Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, April 25, 2007

Compliance drives security configuration management

Spending on products that monitor security configurations across various systems in an enterprise is on the rise and compliance initiatives are fueling the spending according to analysts who follow the market.  In many cases an auditor is coming in and saying that there are short comings in change and configuration management so we’re seeing more activity from in on the operations side.  While a number of niche players are capitalizing on the spending, some are broadening their reach as businesses seek vendors that can provide a wider range of services.  In a study conducted last year by Forrester, Altiris and BindView, security vendors that were both acquired by Symantec, were identified as the leaders in the market, followed by LANDesk Software and BigFix.  There’s no doubt that Symantec saw the security configuration management as a growing trend and needed to broaden the features of its product, Kark said.

“Either it’s a vulnerability in software, which we are all familiar with or configuration changes being made day to day by people within the organization that introduce vulnerabilities,” he said.

Colorado Springs, Co.-based Configuresoft Inc. is making itself stand out by trying to capitalize on organizations upgrading systems to a service oriented architecture and those that are using server virtualization.

Companies such as Lexington, Mass.-based Bladelogic Inc. are filling the need for server configuration management, said Mark Nicolett, research vice president at Stamford, Conn.-based Gartner Inc. “This segment is a bit busier than it had been and I expect this segment to be driven harder,” he said.  The vendor is using business intelligence to alert management of any configuration changes that can open holes and increase risk, said Andi Mann, a senior analyst at Boulder, Co.-based Enterprise Management Associates.

George Gerchow, Configuresoft’s technology strategist said merchants seeking compliance with PCI DSS, credit card security standards are driving spending on configuration management tools.,289142,sid14_gci1252785,00.html

Posted on 04/25