Network Computingwww.networkcomputing.com

Launched in 1997 by Check Point Software Technologies, the OPSEC architecture now has more that 200 partners, including Microsoft Corp., IBM Corp., Computer Associates International and Novell. The goal is to provide a standard security framework that guarantees a certain level of product integration.

But look for framework initiatives from vendors such as Axent Technologies, IBM and Network Associates, to name a few, to make a bigger play for your security dollars this year and beyond with unique offerings. One thing is certain: As network applications extend beyond current boundaries and attacks become more sophisticated, the tools needed to protect your assets must evolve. Many of today's security frameworks are more impressive on paper than in reality, but by the end of 2000, there should be several solid solutions from which to choose.

To assess the viability and future prospects of these frameworks, we invited Check Point and Network Associates to show off their security frameworks. In our Real-World Labs® at Syracuse University, we poked and prodded OPSEC and Network Associates' Active Security in an attempt to evaluate interoperability and ease of integration. Although we did not do extensive testing, we came away with a clear understanding of each vendor's architecture and ability to live up to its marketing claims. We think that security frameworks eventually will ease security administration by providing needed centralized policy management facilities and automated response systems.

Centralized Security Management Is Becoming a Necessity
Network-site security started with a firewall protecting the network perimeter, inspecting inbound and outbound traffic, and passing authorized data. As interest in the Internet grew, more files were being downloaded and installed on corporate desktops. This made virus scanning on the desktop and at the firewall more of a necessity. Concurrently, URL filtering and e-mail scanning protected data flowing in and out of the network at the application layer. The public release of Satan brought the idea of vulnerability scanning into the mainstream--and with it the need for intrusion detection. Intrusion-detection systems (IDS), content- and URL-filtering servers, network virus scanners and vulnerability scanners augment network security by examining data that's passed through the firewall.

Not surprisingly, the evolution of network security products has followed a point approach. Niche vendors have created vertical applications that address the needs of one security threat. For example, numerous point products have appeared to block access to networks, scan for viruses, filter unauthorized Internet access via e-mail or HTTP, track network usage and scan for vulnerabilities and ongoing attacks. With numerous point products to install, manage and maintain, the increased burden on management, the need for consolidated reporting and the requirement to bind these disparate products into a cohesive whole becomes increasingly apparent to end users and vendors alike. Security frameworks are aimed at providing the means for consolidating these disparate functions into a single console.

The ultimate promise of security frameworks is twofold. First, frameworks should assist network managers in tightening security across the enterprise network, not only at the perimeter but also where point products reside, by simplifying the implementation of a security policy. Second, frameworks should provide a seamless view of the network from a security perspective, including applications, policies and vulnerabilities. Frameworks also should aggregate data, perform event correlation, handle routine events and alert administrators to events needing immediate attention.