Cipher Snapshot
90 Long Acre London, WC2E 9RA +44 (0) 20 7420 0221
aistemos.com
What we know and what we don’t: A
review of patents for cybersecurity
December 2015
With national security, commercial hegemony and personal
dignity at stake, cybersecurity has moved to the forefront.
This report takes a look at market entrants and their patent
activity.
aistemos.com
Cipher Snapshots
Cipher Snapshots provide insights into industries or events through the lens of IP business intelligence. With growing concerns over the protection of confidential information, it is unsurprisingly that many public and private sector clients are becoming more concerned with cybersecurity. Major computer hardware companies such as IBM, Intel, and EMC have been making great strides in patent filing in recent years. Though as patent data is publicly available, companies may have to consider alternative strategies to deter cybercriminals.
The insights are generated by Cipher, which has the ability to compare specific portfolios with other similar companies. Our analysis has not been verified by any of the companies identified in this Snapshot.
Cipher highlights
• Non-practising entities (NPEs) have a small presence
• Geographical coverage of patents are focused mainly in the US
• Businesses face a confidentiality issue with their patents due to transparency
The advantages that can be derived from the illicit accessing of both commercial and technical information, and the damage that can be done, are unimaginably large. In consequence, following recent incidents such as the hackings of the extramarital affairs of Ashley Madison patrons and the TalkTalk telephone subscriber database, not to mention concerns over systematic technospying by China and other nations, public concern over online information security breaches is running at an all-time high. While these anxieties are real, it may well be that the highest level of concern should be reserved for the episodes of hacking which are so sophisticated that they have achieved their aims without ever being detected at all.
With national security, commercial hegemony and personal dignity at stake, it is unsurprising that both public and private sector clients are prepared to pay a premium for the peace of mind that cybersecurity can bring. This in turn incentivises market entrants, of which there are three basic types:
• major players in the field of computer hardware, software and cloud services (eg, IBM, Intel and EMC
Corporation) which have augmented their other products with a range of cybersecurity offerings;
• security companies which operate generally throughout the field of computer security (eg, Symantec
and Japanese player Trend Micro); and
• 'pure play' companies (eg, Fortinet and Riverbed) which focus primarily on cybersecurity.
The first two of these groups tend to have a broad range of patents while, as might be expected, pure play operations are generally smaller and hold correspondingly fewer patents. The first group is also far more deeply rooted in the computer services market. IBM, Intel and EMC Corporation were founded in 1911, 1968 and 1986, respectively – long before cybersecurity was an issue.
The second group’s members are more recent. Symantec’s involvement in security followed its acquisition of the Norton business in 1990, and most of the pure play companies are relative latecomers to cybersecurity. Fortinet dates back to 2000 and Riverbed to 2002, while Trend Micro, a veteran in the field, moved from hardware dongles to anti-virus products back in 1992. On the other hand, the pure play companies have been making up for lost time: the three mentioned here have increased the size of their patent portfolios between five and ten times.
aistemos.com
thousands of relevant patents but, while they also continue to grow, their rate of growth in relative terms is not as dramatic as that of companies such as Qihoo and Fireye, which have grown by hundreds of percent since 2013. However, it also shows that IBM’s portfolio of granted patents is tens or hundred times larger than many players and nearly twice the size of the combined substantial holdings of Intel and EMC. Knowing their successful licensing operations, they should be, perhaps unsurprisingly, a real IP powerhouse in this space.
Figure 2 focuses on the number of new filings in the space over the last three years, where IBM’s dominance is seen again, but Symantec, Qihoo and Fortinet are also making strides.
In Figure 3 the metrics of filings and size are combined, but only for security and pure play companies. Here the strong growth of Symantec can really be seen.
aistemos.com
How does cybersecurity pan out in terms of global spread? Recent Cipher studies have shown that patenting in some technology sectors is relatively evenly spread internationally (eg, the automotive sector), while in other cases patent filing is dominated by a single jurisdiction (eg, aquaculture, where China has taken the lead, and brewing, where Japan’s strong position is in the process of being overhauled by foreign challengers) or by dominant regions (eg, FinTech, where the preponderant patenting activity is US and Asia-based). When it comes to cybersecurity the picture reflected in Figure 4 is again one of an extreme US focus, although $1.4 billion-capitalised Chinese company Qihoo is patenting extensively in China and the Moscow-based core of Kaspersky, which operates in nearly 200 countries, files some patents in its Russian home territory. One anomaly is that Trend Micro, compared to many other Japanese companies, focuses primarily on the US market.
Unlike some of the other sectors mentioned above, cybersecurity is the one in which non-practising entities (NPEs) appear to have a substantial, if small, presence. This is demonstrated in the table below, which shows defensive aggregator RPX ahead of patent chimera Intellectual Ventures (IV) and Acacia.
aistemos.com
practices in the United States, cybersecurity patenting by businesses that are not delivering commercial products themselves is predominantly a US affair. Figure 5 shows small but comparable levels of patenting by NPEs in Europe and Asia, and very little beyond.
Figure 6 looks at the litigation intensity in the space, where it is clear to see how active an IP area this is, with a substantial number of NPE suits (75% of total). However, it is also hotly contested, with a large number of competitors suing each other (eg, Fortinet and Trend Micro).
Where then does this leave customers? The large volume of patents and intensity of filing activity suggests that the patent system is responding to a rich and anxious market by producing a large number of innovations which, ideally, should result in a wide range of sophisticated products.
However, there is a downside to the patent system here. A condition of receiving a patent grant is that the invention is clearly and fully described in the patent application. This information is publicly available and there is nothing to stop cybercriminals accessing and studying it. It may well be, therefore, that businesses will want to consider an alternative strategy based not on patenting but on confidentiality. If this is done, the new products will be as invisible to the world as those successful cyber attacks that have yet to be detected.
aistemos.com
90 Long Acre London, WC2E 9RA +44 (0) 20 7420 0221 aistemos.com © 2015 Aistemos
Cipher aggregates the world’s patent data,
applying big data analytics to provide
immediate and actionable insight
The analysis in this Cipher Snapshot has been produced for the purposes of illustrating the insights that can be generated by Cipher, and may not be relied upon for commercial purposes.