The future of security management: Why it's in network and systems companies

Computerworld - Network and systems management providers are best positioned to become the leading security management vendors.
Ten years ago, a period of time that even measured at Internet speed isn't all that historical, software companies that had been rapidly innovating technologies to help companies respond to the growing complexity of managing diverse systems and networks faced an interesting challenge: They discovered that innovation was no longer the key to success.
Technology companies that had accelerated through innovation found themselves shut out by the very companies they were trying to help. Instead, offerings with fewer of the latest gizmos and whistles that had been tightly coupled with complimentary services and applications found their way into the enterprise. The companies that succeeded were those capable of integrating network and systems management technology and deploying solutions across broad and diverse networks.
Ten years later, we are in a market state that economists define as an oligopoly: A handful of companies that manufacture and deliver comprehensive network and systems management suites. The good news is that the evolution from security products to integrated security systems has already begun. In about five or 10 years, the state of security management will mimic the present state of network and systems management, where only a handful of providers deliver products and services.
Why the history lesson? Because today's chief information security officers and other technology executives focused on enterprise security are seeking assurance that when they begin making hard security decisions they won't be forced to revisit those decisions. With hundreds of vendors and products, it's a confusing landscape, and answers are hard to find. Leaders must emerge in security management, and those leaders will have to demonstrate the following four characteristics:

• Understanding of security technology, both problems and solutions
  
• Understanding of enterprise integration and management
  
• Understanding of the changing face of risk inside the enterprise
  
• Sensitivity to the new responsibilities of the chief security officer

Ron Moritz, CISSP, is senior vice president and chief security strategist at Computer Associates International Inc. Earlier, he founded Moritz Technology Corp., a management advisory firm for security technology companies. He also was senior vice president and chief technology officer at Symantec Corp. and was CTO at Finjan Software, an Israeli security software company. He can be reached at ron.moritz@ca.com.

Today, there are two schools of thought on the subject: Those who believe that security "pure plays" can broaden their focus and begin including network and systems management technology into their offerings, and those who believe that security management is the natural evolution of companies that today dominate the network and systems management space.
But security is different than other technology, and it's not trivial. Arguably, it's more complex than network and systems management, and it's necessary to be immersed in the art of security in order to gain the domain knowledge upon which a broad management solution may be built. Most network and systems vendors don't have adequate expertise with respect to security. Even so, these vendors retain a key advantage over security pure plays: They understand the enterprise, they understand management, and they understand heterogeneous environments.
There are many common technology elements applicable to network, systems and security management: consoles, agents, correlation engines, repositories and analysis tools. There are also common functions for network, systems and security management that are applied for different purposes. In the case of systems management, event management and trouble-ticketing functions are oriented to problem resolution. In the case of security management, these functions are used to evaluate and mitigate threats in real time. In the systems management world, autodiscovery is used to build a topology map for root-cause analysis. In the security management world, autodiscovery is used for policy compliance -- that is, to discover and then analyze new systems for vulnerabilities. Configuration management is a key discipline for systems management, and the focus is software distribution. In security management, we are concerned about configurations for two reasons: security patch management and policy compliance. Historical reporting is used primarily for capacity management when applied to systems management and for audit compliance by those concerned with security.
Consequently, in the near term, security management will remain separate from network and systems management simply because it's complex. Because security management integrates key elements and collects data from various sources, including network devices, it can't and won't remain separate in the long term. Network and systems management vendors, which already control comprehensive management consoles and the network operations center, will leverage their relationship with the enterprise to incorporate security management.