trend Micro 7.2
Panda Security 3.2
Sophos 2.5
F-Secure 2.3
Others 32.4
TOTAL 100.0
Note: Others include Checkpoint, Cisco, Microsoft, Kaspersky, AVG, CA, Eset, BitDefender, AhnLab,
Aladdin, eEyedigital, Norman, Awil Software a.s. Authentium, Avira, Beixinyuan, BullGuard, Quick
Heal, Central Command, Cybersoft International, Finjan, Frisk Software, GFI, HackSoft, Hauri,
Jiangmin, Kingsoft, MKS SP, Proland Software, Rising, Sunbelt Software, Stiller Research, Ikraine
Antiviral Center.
Chart 2.27
Endpoint Security Products Market: Company Market Share by Revenues (World), 2007
32.4%
43.0%
2.3%
2.5%
3.2% 7.2% 9.4%
Symantec McAfee Trend Micro

Panda Sophos F-Secure
Others

Chart 2.28 shows the competitive landscape for the world endpoint security products market
in 2007.
Chart 2.28
Endpoint Security Products Market: Competitive Landscape (World), 2007
Cisco Trend Micro

High Checkpoint F-Secure Symantec
Kaspersky Panda McAfee
Sophos
Microsoft
Ability
to ESET
Deliver
BitDefender AVG
Aladdin
Finjan
Low
Low Market Penetration High
Contender Market Leader

Niche Participant
Specialist Challenger
Chart 2.29 shows competitive landscape for the North America endpoint security products
market in 2007.
Chart 2.29
Endpoint Security Products Market: Competitive Landscape (U.S.), 2007
Cisco Trend Micro

High Checkpoint
Symantec
Sophos
Panda McAfee
F-Secure
Kaspersky
Microsoft
Ability ESET
to BitDefender AVG
Deliver
Aladdin
Finjan
Low

Niche Participant

Chart 2.30 shows the competitive landscape for the EMEA endpoint security products
market in 2007.
Chart 2.30
Endpoint Security Products Market: Competitive Landscape (EMEA), 2007
Cisco
High Checkpoint F-Secure Trend Micro Symantec
Kaspersky Panda
Sophos
Microsoft McAfee
ESET
Ability BitDefender
to
Deliver AVG
Aladdin
Finjan
Low

Niche Participant
Chart 2.31 shows the competitive landscape for APAC endpoint security products market
competitive landscape in 2007.
Chart 2.31
Endpoint Security Products Market: Competitive Landscape (APAC), 2007
Trend Micro
Cisco
High
Checkpoint Symantec
Kaspersky Panda McAfee
F-Secure Microsoft
Ability Sophos
to
Deliver ESET
BitDefender
AVG
Finjan Aladdin
Low

Niche Participant

Market Leader
Symantec is a security software vendor and was founded in 1982. Symantec is a leader the
network security infrastructure software market. Symantec delivers software and services
that addresses risks to security, availability, compliance and performance. They are a global
company and offer operations in over 40 countries.
For the most part, Symantec has maintained a large portion of the endpoint security market.
Symantec's ability to maintain a large part of the market is a result of the early introduction
into the anti-virus market. For 2007, Symantec has expanded focus into the Enterprise
market, but still maintains concentration in the consumer market as well. In the past several
years, Symantec has acquired several companies such as Veritas, Sygate, Brightmail, Altiris
and Vontu. Through mergers and acquisitions, Symantec has been able to diversify its
endpoint security product line by adding storage backup, DLP, and NAC. The merger with
Atiris will help build a superior enterprise product through better manageability. The
strategy with Symantec will is the continuation mergers and acquisitions that will enable
them to innovate and deliver better endpoint security markets as the security landscape
changes. During the writing of this study, Symantec announced the acquisition with Swap-
Drive, an online backup storage provider. According to Symantec, the acquisition with
SwapDrive will strengthen the services offerings in the Norton consumer portfolio and to
help consumers manage data across their devices.
For the consumer market, Norton 360, an all-in-one security solution was released in 2007.
The Norton 360 product combines technologies such as anti-virus, firewall intrusion preven-
tion, anti-phishing, back up storage. From the consumer perspective, this product is
simplicity at best and continues to be embraced from the consumer market.
For the enterprise market, Symantec Endpoint Protection 11.0 integrates technologies from
anti-virus, anti-spyware, endpoint firewall, and NAC all managed through a single manage-
ment console. The integration of the solution represents the Symantec's strategy of acquired
technologies. The product addresses many concerns of the consumer which includes the value
of dealing with fewer vendors.
Frost & Sullivan believes that despite this focus on diversification and integration,
Symantec will continue to be a very strong market leader in the endpoint security market.
Although we feel that primary focus of security products may be lost within the integration,
Symantec's early on leading position in the anti-virus market will assist them in maintaining
a large part of the market share.

