overview of china's network information security industry

Posted by tzul at 2020-04-06

At the beginning of 2016, network security was officially classified as the key construction direction of the 13th five year plan, ranking sixth among the 100 major construction projects of the government in the next five years;

On November 7, 2016, China's network security law was passed and will come into force on June 1, 2017;

In December 2016, the national Internet Information Office issued the national cyberspace security strategy.

Key industries such as government, telecommunications, finance, energy, military, and emerging industries such as education, e-commerce, and transportation have strong demand for information security products and services, which has driven the overall demand of the information security market.

Data shows that the scale of China's information security industry has increased from 15.726 billion yuan in 2012 to 34.172 billion yuan in 2016, with an average compound growth rate of 21.41% in five years.

With the accelerated promotion of policies, the market growth is on the rise. By 2018, it is predicted that the market size of China's information security industry is expected to reach 51.488 billion yuan, and the industry growth in 2017 and 2018 is expected to reach 22.5% and 23.0% respectively.

Figure 1 market scale of China's information security industry

Data source: Zhiyan consulting market analysis forecast and investment prospect analysis report of China's information security industry 2017-2022

According to Gartner, the security budget (including personnel) of enterprises in 2016 is 18% higher than that in 2015, and it is expected to increase further in 2017.

According to the Gartner report, 72% of the companies surveyed had a budget between $5 million and $10 million, while 64% of the companies with a current budget of more than $10 million expected to increase their spending.

In addition, enterprises have the strongest demand for security tools.

At the beginning of 2017, "chief security officer" released the 2016 global network security enterprise financing ranking, showing that in 2016, there were 51 network security enterprises with financing amount of more than US $10 million. At the time of frequent security incidents, lack of traditional security means and more innovation and change in the security industry, relevant investment also continued to grow. It is estimated that in 2016, the network security industry will attract more than $4 billion in investment, more than $3.74 billion in 2015.

The promotion of capital enthusiasm shows that the market heat has increased significantly, and the continuous investment of capital will help the industrial integration to accelerate development.

At present, mobile Internet, cloud computing, big data and the Internet of things are developing vigorously and integrating with various vertical industries. Internet has an unprecedented impact on the real world. At the same time, the connotation of security has also changed. It, OT, IOT and even physical environment are facing new challenges. Obviously, countries, fields and industries all over the world have realized this problem, so in the past few years, information security, especially network information security, has attracted much attention.

In 2017, driven by policies, demands and capital, the network information security industry will usher in a more rapid and stable development. The top-level design will be more clear, the industry scale will continue to grow, and the continuous investment of capital will help the industrial integration and accelerated development.

Figure 2 overview of information security industry

The information security system under the network environment is the key to ensure the information security, including the computer security operating system, various security protocols, security mechanisms (digital signature, message authentication, data encryption, etc.), and even the security system, such as uninac, DLP, etc., as long as there is a security leak, it can threaten the overall security.

The information security industry is characterized by "system + product (hardware + software) + service". It promotes the healthy development of the industry under the guidance of national policies, coordination of other self-organization and regulatory authorities, and serves various traditional industries.

From the security level, information security is divided into three levels: physical security, operation security and data security.

From the perspective of security field, information security includes traditional security, mobile security, cloud security, industrial control and Internet of things security, big data security and many other fields, and with the development of information technology, it continues to expand the scope of the field.

From the perspective of industrial chain composition, the information security industrial chain mainly includes information security product providers and information security system integrators.

From the perspective of industrial structure, the information security industry is composed of hardware, software and information security services. Its products can be divided into three categories, twelve categories and more than 100 kinds of products, with a very high degree of subdivision.

Figure 3 information security industry chain

The information security industry chain mainly includes information security product / service providers and information security system integrators.

Product providers can be divided into hardware, software products and service providers. On the one hand, they directly sell products / services to the end customers through direct sales or distribution mode, on the other hand, they also sell products to information security system integrators.

Security integrated service providers usually participate in the information security construction projects of large-scale IT systems of enterprise users through competitive bidding to provide users with products and services.

Figure 3 information security product structure and classification (Reference: information security management software market analysis report, Huidian Technology)

From the product dimension, the information security market can be divided into three categories: security hardware, security software and security services, twelve categories, and about 100 kinds of products.

