Gartner: IT Security Management Market Growing but Future is Uncertain

IT analyst firm offers inside look at the business of managing enterprise security

• By Matt Migliore
• 11/06/2002

According to the report, titled “The Emerging Security Management Market,” there is a need among enterprises for systems that prioritize the abundance of raw data generated by security devices such as intrusion detection systems, firewalls and anti-virus software. In addition, growing regulatory pressure has created a demand for software that helps document system audit compliance.

As a result, a number of niche and broad-based vendors are bringing to market solutions that promise to consolidate the security operations of a heterogeneous environment. Gartner says many of these offerings are limited in functionality. The firm doubts whether the market has long-term viability.

Gartner defines IT security management as a “correlation of security data from multiple devices and systems to enable better security assessment and support corrective action.” It cites the inability of Intrusion Detection Systems (IDSs) to differentiate between real threats and false alarms as the primary driver of this new market.

On the vendor side, Gartner says both niche security and broad-based network and systems management providers are trying to capitalize on the need for security consolidation within the enterprise.

This assertion is supported by recent releases by both Symantec Corp. and Tivoli, both of which have announced new products or product enhancements with security management features (see "Enterprise Security Vendors Focus on Interoperability", Security Strategies, Oct. 9 at http://www.esj.com/news/article.asp?EditorialsID=292).

However, Gartner believes there are some obstacles hindering widespread adoption of security management tools in the enterprise.

First, it says many of the point solutions in this area focus too heavily on managing IDSs and don’t offer enough in the way of audit capabilities or security policy compliance. While Gartner believes some IT security management products from broad-based vendors are more complete in their approach to security management, IT security operations at the enterprise level are so fragmented that organizational issues may limit the number of buyers for consolidated management systems. Furthermore, Gartner says these organizational issues may prevent IS organizations from effectively deploying management technologies.

From a technological standpoint, Gartner believes many of the solutions currently available for security management don’t yet deliver on the promise of the dynamic processing of security data.

“[Vendors] have only delivered very narrow, pre-defined correlation and toolkits that require extensive user customization,” says the report. “Nearly every vendor in the IT security management space is promising pre-defined correlation, but vendor execution in this area can only be validated by customer field experience, which currently is limited.”

Even if vendors are able to eventually deliver on the promise of pre-defined correlation, Gartner believes the IT security management market may be superseded by a new breed of security platforms that provide integrated IDS, firewall and anti-virus functions.

Based on its analysis of the market, Gartner recommends, “IT security operations personnel should evaluate IT security management technology as a tactical way to improve the effectiveness of IDS, audit and vulnerability assessment; an instrument to consolidate security operations; and a bridge to the as-yet unrealized potential of intrusion prevention.”