CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Security firms add services

Faced with shrinking margins and dropping prices, security software firms are branching into services in search of new revenue sources.

    Faced with shrinking margins and dropping prices, security software firms are branching into the professional services area in search of new revenue sources.

    The move may help vendors such as Check Point, Secure Computing, and Network Associates, deliver increasingly complex products that will be more in tune with a rapidly changing market.

    But analysts warn that the highly lucrative consulting business is already chock-full with big name firms that are also looking for fresh revenue sources to boost their own bottom lines.

    Driving the interest in security consulting by Check Point and other security software firms are both falling firewall prices and the complexity of network security problems and solutions.

    By putting their own consulting organization on the street, security software makers can tap into a new source of revenue derived from helping companies select and implement software. Consulting practices also serve as an additional product channel for software makers, since consultants will most likely recommend their company's own products.

    "A lot of suppliers are recognizing the need and responding," said Jim Hurley, security analyst at the Aberdeen Group. "Not all will respond equally well."

    Check Point will detail its plan to move into the services market next week. Analysts said the move into professional services represents not only a step beyond the company's firewall niche, but also an implicit admission that its technical support has been lacking.

    "We told Check Point seven months ago that they were in trouble [in tech support]," Hurley said. "I'm glad they recognized it as a problem."

    In Check Point's case, tech support has, until now, come from resellers, the company's main channel. But in an announcement due Monday, Check Point will add a new 25-person professional services unit intended to, among other things, support Check Point's firewalls, bandwidth management, and IP addressing software.

    In expanding beyond the security arena, Check Point is addressing a wider range of network customers' problems.

    But Check Point is not the only security software company with an eye on consulting. Secure Computing this week realigned its security consultants force, and Network Associates has emphasized the consulting practice of firewall firm Trusted Information Systems, which it acquired earlier this year.

    "A lot of their customers are buying multiple point products, and customers are still trying to figure out how to get them implemented," Marlo Kosanovich, analyst with Meta Group, said of the trend toward security consulting.

    Indeed, companies like TIS and Secure Computing created security software based on their experience as security consultants for federal agencies, often secretive ones.

    Likewise the WheelGroup, an intrusion detection software firm purchased by Cisco Systems, had a strong consulting practice built on its executives' service in the U.S. Air Force.

    Axent Technologies also has a sizable security consulting practice in addition to multiple software offerings.

    But as Hurley notes, security software companies moving into professional services will find that others are already there. IBM Global Services, Perot Systems, and the big five accounting and consulting firms already have security practices.

    "It's more than simple implementation services. They're really looking for someone to take over the management as a project," said Hurley, whose firm helps corporations identify security needs and recommends vendors. "The need in the organization is to integrate a lot of other technology components with applications, systems, legacy systems, and firewall."

    Jim Balderston of Zona Research adds that because security threats change, defenses must evolve, too.

    "It is dangerous to rely on fixed defenses like shrink-wrapped product when you're facing a very mobile and fluid and changing adversary," Balderston said. "It makes a helluva lot of sense that security companies will evolve into consultants that basically do just-in-time security, up to the minute."