Where is security going?
Or more specifically, where is the security industry going? When faced with this question Rotham's and Newby's security blogs read like the ramblings of ecclesiastical old men who are tired of their own industries. They are too close to it to scent the excitement maybe?
First of all there are huge changes looming in the security industry. You won’t catch me writing about them as often as I used to because it is hard to be viewed as objective when you work for a security vendor. But let me chime in on this topic.
Change in the security space is, as always, driven by threats. The threats are growing on the criminal as well as state sponsored fronts. What does that mean for the industry?
First, Rothman and a slew of other analysts are right when they say security will have to be embedded everywhere. But what does that mean? What is “everywhere”? Quite simply it means in switches, routers, servers, desktops, cell phones and all devices. So to see change you might have to look beyond the ten or so publicly traded pure plays in security. What are IBM, EMC, HP up to for instance? It will not be long before secure phones, secure routers, secure computers start to show up on the scene.
The trends will be hard to measure because when a $10 billion router vendor adds firewalling to their routers it may not even be picked up on by the research community. When does a router cross over into being a security device? When does an ACL (access control list) become a firewall policy? Look for network deployments *without* firewalls behind the routers and you will start to see this trend in action.
Other areas of excitement include behavior based transaction monitoring, video surveillance, and yes Denial of Service Defense.
And don’t forget to check out the surge in what I would have to call Managed Security Services 2.0: security in the cloud. If 1.0 was event monitoring and reporting ala Counterpane, Riptech, and Guardent, 2.0 is a collection of services built around anti-spam, anti-virus, web content filtering and IPS as well as firewall/VPN and network management. There are hundreds of companies jumping into this space. I see managed services and in-the-cloud services as the hottest growing area in all of security.