Market Challengers
McAfee
McAfee is a dedicated security vendor and establishes a large part of the endpoint security
market. The company has made some acquisitions throughout 2006 as a means to broaden
its security capabilities. The focus continues to be on the consumer market, but has enhanced
its focus onto the enterprise in 2007. Like other competitors, McAfee continues to broaden
its security features as a result of consumer demand.
In 2007, McAfee acquired SafeBoot Holding BV. With this acquisition, McAfee plans to
provide customers with endpoint, network, web, email and data security including encryp-
tion as well as risk and compliance solutions. Early this year McAfee also acquired
ScanAlert, Inc. The objective with these acquisitions will help build a full line of system and
network protection solution and technologies over multi-platform strategy of personal
computer, internet and mobile security solutions.
Integration is also a vision for McAfee as an example of some other acquisitions, during
2006, McAfee acquired three companies, SiteAdvisor, Inc., Preventsys, Inc. and Onigma Ltd.,
and substantially all of the assets of a fourth company, Citadel Security Software Inc., to
enhance and complement its current offerings. The acquisition of SiteAdvisor significantly
enhances McAfee's internet security solutions. The system security management and vulnera-
bility management capabilities were further advanced with the acquisition of Preventsys. The
acquisition of Onigma complemented its enterprise offerings by providing businesses with
data loss prevention. The acquisition of Citadel Security Software's assets broadened its
capabilities for security policy compliance enforcement and vulnerability remediation.
McAfee has also recently secured new agreements with the following strategic PC OEM
partners:
■ Acer Computer. In a multi-year worldwide partnership, McAfee is shipping 60-day trials

of McAfee Internet Security Suite with SiteAdvisor on Acer computers. These shipments
started in the second quarter.
■ Sony Computer. Earlier this month McAfee started shipping 90-day trials of McAfee
Internet Suite on Sony Corporation PCs through their Japanese channel.
■ For Dell, we improved our position. McAfee will be the default and recommended
security partner from May 2008 through July 2008 in all of North America, Asia Pacific
and Latin American markets. At the same time they will also have default positioning in
EMEA and recommended positioning in Japan.

The combination of these partnerships coupled with Toshiba Europe GmbH, Cox and a
record setting number of first quarter partnerships in Europe positions McAfee well for
significant growth in the consumer business
The flagship consumer product is McAfee Total Protection with Site advisor and offers a
twelve in one prevention and protection product. The total protection includes key protec-
tions such as anti-virus, anti-phishing, anti-spyware, identity protection, Host IPS and anti
spyware, and firewall. The consumer market continues to do well and sales for Total Protec-
tion continue to increase. As value continues to be added into the suites, consumers will
continue embrace the integrated products.
For the enterprise McAfee delivers its anti-malware solution in a number of different solu-
tions depending on the level threat protection that a customer requires. For, example McAfee
offer Total Protection for Endpoint, which includes anti-virus, anti-spyware host intrusion
prevention, desktop firewall, web security & email server security all managed by a single
integrated management console.
McAfee has ePolicy Orchestrator, which is the unified security management platform that
links its protection and compliance capabilities and provides customers with centralized
policy management, a common endpoint agent, efficient deployment and administration
processes. Protection and compliance capabilities contained in the McAfee Total Protection
Solutions are integrated ePolicy Orchestrator.
Frost & Sullivan believes that McAfee will continue to do well in the endpoint security
market as a result of it's early on position in the anti-virus market. In order to continue its
successfulness, integration will need to continue when keeping up with the changing security
landscape. As a result of long integration processes, McAfee will need to continue diverse
distribution and research and development.
Tr e n d M i c r o
Trend Micro was founded in 1988. It is headquartered in Tokyo, Japan and operates in more
than 30 countries. Trend Micro Solutions are sold through corporate, VARS and service
providers. Trend Micro offers comprehensive security products that protect at the enterprise,
SMB market, and consumers. For the enterprise, Trend Micro offers multi-layered security
solutions designed to monitor, enforce, prevent, and recover from threats in a single manage-
ment console.
Trend Micro solutions combine URL filtering, anti-malware, and reputation management.
Trend Micro objective is to bring the time down between a given exploit and the protection
against it. Any time an end-user encounters a new vulnerability; it is communicated to the
virtual databases and entered into the reputation management system. Trend Micro is also
able to re-set an infected PC to its pre-infected state.

