Research Says Cisco, Microsoft Lead Security Spending

A new study from Citigroup Investment Research contends that a majority of chief security officers are planning to maintain or boost spending on new technologies, with Microsoft and Cisco as leading beneficiaries.

The continued push into the security sector by IT leaders Cisco Systems and Microsoft is making hay with chief security officers, as a new poll of the executives finds that most will consider the well-known vendors products in 2006 as they budget network and applications defense technologies.

In its inaugural survey of ranking CSOs at 50 Fortune 1000 companies in the United States, New York-based Citigroup Investment Research found that 32 percent of the IT leaders said they plan to increase their security budgets this year, while 54 percent said they expect to maintain their current level of spending.

Those spending patterns closely resemble the same executives budgeting plans for 2005, according to the research.

Only six percent of the CSOs interviewed by the investment banks research arm said they will lower their technology budgets in 2006.

Among the companies most frequently referenced by the CSOs for planned spending during the year were Cisco in the networking security space, and Microsoft, a relative newcomer, in the applications arena.

While Cisco has been marketing firewall technologies and other network-oriented security tools for almost a decade, Microsoft has only entered the applications market in the last year with several stand-alone products.

The software giant is further expected to have an effect on the anti-virus market with the launch of its next-generation Windows operating system, known as Vista, scheduled to arrive sometime in 2007.

The new Microsoft OS will offer onboard anti-spyware and anti-phishing applications, among other tools, in the name of eliminating the need for some aftermarket Windows security products.

According to Citigroup, some 64 percent of the CSOs interviewed said they plan to buy applications from security software vendors, while 33 percent said they are planning to purchase security products from companies that specialize primarily in data networking technology.

While only 33 percent of the executives interviewed said they prefer to buy from data networking vendors, 44 out of the 50 respondents said they have made at least some security purchases from Cisco.

Rival Juniper Networks ranked second for such investments, far behind Cisco, with only four of the CSOs mentioning the company.

In a surprisingly good showing among applications vendors, Microsoft dwarfed other providers including anti-virus market leader Symantec in the report.

/zimages/4/28571.gifExperts say that cyber-criminals are still running amok. Click here to read more.

Some 68 percent of those involved in the research said they currently use security software from Microsoft, while only 26 percent said they are using Symantecs tools.

As the security market continues to see various types of security products come together into integrated suites of applications, Microsoft is also looking at promising prospects, according to the report.

Of those interviewed, 36 percent said they would prefer to work with one primary security software vendor, versus the 34 percent that indicated they would not want to consolidate security relationships, with 44 percent of those favoring the integrated approach listing Microsoft as their preferred provider.

Security stalwarts Symantec and Trend Micro were tabbed for spending on such applications by only three CSOs each.

Forty-six percent of the respondents said viruses and other forms of malware ranked as the most troubling issues, followed by spam at 12 percent.

Most of the executives who ranked spam ahead of viruses labeled the malicious code attacks second on their lists of major concerns.

Interestingly, Citigroup said that many of the CSOs could not think of a third problem they must deal with, what the experts called "illustrative of the narrow mindset" of the executives.

"Only a small handful of respondents mentioned more overarching architectural concerns like data protection, user and application authentication, and network access," said Brent Thill, an equity analyst with Citigroup.

"In our view, these responses bode well for point providers of anti-virus and anti-spam products in the near-term, but we expect over time the mindset will change to a more holistic, policy and access control-based approach to enterprise security."

On the topic of balancing perimeter network defenses with applications-level security tools, Citigroup said that an increasing number of CSOs are considering the use of the latter method, which is considered more adept at responding to so-called zero day malware attacks.

Some 40 percent of the executives interviewed for the study said that they are currently evaluating applications-specific security measures.

Of those executives, 62 percent said that they are somewhat likely to deploy applications-level security this year, with another 36 percent saying that they are either very likely or certain to do so.

Citigroup said this trend bodes well for Cisco, Juniper, and F5, which it views as the market leaders in the space.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.