"Companies expect to be able to control more than just viruses and spam these days," said Ducklin. "Traditionally, multiple products have been deployed to...enforce company policy. Many security vendors simply bought up multiple products and bundled them together, but multiple products means multiple drivers/scanning engines/updating regimes, multiple names for the same thing, and multiple (or inconsistent) management and reporting tools."

"Furthermore," added Ducklin, "companies want to control otherwise-legitimate applications which, though popular with users and on home PCs, pose a security risk in the business world."

"The use of 'underground business tools' will increase," predicted Kung. "We will see the types and availability of certain types of toolkits such as those for vulnerability testing getting better, which bodes well for both researcher and criminal. For example, new technology 'fuzzers' can automatically run millions of test) against an application, searching for errors in the code. This technology will help researchers correct these vulnerabilities[but] these efficient tools in the wrong hands can also help criminals find easy targets for their exploits."

New problems, new demands

"SSL VPN, intrusion prevention systems (IPS) and mail filtering products have had the highest growth rates in the network security and content security segments this year," noted Chandrasekaran.