Security hardware is divided into security application hardware and hardware authentication. Its main products include firewall, VPN gateway, intrusion detection system, intrusion prevention system, Unified Threat Management Gateway, token, fingerprint identification, iris identification, etc.

Security software is divided into three areas: security content and threat management, identity management and access control, and security and vulnerability management. Its main products include anti-virus software, web application firewall, anti spam system, data leakage protection system, digital certificate identity authentication system, identity management and access control system, security assessment system, security event management system, and security Management platform, etc.

Security services mainly include consultation, implementation, operation and training.

According to the twelve categories, it can be divided into:

Infrastructure security, terminal security, data security, application security, identity and access management, cloud security, mobile security, cyberspace security, business security, industrial control security, security management, security services.

Information security products have a high degree of segmentation. Different market segments have corresponding professional manufacturers. Security manufacturers can be divided into seven categories: physical security, network security, host security, application security, security management, mobile and virtualization security, industrial control security.

The important reason for the decentralized pattern of information security industry is that information security runs through the whole information flow chain, involving almost all information equipment and software. A single information security enterprise cannot master all information security technologies, so it can only carry out differentiated positioning according to its own technical advantages and channel characteristics, and select some subdivision fields to participate in the competition.

The threat of network information security has developed from single password cracking, webpage tampering and file destroying in the early stage to complex virus spreading, domain name hijacking, vulnerability attack, denial of service, apt attack and other means, and seriously damaged the economic and social operation, stolen confidential documents, business secrets and personal property development.

More than ten years ago

Crack password and use operating system to know password

Tamper with web pages and destroy files


Virus propagation, domain name hijacking, vulnerability attack, denial of service, apt attack

Network attacks are showing the following characteristics:

Organization, purpose, profit seeking and destructiveness are more and more strong;

With the rapid development of attack means, the attack behavior becomes more and more covert;

The attack sources are more difficult to predict and the uncertainty is significantly enhanced;

Security vulnerabilities are being exploited more and more quickly.

With the development of attack technology, it is more and more difficult to counteract and track the attack behavior, and the network information security is easy to attack and difficult to defend.

Figure 4: 2016 global Cyberspace Security Events

Figure 5: China's Internet network security situation in 2016

(data source: National Internet Emergency Center, overview of China's Internet network security situation in 2016)

IDC (international data company) said that the products of Chinese enterprises are usually concentrated in a certain point or area, and have not yet formed a complete industrial chain and ecosystem. There is no system from basic software to application software, from network equipment to server, etc.

Data source: cybersecurity ventures released "top 500 network security innovation"

Compared with developed countries, the research on product standards and cross domain security standards in the field of information security in China still needs to be strengthened, and the national network and information security standard system needs to be improved.

The information industry includes thousands of practitioners, various suppliers, as well as various software, hardware equipment, etc. Therefore, from the upstream telecom operators to the downstream information enterprise companies, a unified standard should be established.

The core components and equipment rely on the supporting resources provided by foreign manufacturers, and they do not have the R & D ability of core production capacity and core technology, which results in the development of information security core components, core equipment and even industry being constrained.

Domestic basic software, especially core products such as operating system and browser, are basically dependent on Western technical standards, without their own programming language and development tools.

Backward security defense technology, threat to high-level complexity

Insufficient coping capacity

In the aspect of apt attack detection and defense, our country's technical strength is weak, we can't find apt attack in time, we can't analyze and collect evidence, we can't grasp the whole attack process, and we lack effective counter attack means.

In terms of DDoS attack protection, foreign security service providers use corresponding technical means to decompose attacks to ensure that each single point's processing capacity and handover are controllable, while China can only rely on a single point's large bandwidth to withstand attacks.

Dealing with network security of emerging technologies such as big data and cloud computing

Insufficient risk capacity

Mobile Internet, cloud computing, Internet of things and other emerging technologies make the Internet environment more complex, and the number of data packets exchanged through the Internet is larger. Therefore, emerging new network problems, security problems, business problems and other issues need to be supported by corresponding network products and security products. Obviously, China's technical capabilities in this area still need to be strengthened.

According to the report released by Intel's security research team, 71% of enterprises in eight countries, such as the United States, Britain, France and Germany, said that due to the lack of security talents, every year there will be significant economic losses due to cyber attacks.

