RSA '08: Endpoint security products doomed, RSA exhibitors say

By on

The endpoint security product is doomed, to be replaced by the umbrella coverage of overriding security solutions.

At least, that's the future as foreseen by several of the major hardware and software infrastructure vendors taking part in the annual RSA Conference in San Francisco this week.

Their vision, despite the presence of literally hundreds of vendors selling single purpose security products at the security industry's largest trade show, appeals to both large enterprises dealing with hundreds of locations and thousands of users and the small-market business (SMB), according to vendor representatives.

The underlying problem, they said, is the all-too-obvious complexity of existing security environments. Enterprises and SMBs are struggling with how to deal with the issues associated with managing multiple types of security systems.

Vendors hyping this view of the world at the show include Hewlett-Packard, Cisco and consulting company Deloitte Touche. They all seem to be in agreement that individual products can't begin to cope with the problems facing enterprises today. In particular, data loss protection requires a layered approach that only their integrated suite of products can deliver, they said.

Cisco, for instance, said that because of the wide variety of places it touches an enterprise it is a logical choice to manage multiple security functions with its infrastructure products. The routers and firewalls it sells are ideal junction points for managing a variety of security problems, it contends.

Bob Gleichauf, a Cisco vice president and the chief technology officer of its enterprise services and security group, like representatives from HP, was in the umbrella camp, but only to a point. His take: enterprises will actually support several security umbrellas spanning multiple collaborative security domains, each managed by separate vendors.

This collaborative security management environment will be driven by a variety of standards, Gleichauf said. These include the OASIS eXtensible Access Control Markup Language (XACML), the Security Markup Assertion Language (SAML), the eXtensible Markup Access Language (XML) and the emerging Media Access Control Security (MACSec) standards – 802.1ae, 802.1af and 802.1ar.

The trio of MACSec standards offer equivalent functionality of the 802.11i wireless security protocols, Gleichauf said. MACSec integrates security protection into wired Ethernet to secure networks from a variety of attacks, including passive wiretapping, masquerading, man-in-the-middle and some denial-of-service attacks.

The only problem with Gleichauf's collaborative vision is that it's at least three to five years away, he said. 

See original article on
Copyright © SC Magazine, US edition

Most Read Articles

Log In

|  Forgot your password?