In 2007, Trend Micro acquired Provilla, a data leak prevention company, this extends Trend
Micro's content security offering into the global DLP market with innovative new technology
and products. With this acquisition, Trend Micro has also announced its first data leak
prevention solution: Trend Micro LeakProof 3.0. Trend Micro also acquired of HijackThis, a
popular freeware anti-spyware tool, complemented the launch of the beta version of Trend-
Protect, a new Web reputation service for consumers. With the introduction of the Analyze.
This feature in HijackThis in March 2007, Trend Micro has analyzed over 1.7 million
HijackThis logs. The ability to have ongoing analysis, provides valuable information about
new Web threats and the extent of malware the infection in Windows PCs. In 2007 Trend
Micro also introduced to the Trend Micro Secure Content & Threat Management security
solutions. The portfolio includes: Trend Micro Web reputation and in-the-cloud technologies,
as well as Software as a Service.
Trend Micro's objective in 2008, is to continue the battle of the changing threat landscape
with a service-oriented culture and a solution set whose main focus will always be the needs
of its customers. Frost & Sullivan believes that Trend Micro continues to excel as they dili-
gently research and improve between vulnerability exploit and protection. Trend has been
investing in new technologies and integration continues into their product portfolio in 2008.
Despite these investments, Trend Micro still managed to grow slightly above market rate.
The vendor might be able to afford an investment stage, because the company is in a less
vulnerable position than competitors who rely more heavily on the consumer market.
Frost & Sullivan believes that attacks will increase in severity, and Trend Micro's recent
investments in multi-dimensional protection will help them prevail and differentiate them in
the endpoint security market.
Market Contenders
Pa n da S e c u r i t y
Panda Security is a provider of IT security solutions based in Spain, with U.S. operations
headquartered in Glendale, CA. The company use to be called Panda Software, but last year
changed to Panda Security to better reflect its strategic focus and response to the new
malware dynamic, where threat creators are motivated solely by money. In 2007, several stra-
tegic business changes occurred. Panda Security was acquired by 4 venture investment
groups: Harbour Vest, Bridge Atlantic, Investindustrial and Gala Capital. With these
changes, Panda Security has taken a new direction to help widen its global expansion.

Panda Security was one of the first to offer proactive technologies to help combat unknown
malware and zero-day threats with TruPrevent in 2004. In 2007, Panda Security launched a
new security model that goes beyond traditional signature based approaches. This includes
Collective Intelligence, which allows a collection of data from the community, automated
data processing, and releasing of the knowledge extracted. Panda Security's Collective Intelli-
gence platform helps to increase visibility in a challenging threat landscape and also helps to
provide a quicker response to new and emerging threats. Panda Security also includes a secu-
rity-as-a-service offering known as Panda Security for Managed Office Protection that
directly benefits SMBs as well as their managed service providers and VARs from the knowl-
edge gained by Collective Intelligence. The company also offers comprehensive malware
scanning and audit services based on Collective Intelligence: ActiveScan 2.0 for the consumer
segment and Malware Radar for the corporate market.
Panda Security has a global presence in the consumer and SMB markets. Its consumer
product includes Internet Security 2008 and plans to launch 2009 with Collective Intelligence
integration later this year. For the corporate market, Panda Security for Business offers an
endpoint solution which includes TruPrevent technologies. Network Access Control has been
integrated into the solution and there are possible plans to integrate DLP as well. Panda secu-
rity plays a major part in the SMB market and intends to continue to focus in this area. The
company is now 100 percent channel focused and some distributors will have exclusivity. For
example, Tech Data is the company's exclusive distributor in the U.S., where Panda Security
has 1,100 active reseller and MSP partners. Other distribution points include ISP's and
OEMS. Panda plans to continue focus on growth in the US and in EMEA, where they are one
of the strong challengers in the security market.
Panda has evolved from a regional participant to a strong contender in the Endpoint Security
market. Frost & Sullivan believes that they will continue to have momentum as a result of
their in-house technology and global expansion focus.
Microsoft
Security has been a main focus for Microsoft in the past several years. Microsoft has been
putting a lot of effort into securing its products and then has launched its own products for
the consumer and enterprise market.
Microsoft entered the endpoint security market in 2006 with OneCare version 1.5. As the
world's leading operating system vendor, there was much speculation in regards how this
would affect the market. Forefront was introduced to the enterprise market as well.

OneCare changed the market's pricing model in 2006 when the product introduced three
licenses for the OneCare product. OneCare was made to be user friendly for the consumer
market. It is always on and automated. OneCare communicates the status of the PC's health
and will notify users in the windows taskbar with colorful icons. Performance is key for
Microsoft and hence OneCare uses optimization features to help keep the PC running at its
speediest. All in One protection for OneCare includes anti-virus, anti-spyware, a managed
two-way firewall, and integrated anti-phishing. Other new features added include: Multi-PC
and home network management, printer sharing support, start time optimizer, online ID
protection and storage backup.
In the enterprise market, Microsoft rebranded its Antigen product portfolio and developed
Forefront from the acquisition from Symbari in 2005. Forefront was created to offer a key
component in Microsoft's strategy in providing end-to-end security for the business
customer. Forefront offers additional layers of security designed to protect information and
control access to business-critical resources and information. Forefront Client Security
provides unified malware protection for business desktops, laptops and server operating
systems that is easy to manage and control though a central management system. It also
offers visibility and reporting capabilities. Forefront Client Security is made up of two parts.
The first part of the client security is the Security Agent which is installed in business desk-
tops, laptops, and server operating systems. The second part is the central management
server. Forefront Client Security provides real-time virus and spyware protection and helps
protect against emerging threats such as viruses, worms, and Trojan horses.
Frost & Sullivan believes that Microsoft will gain more market share but not as fast as they
expected as a result of the dominant players in the market space. The market is very mature
and it will continue to be a learning curve for its anti-malware capabilities. However, the
consumer product OneCare has set a new precedent in the endpoint security market and it is
likely that with Microsoft's branding power, it will achieve greater market share in the
consumer space.
Kaspersky Lab
Kaspersky Lab is a privately-held company based in Moscow and was founded in 1997. In
the past years, the company has achieved tremendous growth. Kaspersky grew over
140% between 2006 and 2007 of which the consumer business made up just over 50% of
total revenue.

