Data security has been a major area of interest and investment over the past decade, but it's been a tough place to be an investor. Though industry leader Symantec
Evolution of a con
Hacking, cracking, phreaking, phracking, phishing, scripting, virii, bots, Trojan horses, worms, sniffers, exploits, and wardialing -- call it what you will, it's just as unpleasant. If you mentioned a hacker ten years ago, you were generally talking about a bug-eyed thirtysomething nerd or outcast teenager who wanted to impress other web denizens by replacing 3M's website with something like "D3struct0 Cr3w Rul3zzz" or "U h@v3 b33n h@ck3d by Wh1t3R@bb1t." Of course, virii (the hacker-ese plural of "virus") have always represented a more malicious part of the hacking underworld, but back then, even virii were generally more about bragging rights than wreaking real havoc.
As we place more and more valuable information on the Web, breaking through security measures to gain access to that information has become a very lucrative business. The faces behind hacking have quickly changed from thrill-seekers, anarchists, and intellectual showoffs to criminals interested in sensitive corporate information, credit card numbers, bank account access, and personal data like social security numbers. The compensation that a hacker expects from his or her trade has gone from the simple sweet taste of victory to thousands or even millions of dollars.
Taste the rainbow
Just as there's no single flavor of Internet evildoer, there's no single flavor of attack used to cause chaos on the web. Today's attacks still include time-honored favorites like virii and hacking, but they are joined by a host of other threats, including bots, scripts, spyware, adware, spam, and social engineering.
As the data-security industry evolved, many companies were born to combat individual types of security threats. McAfee and Symantec were initially known for their antivirus tools. Other companies such as Netscreen, which was later acquired by Juniper
Though data security is arguably more important today than it was back then, the industry is having increasing trouble supporting companies that target a single category of threat, no matter how effective their products. Putting a good security scheme in place is troublesome at best, and few corporate chief technology officers enjoy the additional worries of having to manage separate software or hardware for their firewall, virus-scanning, VPN, spam, spyware, policy, and intrusion-detection and -prevention needs. So now, the name of the game is assembling security packages that integrate all of the facets of data security, or, even better, offer full implementation and management of a total security package.
Gorillas in the mist
Security "point products" have fallen out of favor, and many companies with traditional strengths in a single category, such as Internet Security Systems with intrusion detection and prevention or Tumbleweed with mail security, are trying to expand their product offerings to provide end-to-end security. The middle market already contains numerous companies scrapping for customers, including ISS, Tumbleweed, Secure Computing, Websense, SonicWALL, and WatchGuard. As the larger security players continue to broaden their services, and other mainstream information-technology behemoths move into security, it will be even tougher for these smaller players to make ends meet.
The biggest, best-regarded companies with the best-integrated software packages will benefit most from big companies' security spending. In the world of stand-alone security companies, these include Symantec, McAfee, Trend Micro
Along with the gorillas of the security industry, titans from other industries have been encroaching on the space over the past few years. Most recently, EMC
The h@ck3rs will be crushed
Now there's some wishful thinking. It's doubtful that there will ever be a clear winner in the war against online malcontents. As long as a data-security company can hire a Ph.D. to write an encryption algorithm, there will be crime rings out there willing to pay another Ph.D. a hefty sum to find its holes. That said, since there's no indication that individuals, financial institutions, and other businesses and corporations plan to reduce their exposure to the Internet, there should be a continued demand for products that will keep their virtual valuables secure. Looking ahead for the next decade, I'd recommend that investors who want to secure returns from data security should climb on the back of one of those 500-pound gorillas.
We've secured further Foolishness:
McAfee is a Motley Fool Stock Advisor pick, while Microsoft made the cut at Motley Fool Inside Value . For even more superior investing advice, try any of our market-beating Foolish newsletters free for 30 days.
Fool contributor Matt Koppenheffer does not own shares of any of the companies mentioned and obtained none of the information in this article through hacking. He always encourages c0mm3nts. The Fool has an ironclad disclosure policy.