But organizational conflicts, rather than technical gaps, may be the biggest obstacle to greater integration of security management and systems management technology, says Chris Christiansen, vice president of security products at IDC. “You’ve got lots of people who have based their entire careers in certain areas, and they’re not anxious to give that up,” he says. For example, systems management staff are reluctant to give up control of automatic configuration and patch deployment to systems run by security management groups.
“If you’re a sys admin, you’re going to be territorial about the systems you manage,” Morgan Stanley’s Braunstein says. “You don’t want lots of people with root or enable [privileges].” Although they might not be able to simply merge network security and network operations groups, companies can improve the way these groups manage systems and the data they generate, making central control and automatic provisioning more than just a pipe dream.
Security from all sides
Fiscal austerity is one of the main motivations for consolidating security functions, as enterprises look for ways to manage their network without adding head count. “Companies just don’t have the budget to hire people at the rate that they’re adding new hardware,” netForensics’ Guay says. “The days of having separate IDS and firewall support teams are gone.”
For companies interested in better network security management but wary about making a major IT investment amid so much change, MSSPs (managed security services providers) offer an appealing option. Such services offload the difficult management and integration problem to security experts and allow companies to aggregate security information from hundreds or thousands of security devices, providing better information on emerging security threats.
In the end, however, there’s no silver bullet for the security management problem. All-encompassing SEM solutions work for some organizations but not others. “To some extent, the multiplicity of answers is applicable to the complex nature of the problem. Some people might see [security management] as a chaotic situation, but others just see multiple ways of getting to the same solution,” IDC’s Christiansen says.
For companies exploring SEM/SIM technology, IBM’s Krishna advises a measured approach. “People try to do too much,” he says. “It’s like trying to juggle 50 balls. We tell our customers, ‘You can do all these hundreds of things, but let’s be focused and do two. We’ll get those under our belt, then do two more.’ ”