3 Questions: Organizations need a way to quarantine, scan, and remediate systems

Security vendors should offer greater interoperability.

By Terry Sweeney

With Al Foitag, chief network architect for a major movie studio in Hollywood, who doesn't want to get trapped by a single vendor's proprietary approach to managing security across the enterprise.

This interview originally appeared in the IT Business Edge weekly report on "Fortifying Network Security." To see a complete listing of IT Business Edge weekly reports or sign up for this free technology intelligence agent, visit

Question: You've spoken out concerning the need for greater interoperability among different vendors' security products. Are you seeing any movement there that makes you more optimistic?

Foitag: Certainly, Cisco and Microsoft are both talking about initiatives and lining up partners. Check Point has its partners program. But these are not really interoperability initiatives; they are proprietary, single vendor, and support a limited number of platforms. Some are still in the framework stage.

Question: If the industry were to carve off two or three functions for greater interoperability, which ones would you put forth on your wish list?

Foitag: I'd ask for a common hierarchical control application/console for security devices/applications. And I'd like a common non-client specific method of doing admission control so customers could use any vulnerability scanner, antivirus product, patch manager, etc., from any vendor to validate systems before allowing them into a network. 802.1x is a start on the authentication piece. Next, we need a way to quarantine systems, scan them, and remediate them before allowing them access. Cisco's Self-Defending Network initiative is a great start along these lines, and so are some of the things Microsoft is planning. The problem is that your infrastructure needs to use Cisco and Windows for these proposed solutions to work. Good business opportunity for them, but not necessarily good for the end user in every case. They are also specific to a limited subset of their partners—not the industry. These solutions leave Macs, most Linux distributions, most other UNIX OSs, Palm OS, Symbian and others out in the cold.

Question: How will you spend most of your security budget this year? And why?

Foitag: Most of the dollars will go towards protecting the application servers, network-based detection/prevention, and event analysis. Server safety and integrity is key, and they house most of the data. Detection and analysis are important because you can't locate and fix a problem if you don't know you have one. Longer-term projects are identity management, single sign-on, 802.1x authentication for all wired/wireless access, and protection in depth versus parameter defense. Some are awaiting funding, some need cycles, and others will take a lot longer than a year to get done.

Editor's Picks