Thursday, April 3, 2008

Content Management, Monitoring and Protection (from Hoff's post)

I was reading a great post from Hoff that describes what he and Richard Mogull are envisioning as the next evolution of security solutions. Hoff says:"What CMMP represents is the evolved and converged end-state technology integration of solutions that today provide a point solution but "tomorrow" will be combined/converged into a larger suite of services.Off the cuff, I'd expect that we will see at a minimum the following technologies being integrated to deliver CMMP as a pervasive function across the information lifecycle and across platforms in flight/motion and at rest:

  • Data leakage/loss protection (DLP)

  • Identity and access management (IAM)

  • Network Admission/Access Control (NAC)

  • Digital rights/Enterprise rights management (DRM/ERM)

  • Seamless encryption based upon "communities of interest"

  • Information classification and profiling

  • Metadata

  • Deep Packet Inspection (DPI)

  • Vulnerability Management

  • Configuration Management

  • Database Activity Monitoring (DAM)

  • Application and Database Monitoring and Protection (ADMP)

  • etc...
That's not to say they'll all end up as a single software install or network appliance, but rather a consolidated family of solutions from a few top-tier vendors who have coverage across the application, host and network space. "I think that the security market is, in a certain way, walking (slowly) in that direction. If we look at some solutions like NAC and IAM we will notice that they are being built to integrate with other types of solutions. We saw LDAP being quickly choosen as a way to integrate multiple solutions that need to integrate with authentication systems. 802.1X and RADIUS extensions are also making the integration among different solutions easier, specially from NAC vendors. We still need to improve the way that "security endpoint clients" integrate, allowing us to put things that deal with metadata, dynamic content monitoring and identification talking to things like antivirus, host IDS and NAC clients. In a world like that I can see endpoint security solutions being able to take decisions based not only on the security status of a computer, but also on the kind of information that is present and even that is trying to be transmitted through a VPN connection. There are several opportunities waiting for us if we increase the integration features among those solutions. If we work on establishing standards for integration we won't have to wait for a vendor that will be able to offer a complete CMMP suite. That will force vendors into a healthy competition cycle.If you agree with the CMMP concept from Hoff and Mogull, do you think it will be something mostly offered as complete suites from a single vendor or as several different solutions with better integration?

No comments:

Post a Comment