Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/28/2009
12:04 AM
Fredric Paul
Fredric Paul
Commentary
50%
50%

SMB Security Provider Sees $1 Billion Markets Becoming $100 Million Markets

Walter Scott, CEO of Malta-based GFI Software, says that a combination of decreasing bandwidth costs and increasingly cost-conscious small and midsize companies are changing the security landscape.

Walter Scott, CEO of Malta-based GFI Software, says that a combination of decreasing bandwidth costs and increasingly cost-conscious small and midsize companies are changing the security landscape.The biggest issue, Scott says, is "how frugal the SMB is being." He cites a customer e-mail saying their bill was $9 too high. "They're really watching every buck," Scott says.

And as bandwidth is getting cheaper, that's putting a lot of pressure on service providers. "We've lowered prices 30% to 50%," Scott says, but so have his competitors. "Postini was $5 a mailbox. Now it's $2.50, and it could be as low as a buck" in some cases.

"As products move to a service structure, the price that people will pay for infrastructure is going to plummet," Scott says. And that means "a lot of $1 billion markets turning into $100 million markets."

From his perspective, though, this new frugality opens a market opportunity for GFI. If SMBs can no longer afford $400 for security software, "I have a shot at becoming the infrastructure company for SMBs," he says. Traditional software companies will no longer be able to spend 150% of new license revenue on sales and marketing.

"We're still growing and profitable as hell."

That doesn't mean SMBs don't have security needs, of course. Scott says the results of a new GFI security survey "scare the crap out of me." The survey shows that almost half of SMBs "really don't care about internal threats," and that even among companies who do have Web monitoring capabilities, "two-thirds don't even use it!"

GFI-filter How companies use Web monitoring.

The study revealed that 51% are concerned about Web-borne malware, but only 9% worry about internal threats -- although that percentage rises as company size increases.

GFIthreat What SMBs worry about.

This lack of concern is dangerous, Scott says. "My customer database is the most important asset I have," he explains, and warns that when things turn ugly in small companies, the strong personal relationships mean "there's a whole lot of emotion involved. And one employee lawsuit where you're not prepared can be a big deal for a small company."

Yet the study says 63% of SMBs don't have policies concerning storage and retention of e-mails -- indicating that e-mail compliance and e-discovery are not seen as big issues. Some 18% of SMBs are planning to institute these kinds of policies. On the other hand, 66 per cent of respondents do not have email retention rules (20% say they are planning to do so).

More than half of SMBs (58%) have formal policies restricting access to sensitive data (11% are considering developing such policies), but only 47%have formal policies categorizing company data by its sensitivity (14% are considering adding such policies).

Of course, the external threats are also real. Many SMBs believe that "I'm too small for someone to come after," Scott says,, but the bad guys are increasingly fishing for soft targets. In places like China and Belarus, he adds, hacking is becoming a matter of national pride. "They don't know what they're attacking," Scott says, "they're just looking for servers."

Fortunately, the survey indicates that SMBs do take security seriously. Some 21% of SMBs don't plan to target security spending even if they have to slash their IT budgets, compared to 9% who are more likely to cut security spending than other IT projects.

Download The Survey: The GFI Software SMB And IT Security Report

Not surprisingly, GFI used the release of the survey as hook for its own news: the purchase of Katharion's outsourced anti-spam and anti-virus e-mail filtering solutions. Scott said that in addition to adding Katharion's 8,000 customers to GFI's 50,000 roster, the acquisition adds new Software as a Service (SaaS) technology to the company's existing on-premise security offerings for SMBs.

GFI is counting on this hybrid approach to help it prosper amidst these shrinking markets while still taking care of companies that "like to hug their Exchange servers," Scott explains. For now, he claims it's working. "We're still growing, and still profitable as hell."

Follow Fredric Paul on Twitter @ http://twitter.com/TheFreditor Follow bMighty.com on Twitter @ http://twitter.com/bMighty Put a bMighty gadget on your iGoogle page Get bMighty on your mobile device

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19037
PUBLISHED: 2019-11-21
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
CVE-2019-19036
PUBLISHED: 2019-11-21
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19039
PUBLISHED: 2019-11-21
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.