Report Card: Incite #5 - Losing the Religion

Submitted by Mike Rothman on Wed, 2006-12-27 09:03.
::

Good morning. Ready for another 4 Report Cards? Well, they are coming right up!

Incite #5 - Losing the Religion

Everyone finally realizes in 2006 that regardless of technical approach (IDS vs. IPS vs. firewalls vs. anomaly detection) it’s all about detecting and blocking malware quickly and effectively. Users expect to see multiple techniques implemented, spurring another wave of consolidation as vendors look to bring complete enterprise-class UTM solutions to market.


Grade: A

Original Days of Incite post: here
Incite Redux post: here

Alright, after awarding an “A” for the compliance Incite, we are on a roll. The ideas espoused in "Losing the Religion" are also very close to fruition and if you look at it from the customer’s perspective – we are already there. Stand-alone IPS is going the way of the dodo bird and UTM vendors are trying to differentiate on higher-level content security functions.

We are also seeing religion going away on the desktop, as anti-virus vendors continue to add broader endpoint security capabilities and anyone with an agent (anti-spyware, endpoint security, etc.) are adding AV engines to provide further integration.

The consolidation is also happening as Check Point finally got off their duffs and bought the long awaited IPS engine in the form of NFR Security. It seems almost all the other Big Security players already have their own IPS capabilities that most have built in-house (probably using Snort as the foundation).

The one part of the Incite that was a bit amiss was the integration of anomaly detection into the mix. Fact is, most of the Big Security players are doing a light form of anomaly detection within their IPS engines, but they don't make a big deal about it. The stand-alone anomaly detection players now call themselves “Network Behavior Analysis” and are not really providing a pure security function anymore, more effectively positioning to sell to the network manager that needs to understand what is going on within the network.

I’m not really a religious guy, and it’s good to see the security market leaving some of the dogma behind. Ultimately we are paid to protect corporate assets and ensure the systems are available. We can’t let religion dictate what we can/should be doing.