Security on the rise

"The degree of sophistication amongst hackers today is such that we are now dealing with threats that can attack actual applications," he explains.

"We are trying to educate the market of the need to approach IT security in terms of identifying the exception, rather than employing specific pattern matching as we have seen in the past."

But while the industry is in the process of making this transition, this is something that customers themselves need help understanding.

"The biggest threat is for companies that don’t have in-house expertise and aren’t even aware of their lack of experience," McKinnel says.

"They go to a mid-tier integrator and buy ‘a’ technology based on price or based on something they’ve read in a magazine."

Trend Micro Australia managing director Chris Poulos admits that companies like his have done very well with pattern-matching solutions, but that threats such as the Nimda virus that appeared some two years ago forced a major re-think.

"Most anti-virus companies were taken by surprise by the complexity of that worm," he says.

Like most of the major anti-virus companies, Trend Micro has moved away from purely pattern-based techniques, and is now focused on what Poulos describes as policy-based solutions, whereby customers and channel partners access frequently updated documents on the company’s website.

"We see the policy document as operating like a sprinkler system when a fire breaks out as opposed to pattern files which operate like a fire engine after the fact," Poulos says.

Continuing with the fire fighting metaphor, Poulos adds that one of the big emerging opportunities in IT security is handling patch management for small companies, which would otherwise find the experience like ‘drinking from a fire hydrant’.

Trend Micro’s Network Virus Wall is designed so that users are denied access to the network if their patches are not updated, taking the pressure off network administrators to do the policing themselves.The company recently sold its IP for this solution to Cisco, for incorporation into all of the latter’s hubs and routers.

Watchguard's Radavics: No real simple solutions

More generally, Poulos says that Trend Micro has a more focused approach to the SMB market, which is reflected in the company’s channel structure.

"Previously we were all things to all people with the channel but have now decided to be more customer segmented to recognise, for instance, that there needs to be a minimum standard in which SMBs can engage in security," he says, hinting that the company would soon announce a new channel program in Australia designed to address horizontal, rather than vertical markets.

Specialists at the low end,Watchguard Technologies, claims to be the first company to have put a firewall in a box after perceiving very early on that the SMB market was being underserviced. The company’s products have therefore developed along the lines of easy-to-use interfaces, simple configurations and of course low cost.

The company’s managing director, Sven Radavics, admits that while this strategy helped the company to gain a foothold in the SMB market, the reality today is that there are no real simple solutions for IT security.

"In the early days there may have been a valid criticism that we weren’t granular enough -- but that has changed," he says.

Like Check Point’s McKinnel, Radavics believes that the trend of companies just buying something off the shelf is changing to create more opportunities for those in the channel offering more progressive solutions.

"Security is a process, not a product," Radavics says, adding that Watchguard has developed dedicated programs to help its channel partners manage the ongoing complexities of IT security.

If one thing’s for sure in this highly complex market though, there sure are a lot of experts.

"I think that if you got 10 IT/network managers together and asked them to define what a firewall does and the explain their purchasing criteria and what they thing they’d achieve, you’d get a very interesting result," McKinnel concludes.