Warning: Attack of the killer viruses

Warning: Attack of the killer viruses

With computer virus attacks estimated to have risen by between 50 and 100 per cent last year and continued growth expected, virus security is becoming a major component of any enterprise's security policy.

In March last year, PricewaterhouseCoopers (PwC) estimated viruses and hackers would cost businesses worldwide around $US1.5 trillion in 2000. While exact figures for the year are unknown, PwC's estimate may not have been that far off, with the malicious Love Bug virus causing more than $8.7 billion in damage alone when it infected over three million computers in May.

According to IDC, in Australia security breaches such as a virus attack or unauthorised access to corporate resources are the primary driver motivating IT managers to deploy security measures for their enterprises.

"Antivirus attacks represent the highest incidence of security threats that Australian companies are facing today," says IDC software analyst Natasha David.

In 1999, IDC valued the worldwide Internet security market (which comprises tools for authorisation, authentication and administration, antivirus software, firewalls and encryption software) around $4 billion. Revenues generated from the antivirus software segment made up just under a third of the entire worldwide market, or $1.2 billion. According to David, IDC predicts the worldwide Internet security market will grow at a compound annual rate of 23 per cent, reaching $11.3 billon by 2004.

Locally in 2000 the size of the local antivirus market was around $US14 million. This is expected to grow at 8 per cent CAGR (ompound annual growth rate) to reach $18 million by 2005. Expectations for this year value the market at $15 million, a 7 per cent growth rate, David says.

So it appears Australian IT executives are finally getting the message about the importance of antivirus software. But according to some industry players, those still not getting the message are resellers.

John Donovan, managing director of security software vendor Symantec, believes that extensive coverage by the media over the past year is partly responsible for the new-found interest and concern, but he insists virus awareness "was already there".

"Anything like [media coverage] raises awareness, but it doesn't necessarily change our business. It brings the major issues to the forefront," he said.

Kenny Liao, managing director of antivirus vendor Trend Micro, believes awareness has changed, but not yet in the right direction.

The level of awareness is still at the first generation, where client-server protection and multiple products are necessary, he says. But this protection isn't really designed to combat today's viruses, he warns.

According to Liao, Trend Micro is encouraging customers to move to second-generation security, targeting the Internet gateway where around 90 per cent of intrusions, including virus attacks, occur.

While corporate awareness of virus protection looks to have increased, Nick Verykios, general manager of distributor LAN Systems, says the channel and, to some extent, vendors have remained complacent. Many are yet to take advantage of the raised awareness, Verykios says.

"Last year we saw a lot of upgrades but a lot of missed opportunities. The large vendors and resellers of antivirus software were selling as much as possible, but . . . they didn't take advantage and sell ongoing services, using antivirus as a catalyst," he says.

"Let it be a lesson for 2001 because there will be just as many virus attacks if not more," he warns.

According to Verykios, resellers need to think of antivirus as more than just a licensed product or single solution. Antivirus should be bought and sold under the banner of a security solution, he suggests.

"We consider antivirus to be the last kilometre of data security, and data security to be the last kilometre of a complete security policy.

"Resellers will make very little money [selling just licensed products] because they are not adding value. If they sell it as part of a complete security policy, the margins are higher and they are not in competition over products. This way resellers are actually selling a lot more than just antivirus.

By selling antivirus products as part of a complete solution, there are opportunities for recurring revenue streams.

"And it's not just upgrades," says Verykios, adding that upgrades are just a commodity. "When you have an upgrade for an antivirus solution it's a great way of going back to a customer and looking at their complete security policy."

But Verykios warns that it might not be as simple as it sounds. In order to effectively target the market with a complete security package, resellers need to partner with more than one vendor for products.

While some vendors and resellers would disagree, Verykios says the concept of providing a total security solution is not the norm yet. "It will hopefully become a trend, but today it's the competitive edge."

Verykios urges resellers to stand up and take notice. "Analysts are predicting more of the same - lots of upgrades and low margins. The trend needs to be curbed and it can only be curbed by resellers who adopt new strategies and do things differently."

