Of course, this is one of those immutable partial-truths that becomes reality if enough people say that it is so, but terrorism wasn't the genesis of the anti-virus business and today anti-virus revenues account for billions of dollars in the marketplace. More recently, we've seen companies like Internet Security Systems (ISS) come to the forefront of the intrusion detection discussion. ISS is poised to break $250 million in revenues in the next 12 months.
However, growing revenues are not necessarily a sign of general market acceptance, and the growing success of security software companies can be tracked back to a bunch of early adopters with strong interest in security. These early revenues are wonderful, but cutting-edge security companies are having tremendous problems making the leap to selling into line-of-business accounts. The reason for this is that - at some level - security software is insurance that is difficult to justify using traditional cost-benefit and return on investment (ROI) decision-making models.
To further complicate matters, a number of intrusion detection vendors are attempting to move to the perceived high ground of security management and policy. The underlying issue here is whether the market will ultimately value cutting-edge developments as sales shift to larger, mass markets.
Maturing Security Technologies
A number of security technologies have made the shift to acceptance in the IT market. Firewalls and anti-virus software are good examples of this. As a matter of fact, IT managers encounter minimal resistance when including a firewall or anti-virus software as part of an implementation budget.
Firewalls have become ubiquitous and inexpensive, and firewall-operating expenses have become an issue for many IT managers. We recently spoke with a security manager who told us that the only budget he could get for security was a million dollars to locate and identify all of the firewalls his company had already installed.
Firewalls come with numerous capabilities, but many companies only use a limited set of features. Common implementations use port-blocking, content filtering and anti-virus as the primary line of defense. As more features are added to firewalls, poorly configured devices and old versions of software become a primary source of intrusions. For many attacks, the firewall becomes a "base camp" from which more sophisticated intrusions are launched.
The "Dumbing Down" of the Technology
Some information security specialists worry that the mass-market adoption of firewall technologies ultimately obscures the original intent of the device. As firewalls are installed by systems administrators with limited security expertise this mitigates firewall effectiveness and lowers overall security.
The other side of the argument is that mass adoption of firewall and other security technologies actually improves security in the aggregate. It's only logical that the firewall will be the point of intrusion, because it's right at the edge of the network, and it's the first thing an intruder can see. Blaming the firewall for intrusions is the same as saying that locks are useless because people can pick them.
Security expertise is hard to find, and IT managers have to make do with what they have. In the long run, this means that information security - like other things in IT - will ultimately be based on the least common denominators of the IT skill set, and the vast majority of firewalls, VPNs and other security technologies will not be installed by someone with a CISSP certification.
Intrusion detection is an increasingly important component of information security. The ongoing audit process of an intrusion detection system (IDS) allows an enterprise to make certain that the damage from attacks is minimized. IDS vendor Recourse Technologies is focusing on increasing the capabilities of its IDS product ManHunt. For Recourse, much of the challenge of an IDS is incorporating and managing information from open-source IDSes like Snort and Hogwash.
Information management is also important for the maker of leading IDS RealSecure. ISS recently announced that they are working with Network Associates to better coordinate threat information between IDSes and anti-virus software platforms. According to ISS this type of relationship and functionality could effectively quash threats like Code Red and Nimda. Last but not least is netForensics whose Universal Agent is designed to provide correlation and event management for information from a variety of security sources including firewalls, VPN devices and third-party intrusion detection systems.
The overall trend is for security software companies to move into security management, which is a discipline that combines policy, user management, correlation and intrusion detection technologies under a single management umbrella. For example, Houston-based PentaSafe has launched a set of products in its VigilEnt portfolio that covers aspects of intrusion management, policy and user administration. Last year, OpenService, Inc. acquired the NerveCenter correlation and event analysis product from Veritas Software; in the deal, Veritas took a stake in the company and OpenService inherited a number of customers already using the product for security management.
Is Management a More Complex Sale?
In stressing management capabilities over core technologies, security software companies are lining themselves up to compete with each other and to fight for strategic market position in security. Selling security management may ultimately require going beyond line-of-business managers and convincing CIOs and security officers that management is just what they need.
This is problematic, because intrusion detection needs to move in the opposite direction - away from the CIO to mid-level security managers. The success of security software will be in mass-market adoption of the underlying products and technologies. The bottom line is that IDSes need to be more widely adopted before security management will move to the larger market. It's understandable why security management is going to be such a big issue, but it's not clear that the market is ready to buy management today.
Dan Taylor is the founder of Giotto Perspectives (www.giotto.nu), which provides clear and concise research and analysis in the networking and managed IP services marketplaces.