Inbound email security, sometimes called email hygiene, not long ago was perceived by market analysts and venture capitalists as a surging growth market in which pure-play startups could prosper and thrive. Great things were expected, and market projections soared into the statistical stratosphere.
It’s amazing how quickly situations can change. Now, email security is seen as a market where big players, namely Symantec and Microsoft, are poised to gobble up market share at the direct expense of smaller, venture-funded players, with only one or two of the upstarts managing to survive an intense consolidation shakeout.
Perhaps this was inevitable. Many of the email-security startups, such as IronPort and CipherTrust, were generously funded by investors, but they depended on antivirus vendors (and sometimes anti-spam vendors) for key intellectual property that they integrated into finished appliances based industry-standard hardware. It was only a matter of time before the antivirus vendors, confronting a looming threat to their core business from Microsoft, began looking at how they could lessen their exposure by diversifying their product portfolios.
One way to reduce the impact Microsoft might have on them was to go from supplying antivirus technology to email-security appliance vendors to building the appliances themselves. After all, there was nothing particularly special about the hardware, which was just a hardened box for the software inside. Sot that’s precisely the course Symantec took after its acquisition of anti-spam vendor Brightmail. Other antivirus vendors soon follow suit, if they hadn’t already come to a similar conclusion and made the move earlier.
This set off a chain reaction, with email security vendors scrambling to differentiate themselves by adding other features and functionality, including IM security, reputation networks and services, outbound content control, and various other bells and whistles. That, of course, brought them into competition with other startups in those market segments; those vendors, in turn, looked at how they could extend their products and technologies to preclude competitive incursions from the email-security interlopers.
Unfortunately for the inbound email-security appliance vendors, Microsoft hasn’t limited its security ambitions to antivirus, anti-spam, and anti-spyware on desktop clients. Instead, through its acquisition of FrontBridge Technologies, a messaging-security services company, and through its other acquisitions of security capabilities, Microsoft has assembled a formidable array of inbound email security that will now reside on its Exchange 2007 server.
According to a note on the blog at Ferris Research’s website, Exchange 2007 will include several features to protect against inboard email threats. Integrated alongside Exchange 2007’s spam-filtering functionality will be several features that help defend against denial-of-service (DoS) attacks and mail-system overloads.
Previously these sorts of capabilities were the preserve of email-security vendors, including the likes of IronPort, Proofpoint, CipherTrust (recently acquired by Secure Computing), Mirapoint, and others.
It is no wonder that so many of these companies, of which there are many, are trying so desperately to find acquirers. It’s also no wonder that not many acquirers can be found.
With its long-overdue commitment to and emphasis on securing its own operating systems and applications, Microsoft has brought a sea change to many security markets. The waves first were felt in the antivirus market, but they are not pounding on the beachheads of the messaging-security players. Not many will survive the storm.