Security Management – A Market Assessment

Market Definition

Security management is a broad term that encompasses several currently distinct market segments. Security management solutions consist of a diverse set of hardware, software, and services for managing security events, uncovering known software vulnerabilities, automating the distribution of software patches, and managing compliance with internal and external security policies.

A major early driver for security management products has been the need to get a handle on event data emanating from intrusion detection systems. Many security management products are chiefly concerned with the consolidation, correlation, and prioritization of this type of data. These event management and correlation products address the volume of data and its heterogeneous origin, both in terms of devices and vendors.

Another important segment of the security management market is vulnerability management, which attempts to combine vulnerability assessment with patch management. Some vulnerability management suites also include threat protection capabilities, such as intrusion prevention systems, and security event management features.

Compliance management has also emerged as an important segment within security management. Compliance solutions can address internal or external security policy requirements. External regulatory regimes include HIPAA, Sarbanes/Oxley, and GLBA. These regulations have some commonality in requirements for the management and auditing of access, permissions, and enforcement of security policy. Compliance solutions typically address demonstrating adherence to data privacy, data integrity, internal control, and network reliability requirements. Organizations need to ensure information control, due diligence, and the ability to promptly identify and rectify internal and external breaches. A major current goal of corporate compliance policy initiatives is ensuring the integrity of endpoint devices before they are allowed to connect to a network. Compliance management is attracting attention from traditional policy management and change and configuration management vendors as well as identity management and threat protection vendors.

Market Review

• Vendor Interest: Vendor interest in the security management market continues to be very strong. The diversity of interests from an array of different types of companies is indicative of the leverage that is predicted from controlling the security management function.
• Compliance Dollars: Many organizations have earmarked resources to address compliancy issues. Security vendors are addressing this opportunity with new or repositioned products that address a host of compliancy issues.
• Endpoint Integrity: Vendors are lining up to support one or several endpoint access control initiatives. These include Cisco Network Admission Control (NAC), Trusted Computing Group Trusted Network Connect (TNC), and Microsoft Network Access Program.
• Vulnerability Concerns: Clients are looking to leverage vulnerability assessments to help prioritize emerging threats. Vulnerability data is being leveraged with event management systems, IDS/IPS, and patch management systems.
• Vulnerability Management with Threat Protection: Several pure-play vulnerability management vendors (e.g., eEye Digital, Tenable, and StillSecure) have moved to add threat protection to their VM suites. Even more interesting is the combination of threat protection and VM functionality resulting from McAfees acquisition of Foundstone.
• Microsoft: Security vendors are increasingly looking over their shoulders and wondering about the giant in Redmond. Although designs on the threat protection space seem to be top of mind for Microsoft, it clearly has security components (e.g., Systems Management Server, Microsoft Visio Enterprise Edition, and Microsoft SQL Server) that could make it a formidable player in the security management market.

  Near-Term Market Drivers

• Complexity: Security solutions are increasingly complex because of organizations desire for both in-depth defensive strategies and best-of-breed approaches to purchasing decisions. This complexity and heterogeneity (in device types and vendors), especially in perimeter defenses, is a major driver in both vulnerability management and event management requirements.
• So Now Im Compliant?: There is a serious disconnect between customer expectations and requirements and vendors ability to deliver policy compliance solutions. This gap will shrink as best practices continue to be refined and the market in general develops more experience at mapping sometimes vague requirements to actual procedures and technologies.
• Audit: A driver of SEM product, vulnerability management, and compliance management product sales continues to be the ability of these tools to create comprehensive and reportable audit logs. The adoption of new regulatory regimes, such as HIPAA, will make audit features even more attractive over the next year.
• Panic Button: The integration of traditional threat protection products with security management products will accelerate. This can be seen in the positioning of some IPS products as devices for providing a window of protection until more permanent remediation steps can be taken. The idea of using threat protection products to eliminate panic patching is an early step in deeper product integration.
• TCO, Whoa: The cost and difficulty of manually patching applications and operating systems will only escalate as threat windows continue to shrink and non-traditional network access methods (e.g., remote, wireless, etc.) and user populations (e.g., partners, suppliers, etc.) grow. Cost savings will be a major driver of many security management implementations.
• Evolving Definition: The vulnerability market is evolving rapidly. In addition to core vulnerability assessment and patch management capabilities, VM solutions may also include SEM functionality as well as a host of threat protection technologies such as host-based IPS and personal firewalls.

  Long-Term Market Drivers

• Complexity and Cost: As Web business models become increasingly complex, the security solutions grow more tangled for users. Businesses building online strategies from scratch can be overwhelmed by the initial investment of security solutions, while those trying to adapt existing solutions to evolving security concerns are besieged by maintenance costs. Both of these scenarios will drive sales of security management solutions.
• Device and Security Integration: While security used to be thought of as an “add-on” or an extraneous component of infrastructure, equipment makers are paying much closer attention to imbedded security functionality in devices and are actively attempting to integrate security as a value-added service. These moves will further shift security buying decisions into the hands of mainstream IT personnel.
• Think Globally, Act Locally: One of the key resources for security analysts and those actively monitoring security is a knowledge database of attack patterns and other descriptions of the enemy. It saves reinventing the wheel and provides a faster response to known threats. Multi-product vendors particularly will look to evolve from real-time monitoring to broader real-time management. This trend will further accelerate the acceptance of Managed Security Service Providers.
• Lack of Trust: End users whether they are corporate users putting a business plan on a server or a consumer buying a CD have ingrained habits that they are not necessarily willing to give up. For example, no matter how good an online bank’s security system is, a consumer will have to be convinced that its services are not only as good as a brick and mortar bank’s services, but better. These habits will influence the ongoing shift of addressing security as a mainstream business concern, as opposed to some esoteric IT problem.
• On-demand Computing: The availability of ubiquitous computing resources on demand will further drive the need for sophisticated, highly flexible security management solutions that combine both identity management and event management. Starting with Web Services but including more fanciful advances such as GRID computing, these offerings will be a major long-term driver for security management solutions.