What is hot in security?

The question I get asked the most lately is “what is hot?” in the security space. While security in general has never cooled down thanks to the bad guys’ boundless energy and pursuit of money and status, there is definitely an ebb and flow to the various sectors.  Some sectors just percolate along and then take off. Strong authentication is that way. Web application firewalls are still in that percolation state.

The hot areas are managed services, NAC, and compliance.  Security is getting too complex for many smaller companies to manage themselves, thus the rise in managed security services.  Heavy duty marketing around Network Admission Control from Cisco has created strong demand for companies that are drafting on Cisco’s promises by delivering at least part of what NAC is supposed to be. (See my Knocking CNAC post for all of my objections to the idea of trusting end points). Consentry and Lockdown Networks are two companies profiting from the NAC driver.

While compliance is not necessarily directly related to making an organization more secure it is a huge area of spending recently and vendors that make record keeping and reporting easier are seeing success, especially when combined with a managed service. It is perfect: outsource the onerous without increasing risk. Secure-24 is one example. McAfee’s announcement today that they are acquiring Preventsys underscores that this is indeed a hot area.