Feeling secure

What has led to that switch in sentiment? Has it been the rising complexity of attacks? Has it been business discovering the many threats within the boundaries of their networks, or the blurring of these network boundaries brought about by the advent of mobility and wireless technologies? Or was it the massive focus on good corporate governance the world`s business market seems to be experiencing at the moment?

Well, the simple answer is: all of the above. Most businesses are in some way affected by at least two of these trends.

What`s more, the growing importance of security is leading to some interesting changes in the market. The biggest change, as in any maturing market, has been a drive towards consolidation, coupled with the entrance of some new players not normally associated with security.

This is mostly evident from big infrastructure companies like Cisco and Microsoft beginning to integrate more traditional security features into their products.

SecureData`s sales director, Wayne Biehn, says this trend has been met with disgruntlement in some camps. "Many security vendors are not charmed with Microsoft`s decisions to get into the anti-virus and anti-spyware markets, since many have been helping to make Microsoft`s platforms more secure. As such, they feel they have been divulging secrets to Microsoft in terms of their products` functionality. Now Microsoft has decided to compete with the security vendors head-to-head and the security vendors feel betrayed.

"From Microsoft`s point of view, however, it must make sense from the perspective that there were certain interoperability problems between the traditional security products and the Microsoft platforms. To get those issues ironed out they needed to buy someone to integrate the required security features into their own offerings," he says.

Since all companies are driven by increasing their revenues and security is supposed to be one of the hottest growth markets today, other large IT players are also seeing good value in acquiring security specialists and integrating those offerings into their own solutions sets.

Acquisitions will have to happen. The gorillas will drive the consolidation.

Patrick Evans, regional manager, Symantec

Dimension Data`s security solutions GM, Gary Middleton, says: "One interesting trend, as far as security is concerned, is the fact that Gartner predicts that consolidated all-in-one security appliances will be best of breed by 2007, with all of the varying point solutions beginning to converge into a single device. This is a big departure from what we`ve seen in the security market before."

Is this a healthy thing? Surely the more players to which a market is home, the more competition exists? With fewer players in the security market, surely there will be less innovation and competition?

Middleton says converged devices will be good for the market, but only once the technologies mature. "Right now it`s best of breed and considered best practice to deploy different solutions for different purposes. The technology for converging this functionality should be mature by 2007. In order to deploy this functionality effectively, vendors will have to build high-availability and redundancy-focused features into their offerings, since should something go wrong with one of these devices, the network will have to remain protected during that period."

Patrick Evans, regional manager of Symantec South Africa, explains that while these converged devices can take on various forms, resulting from a coming together of market specialists or the coming together of multiple solutions from the same vendor, the former solution is not ideal.

Evans argues that using a solution that results from numerous different vendors` solutions means there is no single point of responsibility or intellectual capital.

"If there is not a single back-office environment researching all of the information on upcoming threats and how those are related to each other, with new functionality being developed and deployed, the idea of having a single converged device is rendered null and void.

"With an appliance such as Symantec`s gateway solution," he says, "seven different Symantec-owned technologies are used and thus all of the relevant information on seven different areas of security is reported back to Symantec for analysis. When signatures are updated, all seven areas of security are updated simultaneously. You quite simply can`t do that unless you`re a single vendor."

"Acquisitions will have to happen," Evans says. "The gorillas will drive the consolidation, but there will most likely be an equal number of agreements between large vendors as there are solutions from single vendors. The former solution will just not be effective enough, though."

Before these converged devices arrive, Middleton says the market will see more point solutions that are focused on niche functions not normally associated with traditional security.

"We`re beginning to see dedicated, purpose-built security appliances coming to market," Middleton continues. "This trend started with purpose-built firewalls and authentication devices a couple of years back, but today has moved into niche market devices like Web security, e-mail security and storage security appliances."

He says the emergence of these devices means many companies have strong perimeter security in place, but because of the need for a multi-tiered approach, are opting for purpose-built functionality in different parts of the organisation.

As with converged appliances, he points out the benefit this brings to the market is that they are much easier to deploy. They also take away many administration headaches, such as checking the patch level of the operating system they`re running. "These and many other similar factors make these devices perfect for deployment throughout Africa," he says.

Along with the clear consolidation of functionality into combined offerings, convergence between the traditional areas of network and system management tools, and security management tools, is coming to the fore.

Gordon Love, Faritec`s director of security services, says one of the main reasons for this convergence is the fact that there is good value in integrating these solutions.

"Traditional network and system management tools already have the functionality in place required to keep an eye on the assets in the organisation and house that information in a data store.

"Since many of these are agent-based, most IT asset registers are not up to date," he says. "There are, however, some agent-less discovery and assessment tools coming to market. This is clearly the way forward, since it allows for better management.