The good news for resellers, according to Verykios, is that antivirus and security products are always a "very considered purchase" for customers. This means once a customer has formed a partnership with a reseller there is the opportunity to sell ongoing security, maintenance strategies and management.

On the other hand, however, most vendors and resellers agree selling services is not always easy.

According to Trend Micro's Liao, a major challenge for resellers is actually getting companies to realise the importance of virus protection, even despite today's increased awareness. "The antivirus industry is very different to most. It is much more emotional."

Raising the issue of antivirus is nearly always a headache for customers, he warns. Like insurance, antivirus protection is harder to justify than most IT implementations. Because the potential of risk is based on a "what if" scenario, antivirus investments, including software installations and staff, are often seen as non-productive.

Richard Baldry, managing director of security software vendor Sophos, also agrees resellers should try and add value to antivirus sales and become more involved in the antivirus market to further develop relationships with customers. He says Sophos' recently launched Global Reseller Program is trying to do exactly that by encouraging resellers to move away from a "box-shifting" model to a services-based model. This is where the biggest challenge lies for resellers, he believes.

"Antivirus software needs upgrading regularly. Therefore, it creates a regular point of contact with clients and helps build strong relationships . . . and ongoing revenue."

Baldry says the antivirus market, with its constant need for maintenance and updating, is perfect for lending itself to the value-add model.

But he warns resellers not to use the scaremongering techniques sometimes adopted in the insurance industry to win customers.

"Scaremongering just doesn't work. Threats may work for some time but not in the long term."

Baldry urges resellers to take the time to learn about viruses and updates. "You can go a long way in reaching success with sales if you educate people."

Meanwhile, the biggest challenge faced by resellers in the antivirus market is actually working out how to best fit virus protection into a company's existing IT environment, says Ray McIntyre, channel sales manager with security software vendor Network Associates.

"Before the Internet, antivirus software was pretty simple. Ninety per cent of virus attacks are now coming through company mail gateways. There is a big opportunity for resellers," he says.

McIntyre agrees that the big area for resellers will be services, but more specifically managed services. For customers the greatest expense involved in maintaining a security policy are the management costs, he says. "This is where we see a lot of interest and potential. Resellers are setting up managed services so they can handle deployment, updates and reporting."

But according to some players, resellers may risk losing some marketshare with the emergence of Internet service providers doubling as antivirus services managers.

Vendors and resellers already agree the role ISPs can play in the antivirus market will take a front seat in 2001.

Next month, Trend Micro will announce a key partnership with Telstra Big Pond for the provision of antivirus services to corporates. Under the partnership, which has been trialled over the last three months by BMW, Smorgon Steel and Stadium Australia, Telstra Big Pond will provide 24 x 7 managed antivirus support and resellers will provide implementation and education skills.

In addition, if a reseller wishes to deliver services, there is an add-on component.

Liao said with the eDoctor service, Trend Micro has been careful not to exclude or compromise resellers.

"The product allows resellers to sell a service while not needing to actually provide a service," he says.

"We still think a reseller with a direct relationship with a customer is important. If a reseller wants to provide on-site services, they can charge additional rates and earn higher margins."

While NA's McIntyre can see potential in working with ISPs, he says he does not want to jeopardise any relationship with the reseller market. McIntyre says Network Associates is currently working on the best model to engage both resellers and ISPs.

Meanwhile, Chris Nicholls, product manager of gateway security services at security software vendor SecureNet, says the best advice for resellers is to "be smart".

"It's not a simple matter of selling a packaged solution and then running away. There has to be some sort of integration in the IT environment," he says. Getting an overlap of protection is important for large organisations and therefore a reseller's role is to provide a range of products, Nicholls suggests.

"It is important resellers understand [antivirus] is not just a shrink-wrapped thing. They need to think about how it relates to all the different areas and environments of the business," he says.

According to Nicholls, the hardest aspect for resellers might be how to manage an antivirus policy for an organisation and how to explain the technology simply to customers.

"It's not a trivial matter. Resellers really need to understand it clearly and need to be able to convey it to the market place."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments
View all events