Authoritative data shows that in the past three years, only 30000 information security professionals have been trained in academic education in China, less than 5% of the 700000 demand. It is estimated that by 2020, the demand will reach 1.4 million people, and now the number of people cultivated each year is less than 15000.

Due to the lack of conditions to attract talents such as salary and welfare, a large number of talents from traditional security enterprises flow into foreign enterprises or Internet companies such as bat, and top security experts are increasingly scarce.  

The environment of network information security is more complex:

Network attack means are more diverse;

Frequent network attacks;

The number of security vulnerabilities and viruses is also growing.

From the global Cyberspace Security Events in 2016, we can see three development trends:

The scale and quantity of DDoS are increasing rapidly;

Extortion software is rampant;

Commercial mail fraud (BEC) attacks continue.

In such an environment, China's information security also faces more challenges:

There are many network information security enterprises, but they have not formed a complete ecosystem;

There are many kinds of products, and the industry standard needs to be further unified;

The core technology of network information security needs to be strengthened;

Lack of network information security talents.

Gartner, an international well-known consulting agency, pointed out that taking continuous monitoring and behavior analysis as the core engine, establishing a cyclic and continuous adaptive security architecture with the characteristics of "attack protection + intrusion monitoring + response ability + risk prediction" might become a major trend of enterprise security protection.

Gartner predicts that by 2020, 40% of enterprises will establish a "safety data factory" to store monitoring data to support subsequent analysis.

With the expansion of the scale of the Internet of things and the increase of the types of terminals, the security threat of the Internet of things is growing.

By the end of 2020, the risk and security management cost of Internet of things projects will increase from 0% to 2%. Most security products use description and diagnostic analysis, but since 2014, there have been ueba, data centric audit and protection, Iam and privilege management and other security products, and advanced analysis has been used. This trend will continue. In 2020, most safety products will be integrated into the forecast analysis.

By 2020, more than 25% of corporate attacks will involve the Internet of things.

By 2020, the overall security market of the Internet of things will reach US $845.5 million, and it is expected that the compound annual growth rate of Internet of things security will reach 24% between 2013 and 2020.

With the improvement of technology, organizational change and more scalable services, the IOT security market will grow faster after 2020.

The application of advanced machine learning and artificial intelligence in the field of intelligent security will bring waves in the market.

Based on the views of all parties, the development trend of China's network information security in 2017 is as follows:

The legal system of network security has been formed more quickly, and the implementation measures are more specific;

The risk of network security faced by key information infrastructure is increasing;

Security threats caused by Internet of things, machine learning and artificial intelligence are more complex;

Bilateral and multilateral network security cooperation will continue to deepen;

Only by establishing a strategic and overall network security protection system can we truly deal with complex security threats.

With the continuous frequency of network information security incidents, countries all over the world have increased their investment in the network information security industry, and raised this to the level of national strategy. To effectively deal with the threat brought by the network information security problem, the government, enterprises and users need to work together to build a correct overall view of network information security, strengthen the cooperation between the government and enterprises, continue to increase security investment, promote security technology innovation, promote multi-dimensional, multi-level and all-round, and form a trend of arch defense.

First, we will continue to improve the relevant policies, laws, regulations and standards system, and build a complete industrial chain from chip design to product manufacturing, integrated services to providing comprehensive solutions;

Second, strengthen the research and development of core technologies and products;

Third, we will accelerate the improvement of basic security capabilities, strengthen the capabilities of threat monitoring, global awareness, early warning and protection against cyber attacks, and promote the innovation and application of products such as network and border security and terminal security.

At the same time, we will strengthen the research and application of security technologies in emerging fields such as cloud computing, big data, intelligent manufacturing and so on.

Information security enterprises should build their own "specialized, special and new" technology product system, take technological innovation as the source power of enterprise development, focus on the development of safe and controllable core technologies, and form technical advantages. At the same time, they should break the vicious competition cycle, strengthen the control ability of industrial chain, accelerate the research and development and promotion of new products and services to continuously improve user experience.  

Enterprise users should change their awareness of safety protection, establish a shift from passive safety to active safety, from post remediation to active defense, from single system protection to overall safety layout. At the same time, when an emergency occurs, we should be able to calmly analyze and decisively take response measures. Jonathan care, research director of Gartner, a famous consulting firm, also pointed out that when an event occurs, we should first pay attention to its root cause and focus on technical resources to solve key problems.

[this article cannot be reproduced without permission! ]