"Some challenges exist, however. Systems and network management tools have typically been reactive in their approach to functionality, namely reporting a problem after it has occurred. This is the big difference - security has to be proactive," he says.

"If security has been breached there needs to be a real-time alert and real-time ways of fixing that," he says. "The biggest challenge is for network and system management tools to become proactive. Clearly, this is around identifying the assets to be protected in the organisation, and what the latest threats to those assets are.

"Using these new agent-less solutions and high-end correlation engines (tools that take information from multiple sources, add that information together and draw a conclusion), templates can be created for threats. The moment certain things start happening in the network, using a correlation engine and a set of threat templates, administrators can quickly and easily identify possible attacks proactively," Love says.

None of these proposed, easier to use solutions means that security service specialists will find their revenues challenged, though. "While these devices and applications are far easier to deploy and manage, customers will still need a high level of expertise to carry out those tasks," he says.

Another solution becoming a strong player in this multi-tiered approach to security is a range of devices from Cisco that subscribe to the concept of the self-defending network.

"Instead of simply looking at a user`s credentials before allowing them access to the network, these new devices base that decision on a couple of things, namely the user`s authentication information, what level of anti-virus and anti-virus definitions their computer is running, and the patch-level of their operating system," says Brett Salovy of Internet Solutions.

"By becoming more intelligent about how users are granted access, the network can more easily pick up attacks and defend itself against them," he says. But the presence of these new devices does not mean customers have to throw out their existing investments in legacy infrastructure.

Looking at the reasons for the overall increasing focus on security, Middleton says many of Dimension Data`s customers have been burnt by malicious code in the past. "Overall, the trends in SA are very similar to those overseas. For example, the top three threats worldwide and in SA are still malicious code, employee misuse of IT assets and spam, as well as all of its associated problems."

In terms of what`s driving the security market at the moment, Middleton says legal compliance and corporate governance are playing a massive role internationally and will soon be doing the same on a local basis.

"Take for example the HIPPA act in the healthcare insurance space," he says. "Acts like these are forcing companies in specific verticals to put a bare minimum number of measures in place to secure their customer information, essentially protecting stakeholders` interests."

Compliance is one of the drivers towards the organisational changes companies are going through, to more clearly define their security responsibilities. "One thing that has changed is that we`re talking to more CIOs and IT managers than we have in the past. One of the reasons for this is clearly corporate governance - security is no longer just only an IT issue, but has become a business threat."

The technology for converging this functionality should be mature by 2007.

Gary Middleton, GM of security solutions, Dimension Data SA

Middleton says because of this increased focus on security, more and more of Dimension Data`s customers are looking into the outsourcing of their security. "An increasing number of our customers are investigating Dimension Data managing their security devices for them," he says, "mainly focusing on the areas of ongoing configuration, network changes and break-fix. Along with this, our customers are also demanding more on-site resource."

He says this customer need is to a great degree being satisfied through the company`s "outsourced CSO" offering. This sees consultants engaging with customers at a strategic level, helping them to understand what their security posture is and helping them improve it over a two- to three-year process through a series of recommendations.

Salovy agrees with Middleton that security outsourcing is a growing option. "While security needs to be close to the organisation, the organisation also needs the right skills in place to manage its security. The key is to have a third-party doing the management and enforcing an organisation`s policies, while the business drives the strategy. It`s like taking the middle road," he says, "having an internal resource with a finger on the pulse strategically, but at the same time outsourcing the delivery to a third-party with the right skills."

Middleton says the increasing focus on security outsourcing and consulting has seen what was previously a 70/30 split between the money spent on acquiring new technology and that spent on developing better policies, strategies and procedures, becoming a 60/40 or in some cases 50/50 split.

"The reason," he says, "is that a great deal can be done to change a company`s security posture by looking at sound policies and procedures."

Whichever way you look at it, the security market is changing. SecureData`s Biehn says the rapid changes are even having an effect on the types of threats corporates are facing.

"Over the past two years we`ve seen the demise of the e-mail virus," he says. "Analysts and experts believe that e-mail is no longer a viable vehicle for malicious code and that spyware and phishing are replacing e-mail as the vehicle and threat of choice.

"Another change is the fact that the writers of malicious code are becoming motivated by financial gain and no longer by notoriety." Biehn says that according to a recent article in Network World Fusion, in the US alone 635 000 cases of ID theft have taken place, and that 61% of those cases were related to fraud.

"The collective thinking is that spyware, adware and phishing are the new-school threats. There are already 13 000 unique and discrete exploits in these three areas, and sadly, no standard to measure or protect against them yet. Going forward, a multi-layer approach to security will have to be applied to the desktop, Internet gateway and all other aspects of the organisation where this malicious code can enter," he concludes.