Market Share Analysis: Security Software, Worldwide, 2011

Key Findings

• Intel's write-down of the McAfee revenue impacts the market from reaching double-digit growth.
• The security market continues to benefit from consumer and enterprise investments.
• Small or midsize business (SMB) demand, advanced persistent threat and compliance are among the main drivers.
• Merger and acquisition (M&A) activity has remained a significant factor influencing the competitive landscape.

Table 1 shows the security market share by vendor, and Table 2 shows the security spending by region.

Source: Gartner (April 2012)

Source: Gartner (April 2012)

Overall Market Performance Analysis

The 2011 security market share showed a continuation of demand for consumer and enterprise security tools. For what concerns the competitive landscape, a noticeable impact is recorded on McAfee's decrease of revenue by 27.5%, therefore losing market share to competitors. This was related to its acquisition from Intel and the fact that around 30% of $1.4 billion in deferred revenue was written down.

The 2011 security market continues to grow solidly. However, as demonstrated in Table 2, some regions did not experience the high-double-digit growth of emerging Asia/Pacific and Eurasia, (driven by "greenfield" projects and buoyant economies). As expected, Western Europe remains the laggard because of the uncertain and very difficult economic fragility. The security market includes 11 segments, including endpoint security products (for both the enterprise and consumer markets), Web and email security tools, identity and access management (IAM), and security information and event management (SIEM) technologies.

Products within the security market are undergoing rapid evolution, in terms of both new delivery models with security as a service (SaaS) showing increasing popularity, and new technologies being introduced, often by startup companies. Key vendors continued to expand their product portfolios, buying companies where appropriate and expanding their reach into emerging markets. M&A activity also has been an important factor in shaping the market landscape at least during the past five years. In some areas, such as endpoint, Web security and IAM offerings, vendors have increasingly bundled products together into a suite offering, and products positioned within one market segment increasingly have functionality that overlaps with adjacent markets, so we recognize that some areas of potential overlap, open to interpretation on where revenue may be accounted, remain across multiple segments.

According to a number of Gartner end-user surveys, security continues to be a top priority across all technology categories in the SMB market. The rise of midmarket demand presents a new challenge for participants in the security space as SMB requirements are specific and different from larger enterprises. Security buyers, from small and midsize businesses, increasingly are considering SaaS as an alternative option for deploying security technologies, particularly for areas such as email and Web security, which leads to more market consolidation and more competitive pricing. Adoption of security software in the SMB market is gradually switching toward suite offerings, which offer better-integrated multifunction solutions. Spending on security software is also influenced by the evolution of new threats and working practices. For example, as companies increase the mobility of their workforce, this situation raises new security concerns and requirements. Growing demands for remote access requires organizations to safeguard off-premises applications and data, as well as an array of new client devices. The rapid adoption of virtualization in the SMB market also will drive interest in security solutions targeting virtual environments. Players such as McAfee, StillSecure and Trend Micro are examples of providers starting to service this growing market.

Growth across the different security segments analyzed continues to show great levels of variation, with emerging economies showing higher growth levels as a result of lower adoption rate levels and greenfield opportunities. However, we denote some level of resilience and demand for more mature technologies, even from more developed markets where adoption rates are higher. Of particular interest is the enterprise endpoint protection platform that continues to generate positive growth because of the need to keep maintaining product deployments active and the interest to upgrade to more efficient anti-malware capabilities such as behavioral-based detection and tools that leverage security intelligence from the cloud.

The security market, from a competitive perspective, can be divided into four groups of vendors. At the top are the giants, McAfee, Symantec and Trend Micro, with a strong presence in both the consumer and enterprise markets and with 35% of combined market share. On a second tier is a group of large vendors, such as IBM, EMC, Cisco and CA Technologies, where security is only a part of overall corporate interests but that offer a breadth of product capabilities covering many of the security segments. A third tier is composed of specialist midsize vendors, such as Kaspersky, Oracle, Websense, Sophos, Blue Coat Systems and ESET, which tend to have more of a focus on certain segments in which they have built a relatively strong presence. The fourth tier is composed of large IT vendors with a small presence in the security space or small players with specialization in one or two security segments.

Top Vendors Analyzed

McAfee Reported Revenue Impacted by Intel Acquisition, but Real Growth Remains Strong

McAfee was acquired by Intel on 28 February 2011. The 2012 Market Share report shows a significant decline in McAfee's 2011 GAAP revenue. This is a result of normal purchase accounting rules that required Intel to write down approximately 30% of McAfee's approximate $1.4 billion of deferred revenue, which would have amortized into revenue in the 18 months following the acquisition. All companies are reported using this methodology from Gartner, allowing only for the inclusion of GAAP-only-reported income revenue.

The report shows the deflation of revenue will continue until McAfee's February 2011 deferred revenue is fully amortized, most likely at some point in 2013 when it will be moved to GAAP and accounted for at that point-in-time's reports.

McAfee's brand strength and market presence originates from its primary focus and specialization on security, both on the consumer and enterprise markets. On the enterprise side, McAfee has been expanding its security software offering to network security following its acquisition of Secure Computing in November 2008. With its mother company Intel, McAfee aims to build on both companies' competencies and have better integration between hardware and security. The McAfee DeepSAFE, a new low-level security agent that runs below the OS on Intel Core I-series processors, is an example of the technology partnership that is an innovation this new corporate entity aims to bring to the market.

