Analysis: The network is the security

Analyst Jon Oltsik says the network security market will inevitably consolidate. Here's which company will come out on top... and which is the dark horse in the running.

Remember computing in the 1980s?

This was an era when standalone IBM mainframes and VAX minicomputers dominated the computing landscape. Each system ran an application or two for a specific constituency. Application and data integration was so cumbersome that few companies had the skills, budgets or stomachs to attempt it. Mainframes and minicomputers were truly data-processing islands.

Fast-forward to 2004, and network security looks a lot like the host-based computing landscape of the early '80s. Network security is based on scads of individual boxes and limited integration. What's more, network security isn't really part of the network; rather, it is an overlay on top of the network. Talk about inefficiency!

This federated approach to network security was sufficient 10 years ago, when companies had limited internet access for low-priority activities, but this is no longer the case. Fragmented security architectures are a liability today, because they are expensive, an operational burden and can't provide adequate security protection. Otherwise, they're great.

Given the growing scope of threats and the limitations of current security architectures, a new model is warranted that integrates security functionality across the network. To borrow from Sun Microsystems, in the future, "the network is the security".

What does this mean? When users log on each morning, the network will know who they are and what they have access to. When employees start poking around where they shouldn't, the network will cut them off and report the behaviour to the security staff.

The network will keep tabs on assets like servers and switches, retaining a database of current hardware and software configurations. To minimize malicious-code propagation, every desktop will be scanned for malicious code, patch levels and antivirus signatures before it is granted access to network resources.

Network devices will have the ability to tear apart packets, block malicious code, enforce policies and filter content up and down the OSI (Open Systems Interconnection) stack. This means that the network will perform the same functions that firewalls, intrusion detection and prevention, antivirus and content-filtering systems do today.

Like existing tools from Arbor Networks, Mazu Networks and Q1 Labs, the network will create a model of 'normal' network flow to create a better understanding of things like server traffic, protocol patterns and port usage. When the network detects anomalies, it will alert the security staff or dynamically block suspicious activity in real time.

As network-centric security delivers better protection and lower costs, chief information officers will abandon their current best-of-breed security strategy and seek out partners who can deliver the whole enchilada. No one vendor has all the pieces for network-centric security today, but several have strong leads and the wherewithal to fill in their product holes.

Contenders from the security industry include Check Point Software Technologies, McAfee and Symantec.

Check Point has most of the pieces but depends on channel partners like Nokia and Nortel, which may see this move as competitive. Look for Check Point to slowly create a direct sales force.

McAfee has the right assets but is in the midst of a corporate renaissance. Once this process is fully baked, the company will get more aggressive, probably by year end.

Symantec has a deep portfolio, momentum and a solutions-focused mindset driven by CEO John Thompson, a former IBM honcho. It is the best-positioned of the three.

In the networking world, there's Cisco Systems, of course, and newcomer Juniper Networks.

Cisco has boatloads of products, a killer installed base and oodles of cash. It also has a penchant for giving away security stuff to win networking deals. On the downside, Cisco stuff still doesn't integrate very well.

Even though Juniper has a limited enterprise installed base, customers are looking for a viable number two vendor to keep Cisco honest. This, combined with its recently acquired NetScreen Technologies assets, make it a logical competitor.

Other networking vendors, like 3Com, Enterasys Networks and Nortel Newtorks, have articulated the network-centric security vision but don't have the products or market clout to lead in this area. These companies will likely acquire point solution vendors, push for open standards and form partnership alliances to compete with the dominant players.

Don't laugh, but the dark horse here is Microsoft. It already has a lot of the security infrastructure and more coming in Longhorn. It can bundle its way to win over the Windows-only crowd.

As the network becomes the computer, the industry will consolidate from a zillion start-ups and point tools into the domain of the dominant few.

Jon Oltsik is a senior analyst at the Enterprise Strategy Group.