Evolving the Secure Communications Infrastructure

Security solutions and services are hot topics with enterprises and security vendors alike as the market sorts out best practices for cost-effective security deployments. This research note takes a futuristic look at a secure communications infrastructure, encompassing the major technologies of anti-virus defense (AV), firewalls, intrusion detection systems (IDS), security event management (SEM), and professional services. The road map looks at the evolving secure communications infrastructure over the next 3 to 5 years, as presented in Exhibit 1.

Security supports the corporate world by offering solutions that increase the trustworthiness of e-business systems. The most significant trend over the next 5 years is the increasing proliferation of remote users connecting over the Internet through client-less applications. It is important to highlight the industry trends that heavily influence the Secure Communications Infrastructure Road Map:

• Clientless applications for Web services, e-mail, and VPN drive sharp increases in clear-text http and encrypted SSL traffic.
• Web services penetrate far into corporate networks via http and SSL, eroding corporate network perimeters. Security gateways serving as reverse proxies proliferate.
• Cheaper computing cycles enable enterprises to easily add servers and increase the scale of their Web services. Network-resident security service switches support this trend by simplifying non-disruptive plug-and-play approaches for security features.
• Internet service providers offer denial-of-service, anti-virus, anti-spam, image backup/restore, and URL-filtering features as additionally priced services. Competition drives these security applications to be bundled in the ISP service.

Predictions

• Intrusion prevention provides the last line of defense against attacks for host servers and desktops. Security vendors acquire IP vendors Entercept and OKENA by 2004. Microsoft introduces IP features in Windows in 2008, signaling the beginning of the end for desktop AV solutions.
• Anti-virus software migrates to network security devices, where a single scan of a message can protect downstream devices. Since computing devices always access a network, the burden of content scanning for companies such as Symantec and Trend Micro shifts to network security devices by 2006.
• Application intrusion-prevention devices proliferate by repelling deviant behavior in easily managed solutions. ForeScout and Stratum8 both break through, generating more than $100M in value by 2008.
• Firewall gateways become reverse proxy termination points to cope with increases in encrypted traffic. Growth in clientless SSL/VPNs drives the need to decrypt messages, enable scanning of content for viruses, spam, and inappropriate URLs, and forward the message to the targeted application.
• Network intrusion detection melds into security event management. Intelligent sensor technology (Arbor Networks, Top Layer) combines inline blocking techniques with intrusion-detection systems/vulnerability assessment (ISS, Symantec) to dominate SEM (ArcSight, e-Security) deployments by 2007.
• Service organizations meet the demand for regulatory compliance statements. Generally Accepted Accounting Principles (GAAP) requiring statements of network health in releases of auditor statements for public companies by 2004.

Winners: Cisco, Microsoft, Symantec. These giants have broad product capabilities allowing them to shift with market forces, or use their financial strength to reposition existing products, develop cutting-edge solutions, and acquire promising new technologies.

Winners: Crossbeam, ForeScout, Netscreen, Stratum8. Security upstart vendors carve out lucrative niches marketing network security devices with multiple security functions (Crossbeam, NetScreen) or with high-performance application intrusion-prevention capability.

Challengers: Check Point, ISS, Network Associates. The innovator’s dilemma—the ability to stake out a compelling new vision while remaining passionate about successful businesses—is hitting these companies. The Yankee Group recommends that Check Point aggressively extend its network security dominance, ISS use its access to event data to dominate security event management, and Network Associates license scanning technology to network security device vendors.

Bottom Line

Vendor Recommendations

• Keep an eye on the customer problem. There is a sea change occurring over the next 5 years. Articulate a migration plan for existing customers based on the above market drivers.
• Ease of administration is the key to large-scale deployments. Every product-requirements document must address steps to alleviate the enterprise security-management burden.

• Consider switching costs in your security architecture. Plan to shift the security burden into the network to realize economies of scale.
• Evaluate up-and-coming intrusion-prevention technologies. Prototype a clientless application project through a Web server to determine the total cost of ownership, evaluate the strength of the security model, and drive requirements for vendor products and services.
• Apply network security intelligence to network health issues. Integrate security analysis of deviant traffic patterns with network analysis for network health. Negotiate with service providers for value-added contributions such as service-level agreements based on denial of service as well as quality of content-filtering programs.