Security moving closer to OS, networks

RSA show highlights need for security companies to redefine roles

Last week's RSA Conference 2005 demonstrated that security components are moving rapidly to the OS and the network as enterprises reinforce their IT systems against a growing security threat.

Major OS providers such as Microsoft are leading the charge. Though he provided scant details on plans for Internet Explorer 7, Microsoft Chairman and Chief Software Architect Bill Gates said that by midyear Microsoft plans to release a test version of a new IE that better protects users from scams and malicious code while they surf the Web. Previously the company's plans called for a new version of the ubiquitous browser to be included in the next version of Windows, code-named Longhorn, due in 2006.

Gates reiterated Microsoft's intention to buy Sybari Software and to add its anti-virus engine to Sybari's server product.

"Microsoft is making a major push into the security market and it has to, because customers are demanding it," said Rob Enderle, analyst at Enderle Group.

On the network side, Cisco Systems announced a milestone in its quest to bolster the security capabilities of its popular networking gear, unveiling a slew of new products, features, and services called Adaptive Threat Defense.

The new software includes end-point security and intrusion-prevention features dubbed Anti-X Defenses; enhancements to Cisco's PIX firewall and SSL VPN products; and expanded support for the NAC (Network Admission Control) program.

The product improvements mark the company's biggest security move since announcing the NAC program in November 2003.

"Security has to move to the operating system and the network, and that is going to push some of the smaller companies out or into different niches. I think the security industry will look different at the end of 2005 than it does now," said John Watters, CEO of iDefense, a security intelligence company.

That was part of the message sent by Symantec CEO John Thompson, who said IT security technology vendors need to change their businesses to respond to new requirements -- for example, by making products that not only protect from attacks but detect them before they hit.

Customers are being squeezed by data-privacy regulations from the U.S. government and from many states on one side, and by virulent and costly threats such as SQL Slammer on the other, Thompson said. To protect them, IT security companies have to redefine their roles by making products that integrate with hardware clients and that reduce the cost and complexity of enforcing security and regulatory compliance, he said.

Hewlett-Packard, McAfee, and Sun also introduced new products. Sun offered several new e-mail and compliance programs. McAfee launched enterprise anti-spyware, and HP offered a product to slow unwanted e-mail.

Paul Roberts and Joris Evers, IDG News Service, contributed to this report.