In the US and Canada, much of Kaspersky's fast growth can be attributed to the enhance-
ment of its shelf presence in the retail sector, which now includes over 12,000 stores.
Kaspersky will continue to strategize key channel partnerships in the future. Kaspersky
attributes growth to the retail channel as well as the enterprise channel. They continue to
stay ahead of the curve in the endpoint security market and the product includes proactive
technology and believe that as a company, they need to move forward with this technology.
Kaspersky expects to see 20 million new unique malware samples in 2008 and expect to
create more than 1,000,000 signatures during the same period of time. Therefore, Kaspersky
expects to stay ahead of the game. They are very focused on building their brand name and
continue to be successful with this.
Kaspersky offers solutions for the consumer and the enterprise. The consumer portfolio
includes Kaspersky 7.0 and Kaspersky Internet Security 7.0. The enterprise solutions include
corporate suites, consisting of endpoint security, file server, mail server, and Internet Gateway
products. The product is easily customized and offers a trans-perimeter network security to
extend past the network and reach remote users and the increasingly mobile workforce. For
the mobile market, Kaspersky offers Kaspersky Mobile Security, anti-theft protection for
Smartphones. Kaspersky believes that as we move towards a web 2.0 world, that with the
open source technology prevailing, we will see numerous more mobile malware and experi-
ence increase amount of data loss. The mobile product includes features that help with data
loss.
Kaspersky will continue to enhance its traditional pro-active and re-active protection capa-
bilities and introduce new detection technologies to combat today's cybercriminals. During
the wiring of this study, Kaspersky released information regarding the launch of
Kasperky'sInternet Security 2009 comprehensive protection product. Enhanced features
include: better performance, an easy to use and system resource friendly package, application
filtering, new AV engine, enhanced behavioral analysis, vulnerability assessment for
"branded" applications,virtual keyboards and Kaspersky Security Network.
Frost & Sullivan believes that as Kaspersky continues to create innovative products and
increase channel distribution, they will continue to be successful. Kaspersky's entrance into
the retail channel helped create a strong brand name and in doing so has placed them as a
major contender in a competitive market place.
Sophos
Sophos is a leader in the IT security and control. The company is based in the
United Kingdom, but has offices worldwide. Sophos in 2007, has experienced growth in
North America, APAC and Japan. They also continue to do well in Europe. Sophos has been
in the industry for 20 years and focuses on the Enterprise business and OEMS the consumer
product to WebRoot.

In 2007, Sophos released Endpoint Security and Control 8.0. The acquisition with
ENDFORCE in 2007 has allowed version 8.0 to incorporate Network Access Control (NAC).
The Endpoint Security solution includes anti-virus, anti-spyware and client firewall. It also
includes a management console for better control and agent protection against zero day
threats. Sophos has also added application control and HIPS to its existing product.
Sophos believes that threats today have shifted the market from reactive to a proactive
response. In keeping up with this trend, preventative security measures need to be enforced in
its solution. According to Sophos, the implementation with NAC, application control and
HIPS in a single management console proves to be an effective means in preventing new
threats.
Frost & Sullivan believes that Sophos will continue to be a strong participant in the Endpoint
Security market as a result of their continuation of innovation and integration of its products
and international expansion.
Market Specialists
BitDefender
BitDefender, a Romanian-based, privately-owned company, has offices in nine countries with

distribution and reseller partners in over 100 countries worldwide. With its origins in
Eastern Europe, BitDefender's product line is available in 18 languages and is the number
one anti-virus product in France. Sales in the European market account for approximately
70 percent of BitDefender worldwide sales, however the company expects to see strong
growth in North America and is expanding into Asia.
BitDefender primarily targets the consumer and SMB markets through global distribution
channels and reseller partners. Key milestones in 2007 include reaching more than 41 million
users in 100 countries and the release of BitDefender's Security Suite for Business. BitDe-
fender's goal is to market its product by focusing on expanding distribution through
resellers, OEMs and as well as international expansion.
BitDefender technology is based on combining signature-based and heuristics-based detection

methodologies. Heuristics-based detection emulates a "computer-inside-a-computer," exam-
ining how a file or program acts rather than a specific code pattern. If the file or program
acts like an e-threat (malware, viruses, worms, etc.), BitDefender's product will take appro-
priate actions to defend the system. This methodology requires no signature updates, which
leave a system vulnerable to attack until a scheduled update, and provides protection from
zero-day threats.

