Security Suites Come Back

We have watched security suites come and go. IBM, Axent Technologies, Symantec, Network Associates and others have tried their hand at putting together a one-stop shop for complementary security products. In each case, the suites were apparently random collections of acquired security products of different vendors. They were poorly marketed and weakly supported suites of presumably complementary products. Today, Symantec is building its suite with some highly publicized acquisitions. Network Associates is putting its suite back together after disassembling it. And Computer Associates (CA) has found its recipe for success.

Several years ago, it seemed like a good idea to accumulate all security-related products and offer a total solution. But security requirements and business trends in corporations are too dynamic and technologies too fluid for vendors to be burdened with too many products to support. Customers seemed to be calling for the one-stop shop but actually all they wanted was integration. Customers like the idea of calling one number for support but not at the expense of choice for best-of-breed products.

Axent Technologies and Symantec

Axent Technologies started out trying to be all things to all people. It acquired security products right and left, focusing on quantity rather than quality and spent millions on marketing. Through its early years, Axent worked hard to convince the market that a one-stop shop was not only viable but preferable. It would claim: Think of how much stress we can reduce by only giving you one number to call.

Enter Symantec. Symantec acquired Axent with all its problems, but has worked very hard to integrate the products and employees into the Symantec culture. Just as the dust was settling, Symantec made four significant security acquisitions in 2002: Riptech, Recourse Technologies, SecurityFocus and Mountain Wave. Its apparent hope was to demonstrate commitment to become the preeminent security vendor and trigger a movement of consolidation among vendors.

Symantec certainly is a daunting presence in the market. It is on the short list of just about every proposed security project in network security management, antivirus, content security, intrusion management and managed security services. Symantec is a sales and marketing powerhouse and fends off competitors on a half-dozen fronts. If it is ultimately successful in the next two or three years in truly integrating the various products and streamlining customer support, Symantec will hold on to a top position in the market.

Network Associates

Network Associates figured out the error of its ways sooner than most. After one year of accumulating other companies and products, plus another year of marketing a total network security solution in the late 1990s, it pulled the plug. Revenues were not bad but strain on customers and sales staff was showing. Network Associates reorganized in 2000 by grouping similar security products together, bundling them appropriately, marketing them separately from the rest of the company and selling them at a fair price. By 2002 it had completely left the security suite business by selling the Gauntlet firewall to Secure Computing, divesting itself of Pretty Good Privacy (PGP) security and discarding all intrusion detection technologies. Its customers are more satisfied, product development is more focused and shows more vision, and sales are demonstrating sustainable growth. Network Associates has its act together and is carefully piecing back together a suite of network security products. The recent acquisitions of Entercept and IntruVert give the security suite a strong foundation in intrusion management, because those companies have highly rated, extremely satisfactory products and are not saddled with the legal encumbrances that burdened the success of Network Associates’s previous offerings. The new products complement McAfee Antivirus and Sniffer well, and sit on top of Network Associates s successful ePolicy Orchestrator.

IBM

IBM also went shopping for security companies in the late 1990s. It picked up DASCOM in a move that most analysts thought was brilliant. DASCOM promised the dream: a single authentication event, followed by coordinated access control to all enterprise applications. IBM built a firewall and single sign-on server, partnered with RSA Security (then Security Dynamics) for token authentication and threw in its own antivirus product. It was well on its way to marketing a one-stop shop for security.

Then IBM handed over the entire SecureWay suite to Tivoli. That proved to be the best move for IBM. The struggling Tivoli software division found its focus and made something great out of security. Tivoli set aside all of the security technologies except the DASCOM Policy Director engine and the Memco Access Control code (then owned by Computer Associates and known as Tivoli TACF, and now completed replaced by IBM Tivoli Access Manager for Operating Systems, or AMOS). It used that foundation to build a collection of efficient, powerful identity management, access control and privacy management products. Through an ongoing and selective acquisition process, including Access360, Metamerge and taking ownership of IBM’s LDAP directory, Tivoli now delivers an integrated identity management solution. IBM/Tivoli is not headed down the one-stop cul-de-sac – it found profit in being focused on identity management while remaining flexible through a vibrant partnership program, particularly with operational security vendors.

Computer Associates

In dozens of conversations with CA customers, we’ve discovered that CA has gone about creating a suite very differently. What makes the CA suite unique is the common foundation of the software. Since most of the products have some genealogical connection to the same code (Memco’s access control engine, or ICL/Platinum’s Directory), integration between the products is very successful. Today, eTrust Access Control for Unix, Linux and NT, eTrust Admin, eTrust Audit, eTrust Single Sign On and eTrust Web Access Control all work together in a limited way, yet still naturally and intuitively. CA eTrust Intrusion Detection was also originally written alongside the Memco products by developers who collaborated frequently. eTrust Policy Compliance is a new product extending the overall usefulness of eTrust Audit. CA eTrust Secure Content Management is a separate new product that builds on CA’s strong antivirus engine and the Security-7 products acquired some years ago. CA recently unveiled its CA eTrust Security Command Center – a management console that uses portal technology as a way to consolidate views to many of the other security products.

CA has a dedicated sales teams for security and assigns an integration engineer with security specialization for each major customer deployment. That, along with the flex-select licensing that permits customers to pay as they go – with freedom to stop a license whenever they want to stop using a product – makes CA unique among security vendors.

The greatest challenge facing CA is the problem that plagued Axent and Network Associates back in 2000: trying to be all things to all people. Announcing the Vulnerability Manager product at the CA World conference in July and the 20/20 product a few months earlier indicates to us that CA may be running wild, without the focus necessary to make the suite succeed. CA also participates in the Open Security Exchange. That group is working on standards to integrate physical security controls with the IP networks that support them. CA is taking a bigger step into the world of corporate (physical) security management than any IT security vendor ever has. Basically, we see CA as a very exciting security vendor, having no limits to how it defines the security management problem; eTrust will apparently grow until it meets every security management challenge of the enterprise. That sounds impractical, but not impossible given CA’s current capabilities for producing reliable software.

We think CA has the commitment in terms of product development and customer support to fulfill the promises of eTrust. Also, the suite will become more functional and useful as time goes on. However, we believe that every addition to the suite that does not directly leverage the access control and directory foundations is a dilution of the suite’s core strength and places CA in a more perilous position. Having said that, it is also appropriate to point out that CA does seem to have carefully built the eTrust Security Command Center as an additional “glue,” so the products have even more synergy. Therefore, CA customers are encouraged to test all of the products, simulating the degree to which they need to be integrated. It is very likely that the entire suite will be good enough to meet needs and in most regards, it will likely exceed needs.

For companies wishing to reduce complexity of technical architecture, increase flexibility in licensing, streamline product support and use a suite of extremely functional and complementary security products, CA eTrust tops the list, though Network Associates and Symantec will meet some specific needs a bit better.

Clients especially looking for a security suite specializing in intrusion detection and a proven security management platform should rely on Network Associates.

Companies interested in excellent customer support should look at Symantec, which is working hard to demonstrate its improving commitment to customer satisfaction, although CA and Network Associates score high marks in security-related customer support.

If privacy management or identity management is a chief interest in a suite of products, IBM is the best pick, featuring the single leading solution for privacy management and a collection of top identity management products. Its portfolio of security-related products is not a suite, but will provide several complementary functions.