Security's Management Meeting

12:50 PM -- Q: How many security pros does it take to diagnose and fix a vulnerability?

A: None. That's a management problem.

Okay, maybe things haven't gotten that bad yet. But one thing's for sure – enterprise security is becoming a lot less about changing the individual light bulbs, and a lot more about managing security across the enterprise.

Don't believe us? Take a look at some of our recent headlines. One vendor launched a multi-function tool that falls somewhere between a bandwidth manager and a Swiss army knife. (See Cymphonix Tunes Security Management.) This thing does network management, event management, threat management, application prioritization – we're pretty sure it will even hold hours of unproductive meetings in a cold conference room, just like a real, human manager.

And IBM Internet Security Systems is doing a security riff on the network operations center that lets enterprises outsource some aspects of security management while retaining others, all from a central location. (See ISS Broadens Management Mandate.) Like Cymphonix, ISS is trying to give security pros a platform for monitoring and controlling security tools and functions, which up to now have been more spread out than the judges after the chili cook-off.

Of course, vendors aren't the only ones trying to get some control of heterogeneous security environments. Aurora Health Care has also started using a network monitoring tool from Lancope Inc. to monitor many security components, without the time and expense of deploying traditional IDS/IPS products. (See Aurora Reaches for Security Rx.)

Similarly, investment bank Thomas Weisel Partners has deployed an anomaly detection system from Arbor Networks Inc. to speed its investigation of suspected security problems while bypassing the IDS/IPS alternative. (See Bank Looks for Anomalies.) Aurora and Thomas Weisel had one thing in common: They needed security management quickly, and they weren't willing to pay through the nose to get it.

Even apart from our headlines, the trend is unmistakeable. Around the industry, we are seeing greater interest in tools that can help integrate the barrage of data that security managers receive each day, and make good decisions on what to fix first. Consider the move toward security information management tools. And in some cases, vendors are selling tools that they say can fix vulnerabilities before they even pose a threat – look at the way Juniper Networks Inc. (Nasdaq: JNPR) jumped on the Microsoft Corp. (Nasdaq: MSFT) bugs on Tuesday. (See Microsoft Reveals New Holes.)

In the systems and network management world, there's an old saw that goes, "If you can't monitor it, you can't manage it." Today's security environment is much like the enterprise management environments of a decade ago – lots of devices, lots of data sources, and lots of point products for managing them. And few good tools for consolidating the data, much less integrating the applications.

What we need, as General Custer might have said, is a better way to assess the threat and decide what to do about it. The new management tools are a long way from completely solving that problem, but they're getting there.

Until then, we'll have to keep changing the light bulbs ourselves.

— Tim Wilson, Site editor, Dark Reading