BitDefender also takes a proactive and intelligent approach to spam email. The company uses
an image spam filter which does not rely on text analysis. It analyzes color, content and
proportions.
In 2008, BitDefender released GameSafe, a security solution targeted at the online gamer
who would, normally, forgo security software due to in-game performance concerns. As part
of their market strategy, BitDefender recognized the need for this type of product and created
a solution to specifically address the concerns of gamers. Additionally, a Game mode feature
is included as part of BitDefender's Total Security Solution 2009. Noticeable benefits include:
reducing system load to virtually zero and disabling updates and all pop-ups. The consumer
product also includes anti-virus, anti-spyware, anti-phishing, firewall and anti-spam.
Frost & Sullivan believes that BitDefender is an innovative company and the continuation of
expansion globally will help develop brand awareness. As BitDefender continues to innovate
with behavior blocking technology, it will become a key competitor in the future endpoint
security market.
ESET
ESET is a global company with production headquarters based in Bratislava, Slovakia. Orig-
inal company was established in 1992. Performance and speed were important in the past
and continue to be important today. Worldwide distribution headquarters is in San Diego,
US. Offices include Bristol, UK, Buenos Aires, Argentina, Prague, and Czech Republic. ESET
began growing significantly during 2005. The company's headcount in the U.S. offices has
increased tenfold, and sales are in more than 160 countries.
Solutions and technology was established in-house and have continued to focus on perform-
ance and speed. Research and development continues to remain strong. In 1997, new
malware began and trends were being seen by ESET. ESET began developing Heuristic tech-
nology and researching genetic coding for malware.
Several years ago, ThreatSense.net was developed. This allows customers to see the increase
the accuracy of the product, reports only new malware. It soon was introduced into the
endpoint products. ThreatSense Engine allows ESET to look and see if it the malware is a
false positive and minimize the amount detected. It also gives the ability to see which threats
are becoming more prevalent and which malware families are starting to form. Due to this
ability to see new threats, detection can be improved. According to ESET, ThreatSense tech-
nology has detected more than 75% of new, unknown, threats heuristically—before a
signature update is available.

ESET solutions include NOD 32 Antivirus, its flagship product. The product combines
anti-virus and antispyware to detects and disable viruses, trojans, worms, adware, spyware,
phishing, rootkits and other Internet threats. ESET Smart Security is a comprehensive solu-
tion aimed at consumers and the SOHO market, and includes anti-spam and a personal
firewall.. Both products use the ThreatSense engine which is based on heuristics behavior and
includes the genetic coding. During the writing of this study, ESET announced an addition to
its portfolio, Mobile Antivirus. The technology includes a fast and light heuristics based
anti-virus scanner for Windows Mobile 5 x and 6.0. Increase functionality will be added in
the future.
Frost & Sullivan believes that the ability to protect for emerging threats will help ESET be a
strong competitor in the market. The company's ThreatsSense Engine positions ESET with an
edge in the technology field. With their focus in R&D, this has placed ESET as an innovator
differentiator in the endpoint security market.
Emerging Participants with Integrated Anti-Malware Products
Cisco
Cisco has had Cisco Security Agent (CSA) in the market which has included Host IPS and for
2008, CSA 6.0 anti-virus will be released within the agent. Cisco has been proactive in the
security market and will continue to add integrated products such as NAC and DLP into its
core agents. CSA is an endpoint security solution that combines zero-update attack protec-
tion, data loss protection and includes signature-based anti-virus in a single agent. Cisco's
strategy to implement the new 6.0 product is to target existing customers. Their objective is
to help their consumers implement a self defending network.
Frost & Sullivan believes that Cisco's penetration in the market will help grow market share
rapidly, but since they need to catch up with providers such as Symantec and McAfee, tech-
nology will need be advanced and well developed for the anti-virus product that is embedded
in CSA.

Check Point
Check Point markets and supports software and combined hardware and software products.
They offer a broad portfolio of network, gateway, data and endpoint security solutions. The
company is able to offer a unified security architecture that enables total end-to-end security
with a single line of unified security gateways and allow a single agent for all endpoint secu-
rity, which can be managed in a single console. Check Point Software offers total security
solutions and offers enterprise firewall, personal firewall/ endpoint, data security and VPN
markets. Check Point services are sold to enterprises, service providers, SMB and consumers
and distribution includes a significant amount of channels and some direct sales.
Check Point has been in the endpoint security market since the late 90's. In the early 1990's,
the company developed firewalls and VPN Client, and then moved into endpoint security in
1998 by incorporating a desktop firewall and host integrity checking (NAC) into the VPN
client. In 2004, Check Point acquired Zone Labs, which launched the widely deployed
consumer endpoint security product, Zone Alarm, starting in 1999 and the enterprise
endpoint security product, Integrity, in 2001. In 2007, Pointsec was acquired, adding full
disk encryption, media encryption/port protection and PDA/Smartphone encryption to the
security offering. These data security elements are now incorporated in the endpoint security
solution. The acquisition with Zone Labs helped launch the completion of anti-malware into
one solution. The anti-virus solution is OEM through Kaspersky Lab. In 2008, the new
strategy combines personal firewall, data protection, remote access VPN and anti-malware.
Check Point Endpoint Security is a single agent that combines firewall, network access
control (NAC), program control, anti-virus anti-spyware, data security, and remote access. A
uniqueness to Check Point's endpoint security is that it uses program advisor which using a
real-time network service, the company can detect malicious and/or unauthorized applica-
tions running on individual computers and block their activities. Another uniqueness to its
solution is the enforcement of firewalls. With Check Point turning NAC on can happen in a
few minutes and no upgrade is required. The benefit with this is a tremendous saving for the
consumer.
Frost & Sullivan believes that Check Point has a diverse and experienced portfolio that offers
a easier and cost savings solution to the consumer. As a result, Frost & Sullivan expects
Check Point to continue to have stable growth in the future.

