Because it is constantly evolving, the IT security market is crowded with a mind-boggling range of technologies and tools. An enterprise’s ability to adopt new technologies is often limited by the management challenge posed by the scope and variety of options. This, however, has resulted in an opportunity for security vendors - by enabling them to promote security architectures.

The “architectural” approach to security refers to the integration of disparate but complementary security tools into a managed whole. From the Trusted Computing Group’s Trusted Network Connect initiative, to Sourcefire’s “3D” suite, security architectures integrate a risk intelligence center with a combination of defenses and proactive risk management such as patch and software maintenance, all strategically deployed and interfacing with enterprise authentication services. This holistic approach enables IT to more fully realize the benefits expected from the use of many available options.

Infrastructure vendors have been among the most vocal proponents of the approach, as evidenced by Cisco’s Network Admission Control (NAC) effort. More recently, these same vendors have begun to drive “up the stack” with an architectural approach to application infrastructure, as with Cisco’s new Application Oriented Networking (AON) initiative. The reasons are clear: enterprise and Web applications, like security systems, require the integration of moving parts into a coherent whole. This is an approach that lends itself to infrastructure, so the fit has much resonance in the market.

There would appear to be synergy between the architectural approach to security and the emergence of integrated application architectures. Yet up to now, the application security market - the ground on which these trends would be expected to converge - has been characterized by products that tend to be point-centered rather than architecturally oriented, such as application firewalls.

That is changing as we begin to see Web application security products that more closely reflect the architectural nature of enterprise applications themselves. Breach Security, for example, is a vendor with a new class of application security products that can monitor application traffic and distribute security controls to key points throughout the application architecture. This differs from point-oriented inline protections, in that monitoring and control can be separated and distributed across an application architecture itself, rather than depending on a single inline security enforcement point.

Denise Dubie is senior editor with Network World.