security as as service: case study of f-secure

Internet Security CoursePouria Ghaternabi

F-Secure Corporation: Software as a Service in the Security Solutions Market

Agenda

About F-Secure Emergence of Security

Software Market F-Secure & Public listing Introduction of SaaS

with ISP channel Key Issues to Address

Maintaining Current Success

Future Challenges Developing Capabilities

Conclusion Q&AClick me to see my ugly face

About F-Secure

Evolution of F-Secure

Started as a consulting and training service provider for desktop publishing, project management ,database management etc.

Data Security became the focus of F-secure when Mikko Hypponen (Leading software security experts) joined the company in 1991.Cultural revolution started.

F-Secure created its First Anti-Virus scanner product same year.

F-Secure also dabbled and divested in file encryption and Virtual Private Network(VPN) solutions.

Emergence ofSecurity Software Market

First widely publicized computer break-in occurred in August 1986 in Lawrence Berkeley Labs in California.

Next Major event happened in November 1986 when a Cornell university student injected an experimental self replicating and propagating worm into a node on the internet.

F-Secure partnered with Fridrik Skulason to develop a commercial product and later released a windows version.

Threats from viruses grew in the early 90s.Viruses began spreading through out the internet.

Reasons of Public Listing

Only 0.5% of market share in 1999. The industry market had two major players. F-Secure had low investment in branding. In other to compete;

F-Secure needed to acquire funds, and

Increase visibility

Critical Turning Point

Having recognized that the major players had strong reputations and where first movers in the industry which attracted many cooperate customers. F-Secure realized; It had limited sales channels There was lack of security concerns of casual users

It needed a new way to compete, Thus, the ISP initiative ascended.

The SaaS & ISP Strategy

Security as Service is a SaaS initiative deployed by F-Secure to deliver sets of security service functionalities to customers based on their desired need.

It allows for ISPs to use sets of a vendor security software to manage customer security services.

Facilitates end user service differentiation. Reliable security software updates in real-time.

Why ISP

It was a competitive advantage for F-Secure. It was an unexploited market. Unattractive to major players. It offered a wide customer base access and sales

channel. Addressed customer known-how issues. Valuable added services of ISPs to customer. Opportunity to utilize ISP’s existing billing system.

Success of this model

In 2008, it had over 180 ISP partners scattered over 38 countries.

In 2008, it realized 13.9 Billion (47%) of its total revenue through its ISP partners.

F-Secure became a global market leader. F-Secure clinched a huge amount of loyal

customers from the market. Offered its product at less expensive prices.

F-Secure: Key Issues to Address

Maintaining Current Success with ISP

Maintaining Current Success

ISP country's specific products introduction (+1 differentiation)

Subsidized prices as per country's economic condition

Continue to be innovative with Research and Development of new technologies and new solutions

Innovations in mobile computing and even consumer products

Future Competition & Service Delivery

Mergers and acquisitions

Cloud Service providers

New Battlefields & Service Areas

Cloud Computing Mobile computing Pervasive computing/ internet of things Literally, all of the devices can be hacked Intentional threats getting organized

Governments are getting into the game…

Ralph Langner

if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It's way above everything that we have ever seen before.

Rise of New Threats, and Future of Security

Mikko HypponenF-Secure Chief Research Offices

Developing Capabilities: ISP value

added services

Securing Data Center by ISPs for DDoS attack for enterprises can provide unique opportunities for business growth.

Volumetric DDoS attack Application layer based DDoS attack targeting specific services

ISPs can provide both a network-based service component to stop volumetric DDoS attacks and a CPE-based service component to stop application-layer DDoS attacks—representing a distinct competitive advantage.

Securing Data Centers: A Unique Opportunity for ISPs, White Paper, ARBOR Networks

Developing Capabilities

Always be the first to detect and provide a remedy to the threat Increase visibility of the network for Mobile Networks * Critical relationship with Govt. Agencies to understand the future regulatory

requirements R&D for how virus will be developed and start to impact in social media. Diversity of distribution channels

The security solution will be distributed through ISPs, mobile phone providers, cloud service providers, OEMs, & direct sale.

*Top Security Concerns and Threats Facing Today’s Mobile Network Operators, Highlights from Arbor Networks’ 2012 Worldwide Infrastructure Security Report

Security Market Size & Forecast

Overall, the security software market is about $20 billion and growing.

The consumer security software market will grow to around $6 billion by 2016 ($4.3 billion in 2012).

The mobile security software market is growing at almost 40% per year over the next four years (Gartner, Jan 2013).

F-Secure :ANNUAL REPORT 2013

Key Takeaways

Main source of competition is from changing markets Security threats are getting new horizons Privacy is the renewed concern Cloud computing is the next frontier for security solution

delivery Strong collaboration with different security solution

stake holders

WELCOME TO THE PARTYYOU ARE AUTHORIZED TO ASK YOUR QUESTIONS SECURELY…