The presentation describes how F-Secure has transformed its business model to Security as a Service (SaaS) in telecommunication market. Security as a Service uses cloud platforms to offer security services.
2. Agenda
About F-Secure
Emergence of Security
Software Market
F-Secure & Public listing
Introduction of SaaS with
ISP channel
Key Issues to Address
Maintaining Current Success
Future Challenges
Developing Capabilities
Conclusion
Q&A
Click me to see my ugly face
4. Evolution of F-Secure
Started as a consulting and training service provider for desktop
publishing, project management ,database management etc.
Data Security became the focus of F-secure when Mikko
Hypponen (Leading software security experts) joined the
company in 1991.Cultural revolution started.
F-Secure created its First Anti-Virus scanner product same year.
F-Secure also dabbled and divested in file encryption and Virtual
Private Network(VPN) solutions.
5. Emergence of
Security Software Market
First widely publicized computer break-in occurred in August
1986 in Lawrence Berkeley Labs in California.
Next Major event happened in November 1986 when a Cornell
university student injected an experimental self replicating and
propagating worm into a node on the internet.
F-Secure partnered with Fridrik Skulason to develop a
commercial product and later released a windows version.
Threats from viruses grew in the early 90s.Viruses began
spreading through out the internet.
6. Reasons of Public Listing
Only 0.5% of market share in 1999.
The industry market had two major players.
F-Secure had low investment in branding.
In other to compete;
F-Secure needed to acquire funds, and
Increase visibility
7. Critical Turning Point
Having recognized that the major players had strong
reputations and where first movers in the industry which
attracted many cooperate customers. F-Secure realized;
It had limited sales channels
There was lack of security concerns of casual users
It needed a new way to compete,
Thus, the ISP initiative ascended.
8. The SaaS & ISP Strategy
Security as Service is a SaaS initiative deployed by F-Secure
to deliver sets of security service functionalities to customers
based on their desired need.
It allows for ISPs to use sets of a vendor security software to
manage customer security services.
Facilitates end user service differentiation.
Reliable security software updates in real-time.
9. Why ISP
It was a competitive advantage for F-Secure.
It was an unexploited market.
Unattractive to major players.
It offered a wide customer base access and sales channel.
Addressed customer known-how issues.
Valuable added services of ISPs to customer.
Opportunity to utilize ISP’s existing billing system.
10. Success of this model
In 2008, it had over 180 ISP partners scattered over 38
countries.
In 2008, it realized 13.9 Billion (47%) of its total revenue
through its ISP partners.
F-Secure became a global market leader.
F-Secure clinched a huge amount of loyal customers from
the market.
Offered its product at less expensive prices.
13. Maintaining Current Success
ISP country's specific products introduction (+1 differentiation)
Subsidized prices as per country's economic condition
Continue to be innovative with Research and Development of
new technologies and new solutions
Innovations in mobile computing and even consumer products
14. Future Competition & Service
Delivery
Mergers and acquisitions
Cloud Service providers
15. New Battlefields &
Service Areas
Cloud Computing
Mobile computing
Pervasive computing/ internet of things
Literally, all of the devices can be hacked
Intentional threats getting organized
16. Governments are getting into
the game…
Ralph Langner
if you have heard that the dropper of Stuxnet is complex
and high-tech, let me tell you this: the payload is rocket
science. It's way above everything that we have ever seen
before.
17. Rise of New Threats, and
Future of Security
Mikko Hypponen
F-Secure Chief Research Offices
18. Developing Capabilities:
ISP value added services
Securing Data Center by ISPs for DDoS attack for enterprises
can provide unique opportunities for business growth.
Volumetric DDoS attack
Application layer based DDoS attack targeting specific services
ISPs can provide both a network-based service component to
stop volumetric DDoS attacks and a CPE-based service
component to stop application-layer DDoS attacks—
representing a distinct competitive advantage.
Securing Data Centers: A Unique Opportunity for ISPs, White Paper, ARBOR Networks
19. Developing Capabilities
Always be the first to detect and provide a remedy to the threat
Increase visibility of the network for Mobile Networks *
Critical relationship with Govt. Agencies to understand the future
regulatory requirements
R&D for how virus will be developed and start to impact in social media.
Diversity of distribution channels
The security solution will be distributed through ISPs, mobile phone providers,
cloud service providers, OEMs, & direct sale.
*Top Security Concerns and Threats Facing Today’s Mobile Network Operators, Highlights from Arbor Networks’ 2012
Worldwide Infrastructure Security Report
20. Security Market Size & Forecast
Overall, the security software market is about $20 billion
and growing.
The consumer security software market will grow to around
$6 billion by 2016 ($4.3 billion in 2012).
The mobile security software market is growing at almost
40% per year over the next four years (Gartner, Jan 2013).
F-Secure :ANNUAL REPORT 2013
21. Key Takeaways
Main source of competition is from changing markets
Security threats are getting new horizons
Privacy is the renewed concern
Cloud computing is the next frontier for security solution
delivery
Strong collaboration with different security solution stake
holders
22. WELCOME TO THE PARTY
YOU ARE AUTHORIZED TO ASK YOUR QUESTIONS SECURELY…
Editor's Notes
The Brand promise is to protect customers irreplaceable digital content and online interactions.
