Closing gaps between security, compliance and management

* Behind the convergence of security, compliance and management software

Last week, we looked at how the convergence of management with security and compliance software is increasing reliability and availability, and reducing operational risks. It has often been the gaps between security, compliance and management that have driven the convergence of all three.

This is what gave rise to the technology of network behavior anomaly detection, for example. Vendors such as Arbor Networks, Lancope, Mazu Networks and Q1Labs essentially leverage network flow analytics (a management technology) to provide an effective weapon against worms and many other security threats.

One of the most significant gaps apparent today is in policy management. We see policy management emerging in various areas, but there is still a need for products that embrace comprehensive policy across multiple domains. The one-size-fits-all approach is rarely appropriate for IT assets that may have a number of different attributes depending on use case, users, and applicable security or regulatory policy. Enforcement must go beyond the notion that “you must be at least this tall to ride this network” to assure policy compliance throughout the life of an asset’s presence.

One company that has seen the opportunity this gap presents is Elemental Security, which debuted earlier this year. Elemental’s agent-server approach embraces a wide range of host attributes. These can be grouped as needed, or according to defined measures such as compliance with a specific policy or regulatory mandate. This allows high flexibility in visualizing the current posture. This also enables the identification of non-compliant or unmanaged hosts on the network, which can be reconfigured or contained according to applicable policy, whenever they appear.

Since the approach cuts across so many different domains, I asked Elemental customer Doug Torre, director of networking and technical services with Catholic Health Systems in Buffalo, N.Y., about the alternatives he had considered, and why he had settled on Elemental. Doug said he had not found any one product that met so many of his policy management requirements in so many flexible ways. It met his requirements for policing the compliance of hosts on his network on an ongoing basis. It’s a classic case of a converged management, security and compliance product arising to help define an emerging market by meeting needs across all three domains.

I invite you to join me tomorrow, Thursday, Sept. 8, at 4 p.m. Eastern/1 p.m. Pacific, for a free Webcast in which I’ll be taking a deeper look at how the convergence of security, compliance and management continues to drive innovation like this. I would be particularly interested in hearing from you during this event - about the tools you are using today that integrate the values of management with security and compliance, and what you see as the most significant gaps still remaining. You can register here.

I look forward to (virtually) seeing you there!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.