eSecurity management comes of age

To keep pace with increasing complexity in enterprise business operations, the related information security processes and technologies have evolved into a reliable, mature system. by V K Sawarkar

In a competitive economy, business success increasingly depends upon confidentiality, integrity, and availability of critical resources. Mission-critical business operations-from financial operations to supply chain management to product sales and customer service-are moving onto the network, internally and to the Internet.

In this environment, no organisation can afford to be without intelligent and proactive security monitoring and disaster management capabilities as the dangers of attacks by intruders become increasingly important, and the scale of potential damage also arises. Keeping pace with the rapid evolution and escalation of security threats is a daunting challenge, and IT professionals continue to seek technologies that can enhance security without the frustration of additional management overhead.

eSecurity today

Today 'eSecurity' is a broad term that encompasses several currently distinct market segments. Security management solutions consist of a diverse set of hardware, software, and services for managing intrusion events, uncovering known software vulnerabilities, and automating the distribution of software patches.

While news of high-profile attacks and devastating new exploits has abated in recent months, system security remains a key concern for network administrators and Chief Security Officers (CSOs).

Early driver

A major early driver for security management products has been the need to get a handle on event data emanating from intrusion detection systems. Many security management products are chiefly concerned with consolidation, correlation, and prioritisation of this type of data. These event management and correlation products address the volume of data and its heterogeneous origin, both in terms of devices and vendors.

A growing segment of the security management market is vulnerability management, which aims to combine vulnerability assessment with patch management. Some vulnerability management suites also include threat protection capabilities, such as intrusion prevention systems, and security event management features.

Emerging trends

The most important trend in information security at present is the growth of security outsourcing, also known as 'managed security services'.

Companies today need to meet compliance with any of the various regulations such as HIPAA, Sarbanes-Oxley, GLBA, and BS 7799. They also need to follow the best practices in the industry such as the ITIL and BS15000, in order to remain competitive and have a better mind-share of a prospective customer.

The market perspective

In the current market scenario there are a number of perspectives that affect the types of solutions that enterprises will use.

Vendor buy-in - Vendor interest in the security management market continues to be strong. The diversity of interest from an array of different types of companies is indicative of the importance of the security management function.

Vulnerability gambit - Customers and prospects are looking at vulnerability assessments to help prioritise emerging threats. Vulnerability data is being leveraged both with event management and patch management systems.

Pure play vulnerability management vendors are moving to add threat protection to their Vulnerability Management (VM) suites. Even more interesting is the combination of threat protection and VM functionality resulting from McAfee's acquisition of Foundstone.

Product development - Vendors are aggressively rolling out new product suites in the vulnerability management space with improved analytic capabilities.

Collaborative partnerships - Security enterprise management vendors continue to compete on the basis of broad connectivity with security and operational systems. Among the recent developments is the formation of trusted networks aimed at providing security not only from the point of view of applications and software but also from the hardware perspective.

An example of this is the Trusted Computing Group 'TCG network' which aims to develop a range of technologies to enable federated operations. TPMs (Trusted Platform Modules), the hardware centre of any trusted computing platform, are available from major chipmakers.

Market drivers

The demand for mature information security solutions is driven by a number of factors.

The chief driver of event management solutions is the continuing and hugely annoying number of 'false positives' which get reported by intrusion detection systems. A driver of both Security Event Management (SEM) product and vulnerability management product sales continues to be the ability of these tools to create comprehensive and reportable audit logs.

Total Cost of Ownership (TCO) 'Best at the least' is the driving phrase for existing and emerging markets. The cost and difficulty of manually patching applications and operating systems escalates as threat windows continue to shrink and non traditional network access methods such as remote and wireless, and user populations (eg. partners, suppliers) grow.

Complexity - Security solutions are complex because enterprises desire both in-depth defensive strategies and best-of -breed approaches to purchasing decisions. This complexity and heterogeneity (in device types and vendors), especially in perimeter defenses is a major driver in both vulnerability management and event management requirements.

Emerging clarity - The vulnerability market is evolving rapidly. In addition to core vulnerability assessment and patch management capabilities, VM solutions may also include SEM functionality as well as a host of threat protection technologies such as host-based IPS and personal firewalls.

Long-term market drivers

Some of the long-term market drivers are:

Go local - One of the key resources for security analysts and those actively monitoring security is a knowledge database of attack patterns and other descriptions of the enemy. It saves time on reinventing the wheel and provides a faster response to known threats.

Flexibility and TCO - Businesses building online strategies from scratch can be overwhelmed by the initial investment of security solutions, while those trying to adapt existing solutions to evolving security concerns are besieged by maintenance costs. Both these scenarios will drive sales of security management solutions.

The 'hardware' perception - While security used to be thought of as an 'add-on' or an extraneous component of infrastructure, equipment makers are paying attention to embedded security functionality in devices and are actively attempting to integrate security as a value-added service.

Lack of trust - End-users idiosyncrasies—corporate users putting sensitive business records and information on a server—are ingrained habits that they are not necessarily willing to give up. For example, no matter how good an online bank's security system, a consumer will have to be convinced that its services are not only as good as a brick-and-mortar bank's services, but better.

On-demand computing - The availability of ubiquitous computing resources on demand will further drive the need for sophisticated, highly flexible security management solutions that combine both identity management and event management. Starting with Web services but including more advances such as grid computing, these offerings will be a major long-term driver for security management solutions.

The author is the Senior Executive Director (Enterprise Applications & Smart Cards) at Rolta.