The international market for security software has huge potential and Irish firms are building expertise and momentum, writes GORDON SMITH
MUSIC INDUSTRY legend has it that after U2 made their breakthrough, record label reps were to be found scouring Dublin pubs looking for the next big thing. With Norkom snapped up earlier this month by the defence contractor BAE Systems for an impressive €217 million, could the Irish cyber security sector have its turn in the spotlight?
That’s not just wishful thinking: over the last couple of years, Ireland has been slowly building expertise and a reputation in information security. “The sector is much stronger than the public realises,” says Prof Joe Carthy, director of UCD’s Centre for Cybercrime Investigation. “Norkom has shown that a successful security company of substance can be grown in Ireland.”
The sector spans indigenous business, third-level research, multinationals and law enforcement. Security research is happening in Dublin and Waterford Institutes of Technology. The UCD centre trains Europe’s police forces. An Garda Síochána is also prominently involved in EU-wide efforts to tackle online criminals.
Some of security’s leading names are major employers here, including Trend Micro, Symantec and McAfee.
Rounding out the picture are more than 20 firms working across the spectrum of IT security products and services, from network monitoring, remote access and fraud prevention to mobile security, spam filtering, biometric identification and digital forensics. Many are expanding and scoring sales internationally. The nature of the security market means that’s almost a prerequisite. Less than 1 per cent of Norkom’s revenues came from the Irish market.
Many of these developments happened organically, although there have been attempts to put a more formal structure in place through Infosecurity Ireland, a coalition of indigenous firms aiming to promote Ireland as a centre of excellence in IT security.
Norkom is a founder member of the group, which is supported by Enterprise Ireland (EI). Others are the web security firm Vordel, biometrics specialist Daon, security training provider Vigitrust and network analysis company NetFort. PixAlert, whose software detects inappropriate content on computer networks, recently joined.
Many in the sector believe Norkom’s acquisition could be a catalyst for boosting Ireland’s profile. It follows other positive developments including UCD’s partnership with Visa Europe to research credit card fraud. This month SpamTitan, the Galway-based maker of spam and web-filtering software, ranked above industry heavyweights like McAfee, Sophos and Symantec in an independent evaluation by AV-Test.
“We expect the Norkom situation could lead to venture capitalists coming to look at Ireland and the security space in the future,” says Ed Grant, chief executive of MXSweep. Currently in recruitment mode, MXSweep is branching out beyond e-mail security to provide encryption, mobile security and technology for preventing data leaks. “We are looking to get up to €10 million in revenues by 2013. At that point all options are open,” says Grant.
FraudHalt, which develops technologies to prevent counterfeiting, is planning a private sale of its intellectual property this year – though not the company itself – to a larger multinational with the capacity to commercialise the technology. “The Norkom is something we can drop into the conversation,” says FraudHalt chief executive Phelim O’Doherty.
Another aiming at the mobile security market is AdaptiveMobile, at a time when the explosive growth in smartphones also brings additional security risks.
The company announced record sales last year and says its software protects more than 600 million mobile subscribers worldwide. Other firms have developed applications with a range of uses, including but not restricted to security: Shenick develops network monitoring tools while Veridian AI provides data warehousing services.
Start-up activity is also taking off and the business incubation facility NovaUCD seems to be a hotbed. Cernam’s computer forensics technology can gather evidence from online sources such as Facebook and Twitter. JLizard, which won the NovaUCD 2010 Start-Up Award, is a spin-out company from UCD research. Another resident, LogScreen, aims to solve the problems of data theft on corporate networks through early detection.
There are still some obstacles to progress. Ireland still has no formal computer emergency response team. In its absence a private voluntary group, IRISS, has been set up to perform this role.
The Government has been slow to publish its long-awaited cyber security strategy, although Ger Curtin, chief executive of PixAlert, believes this isn’t a major impediment to Ireland presenting its security credentials internationally.
Another criticism is insufficient co-ordination between all stakeholders. Anne Lanigan, senior development adviser with Enterprise Ireland, says Infosecurity Ireland is addressing this by creating a wider cluster comprising not just commercial enterprises but researchers in academia and multinationals as well as involving support agencies like EI and the IDA.
The group is planning a presence at several industry events in the US over the coming months to raise the country’s profile and help Irish firms break into new markets.
Prof Carthy goes further, calling for the establishment of a national cyber security centre of expertise that would respond to cyber attacks while also acting as a rallying point for collaboration between academia, industry players and law enforcement.
It could also provide security training to other countries. “I think there’s a huge opportunity for Ireland to grow in this sector, if we make a relatively small investment of a few million euro in security infrastructure,” he said.
Cernam’s managing director Owen O’Connor, a longtime observer of the Irish security sector, believes another missing piece is that there haven’t yet been spinouts from the multinationals.
A long-term legacy of the Norkom deal could address this gap. Chief executive Paul Kerley is bullish about the momentum behind the Irish security sector and says he hopes that over time, the experience gained by Norkom’s team could percolate down to other companies, either as mentoring or even investment at some point. “I think this is an area that’s going to explode. You’re going to see major innovation here and it certainly would be an area I’d be interested in in the future.”
Kerley stresses his work with Norkom is “not finished yet” and says BAE’s backing will allow it to grow beyond the financial sector. “This isn’t the end, it’s just the beginning,” he says.