F. Secure had to work hard to convince some companies that viruses were even exixtant.Early sales were uninspiring.
KGB funded German slipped through the system system security holes and was browsing sensitive databases primarily military networks
The worm replicated and infected machines at the university, military sites and medical research facilities the world over costing damages ranging $ 200-$53000 per site
Viruses began spreading through documents attached to emails.
In 2006, we hit an important milestone from the perspective of computer security. And why do I say that? Because that's when implanted devices inside of people started to have networking capabilities. One thing that brings us close to home is we look at Dick Cheney's device, he had a device that pumped blood from an aorta to another part of the heart, and as you can see at the bottom there, it was controlled by a computer controller, and if you ever thought that software liability was very important, get one of these inside of you.
2:52Now what a research team did was they got their hands on what's called an ICD. This is a defibrillator, and this is a device that goes into a person to control their heart rhythm, and these have saved many lives. Well, in order to not have to open up the person every time you want to reprogram their device or do some diagnostics on it, they made the thing be able to communicate wirelessly, and what this research team did is they reverse engineered the wireless protocol, and they built the device you see pictured here, with a little antenna, that could talk the protocol to the device, and thus control it. In order to make their experience real -- they were unable to find any volunteers, and so they went and they got some ground beef and some bacon and they wrapped it all up to about the size of a human being's area where the device would go, and they stuck the device inside it to perform their experiment somewhat realistically. They launched many, many successful attacks. One that I'll highlight here is changing the patient's name. I don't know why you would want to do that, but I sure wouldn't want that done to me. And they were able to change therapies,including disabling the device -- and this is with a real, commercial, off-the-shelf device -- simply by performing reverse engineering and sending wireless signals to it.
4:06
There was a piece on NPR that some of these ICDs could actually have their performance disrupted simply by holding a pair of headphones onto them.
***
So the amount of money online crime generates is significant. And that means that the online criminals can actually afford to invest into their attacks. We know that online criminals are hiring programmers, hiring testing people, testing their code, having back-end systems with SQL databases. And they can afford to watch how we work -- like how security people work -- and try to work their way around any security precautions we can build. They also use the global nature of Internet to their advantage. I mean, the Internet is international. That's why we call it the Internet.
9:14
And if you just go and take a look at what's happening in the online world, here's a video built by Clarified Networks, which illustrates how one single malware family is able to move around the world. This operation, believed to be originally from Estonia, moves around from one country to another as soon as the website is tried to shut down. So you just can't shut these guys down. They will switch from one country to another,from one jurisdiction to another -- moving around the world, using the fact that we don't have the capabilityto globally police operations like this. So the Internet is as if someone would have given free plane tickets to all the online criminals of the world. Now, criminals who weren't capable of reaching us before can reach us.
13:14
So what happens when online criminals are caught? Well in most cases it never gets this far. The vast majority of the online crime cases, we don't even know which continent the attacks are coming from. And even if we are able to find online criminals, quite often there is no outcome. The local police don't act, or if they do, there's not enough evidence, or for some reason we can't take them down. I wish it would be easier; unfortunately it isn't.
http://worldmap3.f-secure.com/
13:39
But things are also changing at a very rapid pace. You've all heard about things like Stuxnet. So if you look at what Stuxnet did is that it infected these. That's a Siemens S7-400 PLC, programmable logic [controller].And this is what runs our infrastructure. This is what runs everything around us. PLC's, these small boxes which have no display, no keyboard, which are programmed, are put in place, and they do their job. For example, the elevators in this building most likely are controlled by one of these. And when Stuxnet infects one of these, that's a massive revolution on the kinds of risks we have to worry about. Because everything around us is being run by these. I mean, we have critical infrastructure. You go to any factory, any power plant, any chemical plant, any food processing plant, you look around -- everything is being run by computers.
14:39
Everything is being run by computers. Everything is reliant on these computers working. We have become very reliant on Internet, on basic things like electricity, obviously, on computers working. And this really is something which creates completely new problems for us. We must have some way of continuing to workeven if computers fail.
CPE generally refers to devices such as telephones, routers, switches, residential gateways (RG), set-top boxes, fixed mobile convergence products, home networking adaptors and internet access gateways that enable consumers to access Communications Service Providers' services and distribute them around their house via a LAN
F-secure should invest in developing infrastructure and human resources to always become first when it comes to detect new threats and providing remedy thereby. It will place F-secure in a distinct competitive position.
F-secure should develop capabilities for Mobile Operators and ISPs to increase visibility in their network as number of devices having high computing power will increase day by day. Mobile Operators and ISPs need to track down those intrusion coming from the devices in their network and prevent thereby.
Developing strong tie with the law enforcement agencies world wide to understand the priority for internet security that may take shape in regulatory requirements for large market. It will also help F-secure to address localized ISPs needs in advance.