The other effect is the trend toward more rigorous testing at the application level. This is being driven by the Payment Card Industry – Data Security Standard requirements being felt throughout the commercial and consumer marketplaces. Justin Peltier looks at application vulnerability assessment tools and Mike Stephenson put the IDS/IPS products through their paces.
Click here for the Application Vulnerabilities 2007 Group Test
Click here for the IDS/IPS 2007 Group Test
At the perimeter, we noted that there are about half the IDS/IPS products in the lab compared to last year. At the same time, we saw over twice the UTMs when we put them through the lab this year. This supports the movement toward convergence of product types.
Certainly a single box is, arguably, easier to manage than several. However, another piece of the trend is toward distributed protection for very large enterprises. Most of the boxes we saw this month consisted of a command center and a sensor. This is relatively new. In these distributed products one can have many sensors in the field all managed by a single command center.
Still, the down side of combining all of this plus the firewall and anti-malware services into a single gateway is that there now is both a single point of failure and a performance choke point on the network.
Inside at the application layer, we are seeing the emergence of a credible group of vulnerability assessment tools for applications. As Justin points out in his column, these tools cover a broad range of capabilities and fit into two general categories: web applications and back-end databases.
The bottom line for this month is that whole product groups are morphing more rapidly than we have seen in quite a while. The driving forces may be the trend toward consolidation of product types or it may be emerging standards. But the information security industry is beginning to be as vibrant as it ever has been and that, if nothing else, is a most welcome change from the doldrums of the past few years.
— Peter Stephenson, technology editor