Sultans of E-Commerce Security

In the world of e-commerce security companies, experts find it impossible to agree on which provider is king. But they agree emphatically that nobody does it all.

That is because “all” has become increasingly hard to define as Internet use has increased in recent years. With new threats constantly cropping up — ranging from hacking threats to new viruses and identity thievery — the number of security companies getting into the game also has been rising steadily.

Analysts told the E-Commerce Times that the need for specialized service and attention has helped a number of providers — large and small — stake a solid claim in the e-commerce security market, even though some companies had a clear head start.

No Catch-All Answers

One reason is the sheer expanse of priorities among e-commerce sites; the needs of an online bank, for instance, are completely different from those of a site that sells books.

Giga Information Group research director Michael Rasmussen noted that while one seller might be focused on server security, another could be more worried about content security.

He said each company must address the issue by looking at all pieces of the hardware and software puzzle, including firewalls, routers and authentication systems.

“It’s no different from the issues pertaining to internal security,” Rasmussen told the E-Commerce Times. “There are so many things to look into, because there are so many areas for vulnerability.”

Seeing the Big Picture

That said, a number of companies have built a solid reputation by focusing on the big picture and helping companies assess their overall vulnerability. Rasmussen pointed to such firms as TruSecure, Counterpane, Riptech and Foundstone.

To that list, Forrester Research infrastructure analyst Laura Koetzle adds companies like @Stake. She noted that these firms provide a valuable service by giving companies a revealing X-ray of their situation before they spend money on products that might prove ineffective.

“Buying all the brand-new software is all well and good,” Koetzle told the E-Commerce Times. “But you first need a global assessment of your vulnerabilities.”

Still other companies are making a name for themselves in specialty areas. In the Web server security arena, for example, Rasmussen pointed to Entercept. In Web content security, he said companies like Sanctum, with its AppScan and AppShield products, are making inroads.

Plenty of Princes

While there is no king of e-commerce security, experts said, several princes have emerged.

For overall security software that covers virus detection, hack prevention and intrusion alerts, Gartner research director Victor Wheatman said Symantec leads with about 15 percent of the market.

Wheatman told the E-Commerce Times that Symantec is followed closely by Computer Associates with a 14 percent market share, IBM with about 13 percent, Network Associates with 10 percent and Check Point with 9 percent.

Smaller companies round out this potentially lucrative field with different mixes of service offerings. Wheatman said he sees a growing trend toward commerce companies outsourcing the guardpost functions of intrusion detection and firewall monitoring, especially smaller businesses without the funds or staffing to provide their own 24-hour watches.

Companies like Riptech and Internet Security Systems have moved aggressively to stake a claim in this area, Wheatman said, with up-and-comers like Ubizen, Counterpane and Guardent also making their presence known. Forrester’s Koetzle put Check Point on that list.

Extranet Effort

Another growing area is what the Gartner analyst described as “extranet access management,” which governs how employees and customers access various elements of company information systems. Companies like Tivoli, Netegrity are moving to stake a claim in this sector.

“It’s going to be a real growth area in the next couple of years,” Wheatman said. “It involves a lot of things: authentication, encryption, antivirus, anti-intrusion and much more.”

Also growing is the sector of companies that helps prevent Web sites from getting hijacked or defaced, for example by intruders manipulating page codes. Wheatman said a number of providers are developing tools for locking and constantly monitoring codes, including Sanctum, Tripwire and Gillian.

Still another area to watch is ID management, in which a number of biometrics-oriented companies are looking at specialized technologies, such as retinal scanning, to verify and store user identities. Wheatman said this area, however, remains too experimental for any company to dominate, as none has established a long track record yet.

“There’s a buildup of trust that still needs to happen in that area,” Wheatman said.

VeriSign Dominates

While the pack remains closely bunched in other sectors of e-commerce security, experts noted that VeriSign has become the clear leader in the area of digital certification for secure transactions and information transfers.

“They’ve managed to elbow out much of the competition in this area, but they do the job well,” said Forrester’s Koetzle.

Gartner’s Wheatman noted that VeriSign controls about 85 percent of the U.S. market in certification, but he added that other smaller companies have made notable headway, including GeoTrust, Entrust and Baltimore Technologies.