Network behavior anomaly detection collects flow-based information from networking devices to root out abnormal...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
behavior. NBAD demonstrates how a technology can gain traction when it is delivered as a key feature within a broader threat protection product rather than a standalone one. Sourcefire, for example, now includes NBA features in its 3D system. The Dragon Security Command Console from Enterasys Networks also combines IDS and IPS methodologies with NBA into a single product.
Overall, I think these mergers have improved many Web security product suites, which have quickly acquired additional functionality and sophistication. You can expect to see significant enhancements to many popular products, particularly when it comes to Web application vulnerability detection tools. We are also likely to see more integration in the area of security management consoles. System administrators' lives will be made easier when they can manage security settings from a single management dashboard.
Does all this present an opportunity for your company to get a good deal from a vendor? I definitely think so. Because attacks and defense technologies develop and change so quickly, no one security vendor has managed to become the clear market leader in its field. Plus the top risks are subject to change. For many years, for example, security tools emphasized perimeter defenses. Now, companies are shifting to internal network protection. Compliance requirements are also affecting purchase decisions. The variety of security risks prevent any vendor from charging a premium for its products. The volume of sales therefore is an important factor in any security company's success.
Before investing any of your hard-won security budget, I recommend testing and reviewing several possible Web security products and let the vendors know that you are testing their tool against possible alternatives. You will find that your bargaining position is quite strong, particularly if you include some of the excellent free, open source security products in your trials. Do remember, though, that your security policy – not a salesperson -- must dictate which features your Web security product should have. Also, you must be confident that you have the in-house skills to configure and manage the product that you finally choose.
Dig Deeper on Web Application Security
Related Q&A from Michael Cobb
A privacy breach at ClixSense led to user account details being put up for sale. Expert Michael Cobb explains how companies should be held ...continue reading
A password-verification flaw in iOS 10 allowed attackers to decrypt local backups. Expert Michael Cobb explains how removing certain security checks ...continue reading
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.