The Australian security software market is set to rise a staggering 65% by 2010, as vendors continue to binge on acquisitions to provide more bundled offerings, and users beef-up security infrastructure to combat new threats.
IDC's security system management analyst, Patrik Bihammar, says the local security market will increase from A$850 million to A$1.3 billion in less than three years.
Bihammar says security software will maintain its annual compound growth rate of 13.4%, well ahead of other software markets.
His assessment of the local market and emerging trends through to 2010 will be presented at IDC's security and continuity conference which will be held in Sydney on Tuesday.
Bihammar also talks about the 3S vendors (security, system and storage) following massive consolidation in the market with the EMC-RSA acquisition, Cisco and IronPort as well as Symantec's Altiris buy.
"There is a long way to go before we see true integration of [security into management solutions], and then we will know if these vendors are over-extending themselves," Bihammar says adding that a big inhibitor "3S" vendors will have to overcome is that departments are usually only interested in solutions specific to their area of responsibility.
Bihammar predicts security vulnerability testing will be beefed-up over the next few years.
To respond to rising application-based attacks, he says improved testing will start with the security-lax software development debugging phase.
"Attacks have changed their targets from the operating system to the application layer, and we will see more threats like macro viruses in [Microsoft] Office, browser cross-site scripting, buffer overflows and denial of service attacks," Bihammar says.
He warns in-house developed and managed security software will face extinction as dedicated anti-virus vendors begin playing cat-and-mouse with the increasing exposure of vulnerabilities and faster morphing of malware variants.
The United States compliance footprint will also raise the importance of security as Australia develops its own regulatory models.
"Compliance will be seen as a new class of vulnerability itself because non-compliance presents the risk of irreparable PR damage and massive financial penalties," he says.