Symantec Back to Double-Digit Growth

Symantec recorded an annual growth of 17%, reaching $3.7 billion in 2011. High-level M&A activity in 2010, with the acquisition of GuardianEdge, PGP and VeriSign, was determinant in bringing back double-digit growth in security, alongside the return to growth of core offering Endpoint Protection Platform. Symantec retains its market share leadership in both the consumer and enterprise security space. Symantec has continued to expand is offering beyond the traditional endpoint security space by leveraging its competency and mind share in the storage/data backup space and by putting new focus of securing data, both at rest and in motion, through its data loss prevention (DLP) and encryption products. Its strategy to enable service alternative delivery capabilities, with its cloud-based security and management services is another critical component of Symantec strategy. Symantec recently has launched a cloud information protection platform called Symantec O3 that provides protection for cloud activities providing identity and access control, information security to data in the cloud, and information management.

Trend Micro Records Positive Growth Driven by Consumer Security

Trend Micro is the other market share leader of the security software market with strong presence in both the consumer and enterprise security space. During 2011, Trend Micro grew 11%, generating $1.2 billion revenue, growth that on the contrary of its main market competitors is organic rather than from acquisitions. Trend Micro business in mature Asia/Pacific region remains a critical driver of revenue, particularly from its traditional strength in the Japanese market, where it is estimated it generated around 46% of its overall revenue. Trend Micro's sales channels helped drive the 18% growth in consumer business in 2011. On the enterprise side of its business, the server security's very good growth was also critical in driving new revenue where Trend Micro has developed an innovative agentless, anti-malware product for virtual environments as a result of its solid relationship with VMware.

Other Notable Vendors

AhnLab Diversifies Its Endpoint Security Offering With Industrial Systems Protection

AhnLab is a new addition to the annual Gartner Market Share Security Software report. AhnLab recorded above-average growth of 20%, reaching $45 million in 2011. Similarly to Trend Micro, AhnLab relies on a strong foothold in the mature Asia/Pacific region, and particularly in the country of South Korea, where this player has its head offices and where it generated 90% of its overall revenue. While AhnLab has some presence in the consumer space with about 14% of its total corporate revenue, its main strength remains in the enterprise space, particularly the Endpoint Protection Platform. AhnLab has been looking to develop some specialization toward securing industrial systems, combining application whitelisting and anti-malware technologies.

AVG Records Strong Consumer Security Growth

AVG is also a new addition to the annual Gartner Market Share Security Software report. AVG is a player focusing mainly on the consumer security space, where it embraced freeware as a business model to reach global brand awareness and expand its foothold to millions of users and then, subsequently, try to upgrade them to premium paid-for products. AVG revenue reached $270 million in 2011, growing at a rate of 25%. Although originating from Europe, AVG has reached a good global presence with about two-thirds of its revenue being generated within the Americas and Asia/Pacific regions. AVG has leveraged business partnerships with players such as Microsoft, Google and Yahoo to expand its revenue and is looking at mobile space to expand its product offering.

HP Becomes Market Leader in SIEM Through ArcSight Acquisition

HP re-established a foothold in the security software market by acquiring ArcSight after divesting its IAM offering. The 330% growth in 2011 comes as a result of such acquisition, bringing $249 million of revenue. HP has been putting emphasis in the security marketplace to try to win mind share. Its past acquisitions of TippingPoint (through its 3Com purchase), Fortify in the application security space and EDS have brought strong security capabilities, although in fairly distinct security markets. In September 2011, HP combined the collection of security assets and product groups into a single business unit known as Enterprise Security Products.

Oracle Consolidates Its Leadership Position in IAM

Oracle strengthened its position in IAM following growth of around 20% in 2011, bringing total security revenue to $417 million. Similarly to other large players, M&A was influential in this growth, particularly as a result of the Passlogix, Secerno and Sun Microsystems acquisitions in 2010. The Oracle Identity and Access Management Suite was one of the strongest security product offerings in 2011. Also of note is the strong new license revenue growth, particularly from single sign-on and directory services products. Oracle security vision has been to focus on pursuing a strategy of an integrated IAM platform, including the integration of a fraud detection and user authentication software platform, while strengthening offerings around database audit and protection, and introducing a cloud-based alternative delivery model.

Quick Heal Shows Strong Growth in the Endpoint Protection Platform Area

Quick Heal is newly added to the Market Share report this year because of its significant presence in the security market in India — it is just second to Symantec in Indian endpoint security segments (consumers and enterprises) and the largest homegrown player in the country. Gartner estimated that the growth of Quick Heal in 2011 was 21% to a revenue close to $24 million, in which 86% of revenue came from the Indian market. The company was founded in 1993 and is headquartered in Pune with more than 450 employees in 22 offices. Quick Heal has expanded to the international market basically with a distribution partner approach. It has also expanded to other security areas such as mobile security.

Mergers and Acquisitions

On the M&A front, several major acquisitions moved the security market in the past couple of years, from Intel buying McAfee to Symantec acquiring VeriSign, PGP and GuardianEdge to Oracle acquiring Sun Microsystems (see Table 3).

Source: Gartner (April 2012)