Typical enterprises include task-specific security devices in heterogeneous environments that cannot easily communicate or coordinate mitigation strategies. Several proprietary approaches exist to facilitate this communication, but these are usually limited to single-vendor environments.

To address this problem, a growing trend is to use XML to share security data. The strength of XML is that it enables devices to collaborate easily by providing a lingua franca to communicate with each other. Information and services can be encoded with meaningful structure and semantics that intelligent devices can understand. XML enables rapid information exchange and can easily be extended to include user-specified and industry-specified tags. Languages based on XML are formally and universally defined, enabling programs to modify and validate documents in these languages without prior knowledge of their particular form.

XML is text based, which makes it highly portable, readable and easy to troubleshoot. Because of its wide adoption, numerous tool sets, both commercial and open source, are available to simplify and speed application development. These tools work with multiple programming languages, including C, C++, C# and Java, and scripting languages such as Phyton, Perl and Tcl. This broad flexibility enables XML to be used in almost any application or programming context.

In addition to flexibility, XML is secure. HTTP over SSL (HTTP/S) is the most common scheme used to ensure XML data is transferred over a secure channel. Applications requiring higher levels of security can encrypt and sign the actual XML data before transmitting it via an HTTP/S channel.

To use XML, network infrastructure devices and security appliances must include common elements in their APIs to communicate information between systems. Key steps of this process include: data elements to be shared must be identified and defined (virtual LAN [VLAN] information, for example); XML tags must be created to isolate and represent each piece or type of information; and data must be broadcast, via XML, between the switch and the target security appliance. With these parameters established, the systems can share information and create policies automatically based on real-time information.