CHICAGO — Symantec plans to integrate its products to offer more proactive control and close the gap between awareness of security issues and specific immediate action, executives told its annual enterprise partner summit.
At the conference — which attracted about 150 North American partners
late last week — Symantec chairman John Thompson said an increased level of threats, the complexity of tools, and the high cost of ownership are fuelling the demand for integrated security software. “”Customers now have an incredible array of choices,”” he said. “”We need to help them address, ‘How do I drive down the cost of managing this?’””
Rob Clyde, Symantec’s vice-president and chief technology officer, said challenges include an increasing number and sophistication of attacks; increasing complexity across an enterprise; resource constraints; risks difficult to define and prioritize; and a lack of reactive products.
Clyde said IT security solutions on the market today lack cohesive security management capability. He also said they are overly complicated and don’t have enough customization of applications and a limited availability of expertise. “”The world today is fragmented and it’s difficult for organizations to get a handle.””
Today, typical security products are branched into three main areas: gateway, server and client. In the area of client security, for example, integrated offerings will include anti-virus, client firewall and intrusion detection. Future developments will include enhanced firewall capabilities and client-compliancy checking, he added.
“”Solutions (which alert, protect, respond and manage) must exist at every layer and the more integration you can deliver, the simpler it becomes and easier it is to manage,”” added John Schwarz, Symantec’s president and chief operating officer.
But according to a recent Gartner Inc. study, the intrusion detection systems (IDS) market — a piece of the pie for Symantec — is not considered as lucrative as once perceived. The study says IDSs “”have failed to provide value relative to its costs and will be obsolete by 2005.””
The study says problems associated with IDS are: false positives and negatives; an increased burden on the IS organization by requiring full-time monitoring; a taxing incident-response process; and an inability to monitor traffic at transmission rates greater than 600 megabits per second.
“”IDS technology does not add an additional layer of security as promised by vendors,”” the study says. “”In many cases, IDS implementation has proven costly and an ineffective investment.””
As such, Gartner recommends enterprises redirect cash towards the firewall market, selecting network-level and application-level firewall products, which is “”the most effective defence against cyberintruders on the network.””
Symantec insists the IDS market is alive and well. “”We’ve talked with them (Gartner) about this and there continues to be market opportunity,”” said Allyson Seelinger, vice-president of North American channels. For resellers, there’s a lot of opportunity in the consulting and design arena. “”Intrusion detection offers a particularly good opportunity for channel partners.””
The company recently launched a trio of intrusion detection solutions including the Symantec Decoy Server, which detects, contains and monitors unauthorized access and system misuse as it happens; as well as a host intrusion detection and prevention solution for servers, dubbed Host IDS 4.1; and ManHunt 3.0, which provides multi-gigabit network intrusion detection.
The company also plans to offer platform expansion and new prevention capabilities with the Host IDS releases, as well as offer network integration with Symantec Security Management System (SSMS) and Linux support, Clyde said.
North of the border
In Canada, meanwhile, a key focus for partners is on certification, said Kevin Krempulec, Symantec Canada’s senior district manager of channels and SMB.
And while Krempulec said there’s an overall shortage of security VARs (in part because of Canada’s vast geography), Symantec’s enhanced certification process, announced June 1, is designed to help alleviate the problem by attracting more VARs to the table.
The program shortens the time it takes a partner to become certified, and reduces the number of security exams from 12 to four, he said. The exams cover Symantec’s firewall and VPN technologies, vulnerability management technologies, intrusion detection technologies, and virus protection and content filtering technologies. To achieve certification, candidates must pass at least one exam plus an authorized third-party vendor neutral security exam.
Another hot zone for resellers in Canada, Seelinger added, is the managed security services (MSS) arena. Many companies don’t have the in-house expertise to deal with the increased risk, Seelinger says, and therefore need to outsource. According to Gartner, 60 per cent of enterprises will outsource monitoring of at least one perimeter security technology by 2005.
Symantec will be looking for three types of partners to sell MSS. These include managed security services partner (xSPs, hosting, telecom); managed security solutions partner (VARs, system integrators, consultancies); and managed security reseller partners (reseller, asset management). The services partner resells MSS as a service bundled into their own offering; while the solution partner and reseller both resell the MSS as a product.
Currently under review is the pricing model surrounding MSS in Canada, Krempulec adds. “”As we roll out to the channel we have to make sure there’s no hiccups, make sure it’s competitively priced in the Canadian marketplace, and make sure we have flexible pricing.””