The "NOC" on Security Management, part 2

There are many examples of multi-discipline solutions coming from the vendor community in response to the technology overlap between network visibility for performance management and security management. Few start out trying to do both – most start in one camp and move toward the other with thoughts of expanding their value, as well as budget appeal. Some come from a network monitoring background. One of the first to span both disciplines was Niksun, who offers a common packet-based inspection and recording platform which can serve either network or security operations. Network Instruments also offers a set of solutions via their integrated snort engine, especially for detailed forensic analysis. Solera Networks also came to the market from this combined perspective, though they are now focused more on security and less on operations management. Another group comes from a security monitoring heritage. A great example here is Mazu Networks, whose Network Behavior Analysis approach to recognizing nefarious activity also picks up casual (often ignorant) misuse as well as unexpected application behaviors due to design issues. Another is Lancope, who has squarely added network visibility to their solution set. Both use flow records like NetFlow, Sflow, Jflow, and IPFIX as their primary data sources. One of the newer angles on this convergence is the combination of WAN optimization with security functions. The poster child for this is BlueCoat, the security technology provider who acquired Packeteer and announced late last year that it has largely completed the integration of the two technology bases. Another example is a newer player, Cymtec, who is taking a similar set of capabilities down market, packaging security threat protection and WAN optimization in their Sentry appliance built specifically for the needs (and budgets) of mid-tier enterprises. Finally, there's another camp that uses log management approaches, as Linda Musthaler describes in her column posted today. Going this route will make sense for more and more shops, as security becomes an integral requirement across all aspects of operations. Even if your organization wishes to preserve operational separation between network and security, role-based access to many of these tools can deliver that need, so when it comes down to funding you should look across the aisle and ask if you can join forces to accomplish more with less.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)