Other Participants
AV G Te c h n o l o g i e s
AVG was founded in 1991 and corporate offices are located in Czech Republic, the US and
the UK. AVG plans to extend office distributions in the future. AVG currently has
300 employees, but this will be expanding at the end of this year. AVG has done well in the
endpoint security market as a result of their unique strategic plan; growth rate is well ahead
the 11% industry average. From 2006 to 2007, AVG has doubled in size. AVG continues to
do well globally and is seeing upward trends within APAC and other emerging markets.
AVG is one of the most recognized brands and contributes this to their unique strategic
marketing plan which entails offering a free product. In 2000, AVG began offering a free
product and started seeing momentum in 2003. By being disruptive in the market, the
company has been able to double its size. AVG strategy is to get consumers to their website
where they can download the free product which includes anti-virus and anti-spyware or
purchase a suite of products. AVG has about thirty percent of the free consumer internet
security market, and currently has seventy million active users. AVG focuses on the consumer
and SMB market. Thirty-Five percent of commercial product users are business users.
AVG has expanded its product line through acquisitions with Ewido Anti-Spyware in
2006 and Exploit Prevention Labs in 2007. Within 6 months, AVG launched the integrated
product with URL filtering and safe surf technology. The added functionality allows for scan-
ning of websites and the unique product scans in real-time. AVG Internet Security suite
includes anti-virus, anti-spyware, anti-spam, web protection and a firewall. AVG points out
that its products are fast, easy to use and are always running. Performance is a key function
to offering a superior product. AVG also offers the Internet Security Suite edition for the
SMB market. The product protects for workstations, file servers and email servers.
AVG plans to continue to add functionality into its products. AVG states that newer threats
are coming from web pages and real-time filtering will help prevent these threats. Other
threats are also coming from online gaming. AVG's goal is to better understand its customer
needs and will continue to create products based from this. The company has a strong online
sales division and also distributes through VARS.
Frost & Sullivan believes that AVG's unique marketing strategy has positioned the company
well in the endpoint security market. The company's strive for uniqueness and superior
performance will help successfully drive this company in the future.

eEye Digital Security
eEye Digital Security is pioneering a new class of security products:integrated threat manage-
ment. This next-generation of security detects vulnerabilities and threats, prevents intrusions,
protects all of an enterprise's key computing resources, from endpoints to network assets to
web sites and web applications, all while providing a centralized point of security manage-
ment and network visibility.
eEye's product offerings Retina Network Security Scanner, Blink Endpoint Security, REM
Security Management Console and Retina Appliances were designed from the ground up to
meet the needs of today's security environment. The Retina Network Security Scanner is an
industry and government standard for multi-platform vulnerability management. It identifies
known and zero day vulnerabilities and provides security risk assessment, enabling security
best practices, policy enforcement, and regulatory audits. Blink Endpoint Security delivers
integrated multi-layered endpoint protection. Blink is a single, lightweight client that replaces
multiple security agents, protecting against known exploits, zero day attacks, and all other
attack vectors. The AV engine for Blink is OEMed through Norman and contains its own
eEye Digital heuristics technology. The consumer edition of Blink, known as Blink Personal is
currently being offered as a free one year download so as to create a strong name brand and
future revenue stream for the product. REM is eEye's central management console and
provides IT professionals with a single point of visibility into an organization's security
posture. eEye's line of Retina Appliances are fully integrated security and threat management
appliances bundled with Retina, Blink and REM and provide endpoint protection, vulnera-
bility assessment and risk management.
Founded in 1998 and headquartered in Orange County, California eEye Digital Security's
line of products are used in more than 9,000 corporate and government organizations world-
wide, including half of the Fortune 100. eEye Digital Security plans to continue their focus in
the US and strategically focus on building its SMB market. Frost & Sullivan believes that
eEye Digital will continue to strengthen and innovate its product line and remain contenders
in the security space as a result of their dedication to research and development.
Sunbelt Software
Sunbelt is a provider of Windows security software and contains product solutions in the
areas of anti-spam, anti-virus, anti-spyware and vulnerability assessment. The company is
headquartered in Tampa Bay, FL and was founded in 1994. Ninety percent of its sales is done
in North America and 10% overseas.

