Integrated Threat Management: Enterprise Security Software Market is at Crossroads

Implications: Building an integrated threat and vulnerability management framework is essential to meet today’s enterprise security needs. Layered defense, the centuries old security mantra, is more applicable than ever to ensure security of enterprise IT assets, whether they are computing devises, network elements, database resources or information/data itself.

Analysis: Security software industry has long been dominated by point solutions with roots in the consumer software market, whether those point solutions are provided by a large vendor like Symantec [NMS: SYMC], McAfee [NYS: MFE] or TrendMicro, or by a number of smaller vendors like Websense[NMS: WBSN], Sophos, F-Secure, Secure Computing[NMS: SCUR] or Fortinet. Examples of these point solutions are anti-virus, anti-spyware, web-filtering and personal firewall products. In the enterprise market, the focus has been largely on providing centralized management of secure gateways, emphasizing on securing the gateway points and the content that passes through them. End-point security was largely provided: (a) through tight control on the gateways so that each and every piece of email/content can be inspected before delivery, every web-access can be monitored before getting connected and every network access can be authenticated and authorized, so that threats to the assets are minimized; and (b) to a lesser extent through enforcing the end-points to comply with software versions and patch levels, so that vulnerabilities at the asset level are minimized.

How is this landscape changing? Firstly, there is an ever increasing need to manage endpoints that are mobile – whether they are smart phones, personal digital assistants (PDA) or plain old laptops, the number of mobile devices getting connected into a typical enterprise infrastructure is increasing, and so do the need to manage security threats from those end points more effectively and efficiently (compared to static end-points or other IT assets in an enterprise). The market for mobile devices security is expected to grow at thrice the rate of the overall security market - Compounded Average Growth Rate (CAGR) of 35% vs. 12% for the next four years (source: IDC).

Secondly, enterprises are increasingly realizing that in today’s environment, security posture of the entire infrastructure need to be monitored and managed in an integrated fashion – either as part of an overall enterprise risk management framework or, at a minimum, as part of an integrated threat management framework. The fast emergence of Security Information and Vulnerability Management (SVM) market (CAGR: 18.5% source: IDC) and an increasing number of vendors recently offering integrated threat management suites (versus individual point solutions before) are clear validations of that trend.

What this means is that the earlier model of emphasizing gateway security alone will not provide the needed security in today’s enterprise environments. Security, and management of that security, will have to be distributed and layered, with end-points themselves properly protected with adequate point solutions. Security on all these layers and individual components will have to be monitored and managed against a centralized policy framework, either developed based on an enterprise level risk assessment or based on a regulatory compliance requirement. Though this sounds complicated, integrated threat management technologies and SVM solutions are maturing fast and will play a crucial helping role in this transformation of enterprise IT security. In the end, those extra measures are essential to prevent corporate systems (like Pfizer's) becoming zombied and being used to spread spams, distribute malicious codes or launch denial of service (DoS) attacks.

[All views expressed in this analysis are those of the author and do not necessarily represent the views of his employer]