Want CNET to notify you of price drops and the latest stories?

Network security gets unified

Struck by the same idea at the same time, Nortel Networks, Cisco Systems and Check Point Software are all working to tie their standalone products together into "unified" platforms.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
4 min read
Driven by companies exasperated with managing a slew of security devices that don't play well together, three of the industry's goliaths have this week unveiled unification strategies for their standalone network-protection products.

Nortel Networks, Cisco Systems and Check Point Software have all announced initiatives to tie their own separate products together into networks that would allow for things like central management, integrated reporting and single-step updating.

"Network security is going from standalone intrusion-detection systems and standalone firewalls to security platforms," said John Pescatore, research director for Internet security at Gartner.

The announcements mark the latest moves by security software and device makers to simplify the management of far-flung networks so that system administrators can more easily oversee a company's security.

Today's security devices frequently have their own proprietary control software and lack the ability to correlate information about what potential attacks each device may be seeing. That leaves system administrators with the horrendous job of trying to wade through a flood of data on potential attacks, said Marc Willebeek-LeMair, chief technology officer for network security firm TippingPoint Technologies.

"The general concept of aggregating all this information about what is going on in your network so that your administrators can figure out what to do is significant," Willebeek-LeMair said. The company's UnityOne system combines firewall capabilities with the attack-sensing capabilities of intrusion-detection systems to respond automatically to potential breaches and reduce the workload on administrators.

While smaller network-security firms have already started down the path toward integrating the management of devices, this week marks the first time that some major firms have adopted the strategy, Pescatore said. By the end of next year, he expects all major players to offer an overarching management scheme for their products. By 2006, standalone devices that don't connect to such networks will be all but dead, he said.

Three companies, three strategies
In the first announcement, network hardware maker Nortel Networks unveiled on Monday its Unified Security Architecture for centrally managing security systems for a variety of data networks, including telephony, voice over IP and converged networks. The platform allows for the central management of security policy--who gets to do what--as well as application security and access to services.

Firewall maker Check Point has its own product--dubbed the Security Management Architecture, or SMART--and announced several new components Monday. The network management platform uses Check Point's de facto security standard, known as OPSEC (Open Platform for Security), which lets more than 300 companies' products communicate with one another and be centrally managed.

Check Point's SMART strategy intends to deliver easy-to-use network administration, policy management and incident response. The ability to correlate events from various devices won't be offered until the first half of 2003, according to the schedule released by Check Point. Smaller security companies, such as OpenService and NetForensics, have management software that already offers such capabilities, said Gartner's Pescatore.

Cisco added its own strategy to the mix Tuesday, announcing several additions to its own Cisco-focused integration initiatives: the VPN/Security Management Solution version 2.1 and wireless LAN extensions to the company's Secure Access Control Server version 3.1.

Not to be outdone, IBM, which jumped into the business with its 1996 purchase of Tivoli, plans to unveil the latest version of the Tivoli Risk Manager early next week. The newest network management product incorporates many of IBM's automation strategies, including self-healing servers and self-protecting security systems. By letting devices communicate with one another about security events, the system can significantly reduce the number of incidents to which an administrator has to respond.

"We could boil down a company's 300,000 raw events into 30 or 40 actionable incidents," said James Galvin, product manager for IBM Tivoli.

In addition, by automating such chores as updating security policies, a company with a large number of branch offices or remote workers could quickly protect their workers against attacks.

The strategies confirm that such integration will be a necessary part of security systems in the future. Driving such adoption are a host of regulations: from the Health Insurance Portability and Accountability Act for the health care industry to the Gramm-Leach-Bliley Act governing the financial industry.

"What are the implications of these legislations? (Companies) can have heavy penalties levied if they are not in compliance with regulations," said Fred Weiller, director of security products for Nortel Networks.

For companies that need to protect their data to comply with such legislation, making security easier to verify and manage is key, said Mark Rasmussen, director of research on information security for Giga Information Group.

"The reason that people are buying these products is that you can take any regulations out there right now and you can build a case that the regulation requires event monitoring," Rasmussen said.

With last week's release of the draft cybersecurity plan for the United States, the momentum may only increase. The so-called National Strategy for Securing Cyberspace calls for companies to increase their own security to protect their own portion of the Internet.

In most cases, that may mean going with a single hardware maker, but in the future that should change as more standards are formed around security response, said Chris Roeckl, director of corporate marketing for security system maker NetScreen, which makes its own managed system of devices.

"I think at the end of the day, there will be integrated security management and it will be multivendor," Roeckl said. "That will come with the maturation of the market."