CNET también está disponible en español.

Ir a español

Don't show this again

Security

Why security's no longer IT's ugly stepsister

Industry watcher Jon Oltsik explains why networking and security are inexorably moving closer together.

Hey, have you noticed it yet?

First, it was Cisco's Super Bowl ad, in which a chief financial officer's daughter downloads a game that infects an entire network. Two weeks later--this time for real--Juniper acquired NetScreen Technologies for upward of $3 billion. These are the most visible examples, but if you listen to the strategies of other networking vendors like 3Com, Enterasys Networks, Extreme Networks or Nortel Networks, you can see the formation of a definite trend: Networking and security are moving closer together.

While networking and security have been kissing cousins for years, a marriage looks more and more imminent. Why? First of all, both technologies monitor bits as they flow through the network. Networking equipment watches traffic to make routing, switching and quality-of-service decisions. Security devices eyeball the same traffic in search of protocol anomalies, known attack patterns, viruses and worms.

Networking gear has had basic security functionality like packet filtering for years, but the thought of aggregating the two worlds wasn't really considered.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


Each activity consumed massive amounts of central processing unit (CPU) horsepower, and the thought was that a combination network security "god box" would be too expensive, too costly to operate and too slow.

What's more, network engineers always purchased equipment based upon nothing but performance. Security was a networking afterthought, administered by one or two dedicated staff members, whose main job responsibility was to avoid doing anything that would slow down the network.

Times have changed, and multitiered enterprise networks have plenty of bandwidth these days. Network engineers focus their attention on application traffic flows with the goal of providing adequate service levels to meet business goals. Security is no longer information technology's ugly stepsister; it is a critical process in insuring system availability and performance. This is especially true, because the concept of a "network perimeter"--the place you put your firewall--is dead.

These days, employees, business partners, customers and casual users connect over virtual private networks, wireless networks, extranets, remote-access servers and the World Wide Web, in a virtual network bouillabaisse. Think this creates security complexity? Wait until Web services catch on, exposing internal applications to the Internet. Ay caramba!

Undoubtedly, the need to create secure networks is more pressing than ever. Fortunately, new hardware can accommodate this demand, as CPUs, memory and crossbar backplanes are wicked fast and cheap. Hardware platforms like Nortel's Passport routing switch, Cisco's Catalyst, or 3Com's security switch 6200 can process and move bits with a minimum of network latency performing numerous security and network tasks along the way. Need intrusion detection or an internal firewall? Add a blade to a switch. Need application packet inspection? The next revision of software will cover it.

This blending of networking and security is even hitting the pesky old PC. In spite of top-notch security, many Internet worms enter companies through infected laptops or insecure home computers. One bad apple affects the whole network bunch.

Security is no longer IT's ugly stepsister.
Next-generation network switches will alleviate this problem by authenticating PCs that use the 802.1x protocol and immediately scanning for antivirus signatures, patch levels, personal firewall settings and known malicious code. PCs that don't comply with corporate security policies will be denied access to network resources, quarantined to safe-harbor subnets or receive automated updates and fixes. That's network automation every chief information officer will welcome.

The ultimate goal in network/security aggregation is to use network ubiquity to surround any asset or combination of assets that need protecting. This effort may reach into systems with agent technology or management tools, but the network horsepower and software intelligence will anchor it. Winners will control network brains and reap the benefits of associated margins. Losers will battle Dell and Huawei Technologies for the crumbs at the low-margin/high-volume Ethernet-switching table.

What does the blending of networking and security mean to the industry? Basically, everyone from market leaders like Check Point Software Technologies to innovative point solutions such as Mazu Networks and Mirage Networks is in play. VCs are already pimping their companies hard to get a return, before all the deals get done.

And let's not count out Microsoft. You know that Redmond is cooking up a security recipe that combines operating system agents, security software like Internet Security and Acceleration Server and existing management tools like Active Directory, System Management Service and Microsoft Operations Manager.

Over the next few years, tons of filtering machine interface processors will be added to service networking and security needs challenging IT managers to monitor, manage and apply effective policies.

This is all good news for corporate IT.
Management software will ultimately solve this quagmire, and anyone could win here. Computer Associates International and Symantec have an early lead, but competition will come from far and wide, from networking leaders like Cisco, network management vendors like System Management Arts and Micromuse--or from start-ups like ArcSight, Intellitactics or Network Intelligence.

The game is under way, and there are sure to be some winners and losers from Wall Street to San Jose, Calif. Fortunately, this is all good news for corporate IT. Networking companies will bundle more security functionality into their products, and remaining security firms will have to compete through more innovative products and lower prices. CIOs should make sure to drive collaboration between networking and security teams and be open-minded to creative products and bundling deals. Anything could happen and probably will.