In 2013, network security vendors need to develop third-party ecosystems that help enterprises correlate data among the various components of their security architecture. Also, network security pros will need to sort through the software-defined networking
We asked Greg Young, research vice president at Stamford, Conn.-based Gartner Inc., to share his views on the changes we'll see in network security this year.
2013 enterprise network security management: Better integration of network security platforms
Many enterprises have all the network security technology they need. Unfortunately, much of this technology is isolated. Each platform is supplied by a different vendor and there is very little interaction between them. Enterprises need to be able to correlate data between the various pieces of their security architecture, but the answer doesn't lay in security information management (SIM) platforms, Young said.
"SIM is a very broad -- but shallow -- technology, with not as deep a view as [an] IPS [intrusion protection system] or a firewall. The depth will come from the primary tools you use to change a firewall rule, for instance. Correlation will have to extend out to other security products. What we need is better direct feeds [of information] into the actual products themselves; into the primary consoles that operators use. Right now the operators are the correlative interface. They have to juggle all this information amongst multiple screens and consoles. If you can give them less complexity and a better way to track down or resolve alerts, that's the real benefit."
This may sound like a very basic idea, but it's very hard for vendors to execute, Young said. Security vendors don't always play well in a third-party ecosystem, which this issue requires. Many vendors try to just own all of the security architecture in an environment and build their own correlation engine, but many enterprises have heterogeneous environments.
"We've seen it already in terms of better directory integration to help interpret events from firewall logs or event viewers. We've seen it with integration of IPS vendors with vulnerability management tools. We see it with Web application firewall vendors and application-scanning tools. There's some momentum there, but it's got to improve. We have to open it up with a true third-party ecosystem, not just these Barney partnerships."
2013 network security shopping lists
More enterprises will buy next-generation firewalls in 2013, boosting the adoption rate. Gartner's research showed that 10% of enterprises had next-generation firewalls installed in 2012, but the adoption rate is expected to hit 38% by 2016.
Forward-looking enterprises are already casting their gaze on another technology, he said. Advanced threat protection (also known as advanced targeted threat protection and advanced malware protection) will see more adoption in 2013, he said.
Read more of our 2013 networking outlook stories
2013 networking outlook: This year's networking trends
"When the bad guys are faced by a wall, they find a way around it. This is the next wall they will have to face," Young said.
Rather than using signature-based detection like IPSes, next-generation firewalls and antivirus software, advanced threat protection uses a variety of other techniques, including behavioral analysis, to detect attacks. Vendors in this space include FireEye, Damballa and NetWitness (now owned by EMC). Firewall vendors are starting to integrate this technology into their platforms, too, Young said. Palo Alto Networks added its WildFire advanced threat protection service to its next generation firewalls in 2012.
"These are for the very lean-forward organizations that are the most sensitive to security," Young said. "Buying more firewalls or IPSes won't help them, so what can they do? They can either get some of this technology in their firewall or IPS, or they can go with one of the pure-play vendors."
Take a hard look at software-defined networking security
In 2013 the industry will have to take a hard look at how secure emerging software-defined networking (SDN) technology is, Young said. Network security managers will need to sort through the SDN hype and collaborate with network operations teams, who themselves will be struggling to understand SDN.
"What's going to be clear is that there is not a lot of built-in security to software-defined networking, and fundamentally this anything-connects-to-anything approach is pretty much an anathema to what we've had for the DMZ and security architectures in our enterprises and data centers," he said.
Speaking of collaboration, virtualization will continue to vex network security teams. The technology crosses operations centers, Young said. Network security needs to have conversations with servers, storage, virtualization and networking teams. With networks getting more virtualized with SDN and other technologies, this cross-silo communication will be more important than ever.
Let us know what you think about the story; email: Shamus McGillicuddy, News Director.