Enterprise Security Vendors Focus on Interoperability

Symantec and Tivoli release products designed to integrate security management.

• By Matt Migliore
• 10/09/2002

The Oct. 2 edition of Security Strategies reported that Symantec has been working to build a standards-based interoperability framework for its own software, as well as that of third-party vendors. Originally it was believed the new framework would be called the Symantec Enterprise Security Foundation, but it was officially announced last week as the Symantec Enterprise Security Architecture.

As part of that effort, Symantec is set to release the Symantec Security Management System, a set of applications that are designed to enable the management of security events, incidents, and policies across the entire enterprise.

Likewise, we reported last week that Tivoli would release a new version, 4.1, of its Risk Manager software, which is also designed to integrate the management of a variety of third-party security technologies.

Last week, Tivoli announced two more security software releases: Tivoli Privacy Manager 1.1 and Tivoli Identity Manager 4.3. Both plug into Tivoli’s Risk Manager interface.

According to Eric Hemmendinger, a research director for the security and privacy team at IT analyst firm Aberdeen Group Inc., most vendors focusing on enterprise security are working to develop software that creates interoperability between a number of different security offerings.

“Vendors can’t just say anymore, we’ll manage all of our stuff, but we’re not going to manage anybody else’s,” says Hemmendinger. “That’s not going to go over very well with customers.”

For Symantec, its ability to deliver a unified management interface for security is crucial to its effort to position itself as a player in the enterprise security market. Two years ago, Hemmendinger says, Symantec was known as a consumer-oriented, anti-virus company. Now “they’re kind of stepping out and saying, ‘We’re not your father’s anti-virus company.’”

The success of Symantec’s interoperable security management architecture depends on its ability to facilitate strategic partnerships. So far, Symantec has reached agreements with Network Associates Technology Inc. and Check Point Software Technologies LTD to link to their anti-virus and firewall offerings, respectively.

In addition, Symantec plans to formally announce a partner program in the first quarter of 2003, which it expects will help it establish more relationships with third-party vendors. According to the company, early adopters of this program currently include TippingPoint Technologies Inc., which develops active network-defense systems, and Entercept Security Technologies, which builds intrusion-prevention software. Under terms of their agreement with Symantec, TippingPoint and Entercept are scheduled to make event collectors for their products available in the December 2002 quarter. The event collectors will enable the Symantec Security Management System to process data from TippingPoint and Entercept software products.

Symantec has also reached an agreement with Tivoli to create third-party relays so that information can flow from the Symantec Security Management System to Tivoli’s Risk Manager offering. The integration of the two products represents a somewhat odd pairing, as they both are being positioned as a single interface for managing security.

Both companies could potentially gain from the relationship. Symantec will extend its reach among third-party vendors, as Tivoli products are known for their level of third-party support. Tivoli, which is not a security-specific vendor, will gain additional security expertise through Symantec.

A prepared statement by Arvind Krishna, vice president of security products for IBM Tivoli, notes, "IBM and Symantec share a common mission to manage security across our customers' complex, multi-vendor environments. Through integration between Tivoli and Symantec software products, IBM can continue to provide the automated, self-protecting security management infrastructure our joint customers expect."

For Tivoli, a relationship with Symantec allows it to focus on its autonomic security initiative, which is an effort by the company to provide customers with self-healing security management systems. Meanwhile, Aberdeen’s Hemmendinger says, “Symantec’s security-centric focus makes it far more likely that they’re going to understand what the customer needs in terms of [traditional security technology.]”