Wednesday, July 27, 2005

Architectural approach to security on the rise


NETWORK WORLD NEWSLETTER: SCOTT CRAWFORDON NETWORK/SYSTEMS
MANAGEMENT
07/27/05
Today's focus: Architectural approach to security on the rise

Dear networking.world@gmail.com,

In this issue:

* A new way of managing security
* Links related to Network/Systems Management
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Lancope
"Discover the security benefits of NetFlow"

Learn how Cisco NetFlow enables cost-effective security across
distributed enterprise networks. StealthWatch, the Network
Behavior Anomaly Detection solution, leverages NetFlow to offer
Infrastructure IPS and provide real-time intelligence about
network operations and devices to cost-effectively identify,
prioritize and control network behavior. Download "Enterprise
Network Security Doesn't End with IPS" Whitepaper and discover
the security benefits of NetFlow at
http://www.fattail.com/redir/redirect.asp?CID=108748
_______________________________________________________________
CYBERSLACKING - IT COSTS

To the tune of $178 billion annually, according to a recent
study. Employees, at work, are reading the news, checking
personal e-mail, conducting online banking, travel and shopping
more than you might realize. How much time? Click here for more:

http://www.fattail.com/redir/redirect.asp?CID=108705
_______________________________________________________________

Today's focus: Architectural approach to security on the rise

By Scott Crawford

Because it is constantly evolving, the IT security market is
crowded with a mind-boggling range of technologies and tools. An
enterprise's ability to adopt new technologies is often limited
by the management challenge posed by the scope and variety of
options. This, however, has resulted in an opportunity for
security vendors - by enabling them to promote security
architectures.

The "architectural" approach to security refers to the
integration of disparate but complementary security tools into a
managed whole. From the Trusted Computing Group's Trusted
Network Connect initiative, to Sourcefire's "3D" suite, security
architectures integrate a risk intelligence center with a
combination of defenses and proactive risk management such as
patch and software maintenance, all strategically deployed and
interfacing with enterprise authentication services. This
holistic approach enables IT to more fully realize the benefits
expected from the use of many available options.

Infrastructure vendors have been among the most vocal proponents
of the approach, as evidenced by Cisco's Network Admission
Control (NAC) effort. More recently, these same vendors have
begun to drive "up the stack" with an architectural approach to
application infrastructure, as with Cisco's new Application
Oriented Networking (AON) initiative. The reasons are clear:
enterprise and Web applications, like security systems, require
the integration of moving parts into a coherent whole. This is
an approach that lends itself to infrastructure, so the fit has
much resonance in the market.

There would appear to be synergy between the architectural
approach to security and the emergence of integrated application
architectures. Yet up to now, the application security market -
the ground on which these trends would be expected to converge -
has been characterized by products that tend to be
point-centered rather than architecturally oriented, such as
application firewalls.

That is changing as we begin to see Web application security
products that more closely reflect the architectural nature of
enterprise applications themselves. Breach Security, for
example, is a vendor with a new class of application security
products that can monitor application traffic and distribute
security controls to key points throughout the application
architecture. This differs from point-oriented inline
protections, in that monitoring and control can be separated and
distributed across an application architecture itself, rather
than depending on a single inline security enforcement point.

This does not mean that application security enforcement points
disappear, any more than network firewalls have disappeared -
far from it, as the intelligence and performance of application
security point systems is very much needed at key points in the
application architecture. Rather, it focuses on the distribution
of control to the application components where it makes the most
sense, enabling controls integral to network systems,
application platforms, Web servers and databases, all to be
called upon to enforce application security both proactively as
well as in reacting to a detected threat. This leverages the
security capabilities of application components themselves,
distributing risk management beyond single enforcement points.

Architecturally oriented security is becoming an increasingly
common message - but application architectures would appear to
be a most fertile green field for this approach. The complexity
of Web and enterprise applications means that their security
lends itself to the management model of centralized intelligence
with distributed control. Expect to hear more about vendors such
as Breach Security and the emerging field of architecturally
oriented application security in the not-too-distant future.

The top 5: Today's most-read stories

1. 2005 Salary Survey <http://www.networkworld.com/nlnsm3898>

2. Cisco to acquire Sheer Networks for $97 million
<http://www.networkworld.com/nlnsm3899>

3. Verizon joins managed security game
<http://www.networkworld.com/nlnsm3900>

<http://www.networkworld.com/nlnsm3664> 4. Schools battle
personal data hacks <http://www.networkworld.com/nlnsm3901>

5. Help Desk: NAT firewall
<http://www.networkworld.com/nlnsm3902>

Today's most forwarded story:

Verizon joins managed security game
<http://www.networkworld.com/nlnsm3903>

_______________________________________________________________
To contact:

Scott Crawford, CISSP, is a Senior Analyst focused on IT
security, systems and application management with Enterprise
Management Associates in Boulder, Colo., an analyst and market
research firm focusing exclusively on all aspects of enterprise
management systems and services. The former information security
chief for the International Data Centre of the Comprehensive
Nuclear-Test-Ban Treaty Organization in Vienna, Austria,
Crawford has also been a systems professional with the
University Corporation for Atmospheric Research as well as
Emerson, HP, and other organizations in both public and private
sectors. He can be reached at
mailto:scrawford@enterprisemanagement.com
_______________________________________________________________
This newsletter is sponsored by Lancope
"Discover the security benefits of NetFlow"

Learn how Cisco NetFlow enables cost-effective security across
distributed enterprise networks. StealthWatch, the Network
Behavior Anomaly Detection solution, leverages NetFlow to offer
Infrastructure IPS and provide real-time intelligence about
network operations and devices to cost-effectively identify,
prioritize and control network behavior. Download "Enterprise
Network Security Doesn't End with IPS" Whitepaper and discover
the security benefits of NetFlow at
http://www.fattail.com/redir/redirect.asp?CID=108747
_______________________________________________________________
ARCHIVE LINKS

Archive of the Network/Systems Management newsletter:
http://www.networkworld.com/newsletters/nsm/index.html

Management Research Center:
http://www.networkworld.com/topics/management.html
_______________________________________________________________
FEATURED READER RESOURCE
SIX TIPS FOR GETTING WHAT YOU DESERVE

Before you go in for your next annual review or promotion
interview, you would be wise to consider these tips for ensuring
you've got the right stuff to move ahead. Network executives
offer advice to help you gun for that next promotion and fatten
up your paycheck. Click here:
<http://www.networkworld.com/you/2005/072505-salary-side2.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html

_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: networking.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments: