While security services may generate the buzz and the biggest growth, there's still plenty of life in the product market. In fact, a rush of companies are building security products oriented towards an Internet world.

Most of these products are aimed at doing a better job of stopping both outside hacks as well as far-more-typical internal attacks from disgruntled or duped employees.

"One of the things we've done in security is deal with esoteric threats. But what do you do with information you provide? We had no way to solve that problem," says George Freidman, founder and CTO of Infraworks, an Austin, Texas startup that makes a product called Intether that controls what can be done with documents. In other words, many security tools tend to try to stop the "unseen genius," when "it's your best friend who'll nail you. You want him to see [your document] but you don't want him to pass it on," Freidman says.

PLUG THE HOLE TO CHINA

An Infraworks product might have made the recent flap over the missing hard drives at Los Alamos much less damaging. The documents couldn't have been printed out, let alone forwarded on to China.

Ideas like these continue to develop in the security arena. While the public markets are focused on public key infrastructure (PKI), antivirus, firewalls, and managed security, ideas like that of Infraworks might yield the next big winners in the security space.

The guy behind startup eEye Security's new Retina product, Mr. Maiffret happens to be its Chief Hacking Officer. He also happens to be 19 (he was 17 when he joined the company to start work on Retina). Mr. Maiffret's youth may explain why he would pursue products rather than venture into consulting. Of course, it could just be that he's brash.

"Statistics might show that consulting is in greater demand (than products), but we think that's the case because there are no good security products on the market," Mr. Maiffret says.

THINK LIKE A HACKER

Did we mention youth is brash? But Maiffret has come up with something different for Retina. The product has artificial intelligence (AI) built in, so that it 'thinks' like a hacker would.

"Security scanners....can't really figure out potential ways to break in, and humans can," Mr. Maiffret says. "So that's why our technology has AI built in, so it can think like a hacker."

Mr. Maiffret says that the security scanner is relatively straightforward, but that future products from eEye, also utilizing artificial intelligence, will dramatically improve the security offerings on the market.

That's only good news for eEye's corporate parent, Ecompany (not to be confused with Ecompanies, the incubator, or Ecompany Now, the magazine). Ecompany recently received its first round of funding and signed up a new CEO, Marwan Naja, who came over from lead investor Fay Richwhite. Ecompany, founded by Firas Bushnaq, the guy who took a chance on a 17-year-old hacker, has developed an office software tool aimed at small and medium businesses that can't afford to pay consultants to integrate various kinds of e-commerce software.

$7.4 BILLION BY 2003

No one is suggesting that companies stop buying firewalls, data monitoring tools, and the like. In fact, Data Monitor projects that the security products business will grow from $3.7 billion today to $7.4 billion in 2003.

This kind of revenue opportunity has current leaders looking for creative ways to get ahead. Entrust (Nasdaq: ENTU), one of the hottest players in the public key infrastructure (PKI) space, recently bought a services firm, Cygnacom. Then in May it teamed with First Data Corporation to fund and staff PaymentWave, which will build and implement secure payment systems for e-commerce players. Both companies pitched in $10 million and staff.

Network Associates (Nasdaq: NETA) meanwhile, created MyCIO as a wholly-owned subsidiary, with plans to spin it off. MyCIO wants to make antivirus software easy to manage.

Nobody has time to manage antivirus," says Zach Nelson, MyCIO's president. His firm is basically an application service provider, which promises companies that it will automatically handle updates to anti-virus software. That can help in a world where anti-virus makers update their software almost weekly, and a corporation needs to respond immediately when a major virus outbreak occurs.

But it also is focused on consulting to help companies implement their security tools, and offers strategic services. So far, Mr. Nelson says MyCIO has some 2,000 customers for its various services, and they're hoping to cash in on the ever-changing security needs of companies in the Internet age. As Mr. Nelson points out, "Security strategy has to be updated all the time."

Of course, many of the products under development will need to be integrated, which sends you back into the consulting loop.

"The vast majority of organizations have been sold a seeming solution by a salesman, and what they've not done is step back and say, let's look at our environment and see what we do need," says CA's Simon Perry.

And that suggests a secure future for security companies.