Sunbelt's leading products include CounterSpy, Ninja Email Security and endpoint firewall
technologies. Sunbelt will be releasing in the end of Q2, Vipre, a anti-virus and anti-spyware
solution. This will be a next generation product and will include signature matching,
heuristic analysis, behavior analysis and advanced anti-root technology. They developed
FirstScan and this scans prior to booting and can scan and remove files. In the future, fire-
walls will be integrated into this product. The product will be available globally and offered
online.
Sunbelt believes that IT administrators concerns include slow performance as a result of inte-
grated product hence; the market needs better performance anti-malware products. Sunbelt
has a very good SMB market and believes that this will help develop market penetration.
Frost & Sullivan believes that Sunbelt Software positions itself well in the SMB market as
they address performance issues within the endpoint security market.
SkyRecon Systems
SkyRecon Systems was founded in 2003 and its headquarters reside in Paris, France and San
Jose, CA. SkyRecon is a global provider of system and data security solutions, offering a
multi-layered security approach with its StormShield Unified Endpoint Protection solution.
SkyRecon has very good market penetration in Europe with market expansion into the US
beginning in Spring 2007.
SkyRecon has focused on research and development in-house not through acquisition lever-
aging patented technologies that help to meet the needs of all business markets and verticals.
ClearShield is the consumer product offered by SkyRecon. The flagship product for
SkyRecon is StormShield, a Unified Endpoint Protection solution that offers a single agent
protection for servers, desktops, and mobile endpoints. The multi-layered offering delivers
integrated device control, secure file encryption, application control, host-based intrusion
prevention (HIPS), system firewall, wireless security and Network Access Control (NAC).
Data Loss Protection (DLP) is the most recent addition to the solution which helps Enter-
prises protect sensitive data. The single management console allows administrators to define
a dynamic policy that ensures and enforces comprehensive endpoint protection and control
even when the endpoint leaves the secure walls of the corporate network.
SkyRecon will continue to focus on global channel distribution, and in Europe, continue to
maintain its several successful partnerships with System Integrators. In order to gain a strong
market share in the US, SkyRecon will continue to focus on brand awareness and strategic
partnerships. Frost & Sullivan believes that SkyRecon's patented technology, thrive for
organic research and development, and positive momentum in its global expansion will posi-
tion itself well in the Enterprise Endpoint Security market.

Niche Participants
Aladdin Knowledge
Aladdin knowledge has been in the security business since 1997 and is based in Israel.
Aladdin Knowledge offers three product lines; HASP, eToken and eSafe. eSafe is the product
that competes in the endpoint security market. eSafe is real-time intelligent web gateway
security solution that consists of a multi-layer content security. It is composed of three tech-
nologies a URL filter, a malicious code filter, and controls for web-based applications.
Aladdin Knowledge has the technology to inspect traffic in real-time and has the ability to
enforce policy and group enforcement. Its technology, nitro inspection allows seeing the
content packet by packet. If a malicious code is detected, then the malicious code is blocked.
Deployment is at the gateway and consumer rarely needs to worry about security settings.
Aladdin Knowledge has evolved to include content filtering with anti-malware capabilities.
As web threats continue to increase, this trend will continue. Aladdin believes that technolo-
gies, content filtering and anti-malware are important with securing the endpoints.
Traditionally the Aladdin market has been Enterprises and SMBs, and believes that many
SMB's will receive security as a service. Aladdin is focusing on this now and for the future.
Aladdin has focused on agreements with ISPs in Israel, the US, South Africa and Thailand.
Other supply chain partners include MSSP and telecom operators. When writing this study,
Aladdin reported that it will sell 100% through resellers. Aladdin believes that the re-struc-
tured enterprise security sales program enables the company to devote increased resources
and training to channel partners, expanding the support and materials available to resellers
so they can more effectively sell, integrate and maintain Aladdin's enterprise security
products.
During this study Aladdin also announced general availability of Aladdin eSafe v6.2 Proxy,
offering organizations more options in control and flexibility for secure Web gateway deploy-
ment. Aladdin has a technology that fits with the increasing threats out today.
Frost & Sullivan believes that as the secure web gateway market grows, Aladdin focus on
research and development will help them remain a strong participant in the market.
Finjan
Finjan is a global provider in the Secure Web Gateway market. Finjan provides active-real
time content inspection technologies to prevent crimeware. The company was founded in
1996 and operates in North America, EMEA, and APAC. It has a wide international network
of distributors and VARS. Recently, Finjan has experienced substantial growth in the market
place especially in the enterprise web security.

