Security management is the new black

The increasing importance of security management software is coming under the spotlight this week as two firms launch radical new products into the UK market.

French security start-up Intranode and US company Foundstone have both launched technologies giving UK IT managers a simple rating out of 100 to alert them to security problems on their network.

According to analyst house Ovum the market for security management tools is growing faster than any other part of the burgeoning IT security sector.

Intranode's chairman and CEO Laurent Stoffel said the service was of relevance to IT directors because it could be used to quickly draw attention to new security problems.

"For the first time now security managers can get the whole vision of IT security across their networks. It is an outdated view that security is by necessity complex," he said.

Intranode unveiled its product, Active Sentry, to the UK market yesterday. It uses 6,000 different automated attack simulations to test networks for vulnerabilities.

Foundstone has also just started selling its Foundscan product to UK and European customers, which also gives customers' networks a security score out of 100.

Foundstone linked with European managed security provider Activis late last year but only this week is the fruit of that relationship becoming clear to customers.

George Kurtz, CEO of Foundstone and author of numerous books on hacking, said: "The biggest problem is that IT security is a journey not a destination, so keeping secure requires constant attention. Our solution addresses this issue by taking the pain out of the everyday drip drip of, for example, patch management."

Graham Titterington, senior analyst at Ovum, said these kind of security management tools are becoming increasingly important. "It is an essential element of a good security policy, and if you don't do it you leave yourself vulnerable," he said.

However, he is sceptical of products that claim to be able to reduce the complexity of security down to a single number.

Titterington said: "This is the kind of gimmick that might appeal to those not so expert in choosing security software - it mollifies managers more than dealing with the real issues.

The real danger is that by focusing on one statistic you actually take your eye off the more important ball."