eSecurity management comes of age
keep pace with increasing complexity in enterprise business operations, the
related information security processes and technologies have evolved into a
reliable, mature system. by V K Sawarkar
In a competitive economy, business success increasingly depends upon confidentiality,
integrity, and availability of critical resources. Mission-critical business
operations-from financial operations to supply chain management to product sales
and customer service-are moving onto the network, internally and to the Internet.
In this environment, no organisation can afford to be without intelligent and
proactive security monitoring and disaster management capabilities as the dangers
of attacks by intruders become increasingly important, and the scale of potential
damage also arises. Keeping pace with the rapid evolution and escalation of
security threats is a daunting challenge, and IT professionals continue to seek
technologies that can enhance security without the frustration of additional
Today 'eSecurity' is a broad term that encompasses several currently distinct
market segments. Security management solutions consist of a diverse set of hardware,
software, and services for managing intrusion events, uncovering known software
vulnerabilities, and automating the distribution of software patches.
While news of high-profile attacks and devastating new exploits has abated in
recent months, system security remains a key concern for network administrators
and Chief Security Officers (CSOs).
A major early driver for security management products has been the need to get
a handle on event data emanating from intrusion detection systems. Many security
management products are chiefly concerned with consolidation, correlation, and
prioritisation of this type of data. These event management and correlation
products address the volume of data and its heterogeneous origin, both in terms
of devices and vendors.
A growing segment of the security management market is vulnerability management,
which aims to combine vulnerability assessment with patch management. Some vulnerability
management suites also include threat protection capabilities, such as intrusion
prevention systems, and security event management features.
The most important trend in information security at present is the growth of
security outsourcing, also known as 'managed security services'.
Companies today need to meet compliance with any of the various regulations
such as HIPAA, Sarbanes-Oxley, GLBA, and BS 7799. They also need to follow the
best practices in the industry such as the ITIL and BS15000, in order to remain
competitive and have a better mind-share of a prospective customer.
The market perspective
In the current market scenario there are a number of perspectives that affect
the types of solutions that enterprises will use.
Vendor buy-in - Vendor interest in the security management
market continues to be strong. The diversity of interest from an array of different
types of companies is indicative of the importance of the security management
Vulnerability gambit - Customers and prospects are
looking at vulnerability assessments to help prioritise emerging threats. Vulnerability
data is being leveraged both with event management and patch management systems.
Pure play vulnerability management vendors are moving to add threat protection
to their Vulnerability Management (VM) suites. Even more interesting is the
combination of threat protection and VM functionality resulting from McAfee's
acquisition of Foundstone.
Product development - Vendors are aggressively rolling
out new product suites in the vulnerability management space with improved analytic
Collaborative partnerships - Security enterprise management
vendors continue to compete on the basis of broad connectivity with security
and operational systems. Among the recent developments is the formation of trusted
networks aimed at providing security not only from the point of view of applications
and software but also from the hardware perspective.
An example of this is the Trusted Computing Group 'TCG network' which aims to
develop a range of technologies to enable federated operations. TPMs (Trusted
Platform Modules), the hardware centre of any trusted computing platform, are
available from major chipmakers.
The demand for mature information security solutions is driven by a number of
The chief driver of event management solutions is the continuing and hugely
annoying number of 'false positives' which get reported by intrusion detection
systems. A driver of both Security Event Management (SEM) product and vulnerability
management product sales continues to be the ability of these tools to create
comprehensive and reportable audit logs.
Total Cost of Ownership (TCO) 'Best at the least' is
the driving phrase for existing and emerging markets. The cost and difficulty
of manually patching applications and operating systems escalates as threat
windows continue to shrink and non traditional network access methods such as
remote and wireless, and user populations (eg. partners, suppliers) grow.
Complexity - Security solutions are complex because
enterprises desire both in-depth defensive strategies and best-of -breed approaches
to purchasing decisions. This complexity and heterogeneity (in device types
and vendors), especially in perimeter defenses is a major driver in both vulnerability
management and event management requirements.
Emerging clarity - The vulnerability market is evolving
rapidly. In addition to core vulnerability assessment and patch management capabilities,
VM solutions may also include SEM functionality as well as a host of threat
protection technologies such as host-based IPS and personal firewalls.
Long-term market drivers
Some of the long-term market drivers are:
Go local - One of the key resources for security analysts
and those actively monitoring security is a knowledge database of attack patterns
and other descriptions of the enemy. It saves time on reinventing the wheel
and provides a faster response to known threats.
Flexibility and TCO - Businesses building online strategies
from scratch can be overwhelmed by the initial investment of security solutions,
while those trying to adapt existing solutions to evolving security concerns
are besieged by maintenance costs. Both these scenarios will drive sales of
security management solutions.
The 'hardware' perception - While security used to
be thought of as an 'add-on' or an extraneous component of infrastructure, equipment
makers are paying attention to embedded security functionality in devices and
are actively attempting to integrate security as a value-added service.
Lack of trust - End-users idiosyncrasiescorporate
users putting sensitive business records and information on a serverare
ingrained habits that they are not necessarily willing to give up. For example,
no matter how good an online bank's security system, a consumer will have to
be convinced that its services are not only as good as a brick-and-mortar bank's
services, but better.
On-demand computing - The availability of ubiquitous
computing resources on demand will further drive the need for sophisticated,
highly flexible security management solutions that combine both identity management
and event management. Starting with Web services but including more advances
such as grid computing, these offerings will be a major long-term driver for
security management solutions.
The author is the Senior Executive Director (Enterprise
Applications & Smart Cards) at Rolta.