Finjan's solution offers web security appliances that provide malicious code prevention and
comprehensive (Anti-X) web security solutions. As this study was being written, Finjan had
22 patents granted and 25 pending. Finjan's Vital Security offers real time inspection tech-
nology and provides optimal protection against malicious content. Finjan's all in one
solution offers real-time, layered protection against threats and zero-hour vulnerability
protection, anti-crimeware, anti-spyware, anti-phishing, anti-virus and URL filtering. The
solution also offers centralized management and reporting enables IT managers to set
company wide security policies maintain confidential data and generate detailed reports as
required for compliance.
Finjan focuses on diverse vertical markets such as government, finance and healthcare. A
large part of Finjan's subscription attributes directly to Finjan patented technology.
Finjan will continue to focus on the SMB and Enterprise market and plans to continue
enhance making its solution more effective and easier to use. Finjan also believes that as
cyber criminals adapt to legitimate technologies and the commercialization of crimeware
continues to increase, the security industry needs to become more innovative to prevent these
attacks.
Frost & Sullivan believes that with the experience and being an early web security vendor in
the market, Finjan will continue to grow rapidly and mature in this competitive market. Also
the company's presence in North America and EMEA has helped develop a large number of
customers hence, increasing name brand recognition
Strategic Recommendations
Ease of Use
The market continues to stay behind the curve with the required education of threats avail-
able today. The user's busy lifestyle and lack of education of threats causes the user to need a
product that is quick and easy to use.
Branding
For the Endpoint Security market, smaller companies still struggle with market share as a
result of lack of branding. Larger companies have a strong name since they have had experi-
ence in the market. Other vendors also need to continue loyalty with other channels in order
to continue to have help with selling their product. Smaller vendors should market their
name and create unique selling techniques to get the consumer to purchase their products

Performance
Performance is an issue for many vendors. A solution that does not slow down performance
is extremely important especially for the SMB and Enterprise market. There are various
applications that are in use today and consumers need a product that will not slow their
work down, but that can enhance and increase productivity.
Integration of Products
While most vendors already integrate products, bundling offerings will continue to stay a
strong trend. The integration of products will create a defense in depth mechanism that will
help consumers stay protected at all levels. This trend will stay of an importance as consumer
see this easier to manage and use.
Pro-Active Protection
For the enterprise market, pro-active protection continues to be of importance. Threats of

today can no longer be determined by signature only. Protecting against zero day threats is
crucial for businesses needing to protect consumer information and financial information.
Adding and enhancing behavioral capabilities will separate vendors apart.

WorldEndpointSecurityProductsMarkets July08

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WorldEndpointSecurityProductsMarkets July08

Uploaded by

Copyright:

Available Formats

World Endpoint Security Products Markets

Frost & Sullivan reports are limited publications con-

No part of this report may be given, lent, resold, or

For information regarding permission, write:

Frost & Sullivan

#N40B-74 ©2008 Frost & Sullivan www.frost.com

Market Overview 1-1

Market Overview and Definition 1-1

Product Definition 1-2

Revenues Defined 1-2

Geography Analysis 1-3

Market Drivers and Restraints 1-4

Key Findings and Conclusions 1-5

Analysis of the World Endpoint Security Products Market

Overview of the Market 2-1

Overview of the Market and Introduction 2-1

Evolution of Endpoint Security 2-2

#N40B-74 © 2008 Frost & Sullivan www.frost.com iii

Degree of Technology Change 2-7

Customer Satisfaction 2-7

Market Drivers 2-8

The necessity to Comply with Government Regulations 2-9

Increase in Remote Workers is Driving an upward Trend with

Wireless Devices such as Laptops, PDAs and Smartphones therefore

creating the Need for Enhanced Enterprise Solutions 2-9

Network Security has Climbed up the Management Decision Chain and is

considered an Important Business Objective for CIOS 2-9

Sophisticated Botnet Systems 2-9

Increase in Personal Internet usage threatens the Ability with obtaining

Advanced SPAM and Phishing Techniques through Personal Emails 2-10

Upward Trend in Social Networking Websites and Web 2.0 2-10

Market Restraints 2-10

In 2007, the US continues to go through a Slow Growing Economy 2-11

Lack of Attention in Malware threats from Corporate Networks 2-11

Dominant Participants in the Market 2-12

Unit Shipment and Revenue Forecasts 2-12

Unit Shipment and World Revenue Forecasts 2-12

Geographic Market Analysis 2-14

Rest of the World 2-17

#N40B-74 © 2008 Frost & Sullivan www.frost.com iv

Forecast By Product Type 2-19

Forecast By Business Segment 2-25

Distribution Forecast 2-30

Pricing Forecast 2-31

Market Trends 2-38

Demand Analysis 2-38

Enterprise Trends 2-39

Product and Technology Trends 2-39

Increase in Web Security and 2-40

Content Filtering Integration with Anti-Malware Products 2-40

Pro-active Technologies 2-41

Collective Intelligence or Network Intelligence 2-41

Application Whitelisting 2-42

Pricing Trends 2-42

Trends In Distribution 2-43

Consumer Market 2-43

Internet Service Providers and Vendor Hardware Partnerships 2-44

Legislative Trends 2-44

Health Insurance Portability and Accountability Act (HIPAA) 2-45

Gramm-Leach Bliley Act 2-45

Sarbanes-Oxley Act (SOX) 2-45

#N40B-74 © 2008 Frost & Sullivan www.frost.com v