Symantec and e-Security are moving in this direction. Symantec's DeepSight Alert Services offers a feature that tracks whether a security alert has been reviewed by corporate IT staff and checks on progress, such as whether all systems have been patched, until the alert is resolved. E-Security introduced e-Security Advisor, which uses a company's event-management software to help managers quickly determine whether newly discovered vulnerabilities will affect their systems.

Next up: leveraging the security technology already deployed. Security managers mainly use event-management applications to cull useful information from the flood of security data being collected by firewalls and intrusion-detection software. More companies will expand the use of such apps to gather information throughout the IT infrastructure, including smart cards, biometric devices, network-access logs, and user application login and access data. "Companies want a holistic view of their organizations' security posture," says Ian Hameroff, business manager for security products at Computer Associates.

Other vendors agree. "After they're done with firewall and intrusion-detection data, customers invariably say they want input from their VPNs, antivirus software, and various kinds of provisioning and access-control apps," says Hugh Njemanze, senior VP of research and development at ArcSight. "Then they want to bring in security-relevant logs from SAP and other critical applications. They want to drill deep."

All that is difficult to manage. Enter multipurpose network-security appliances, which vendors such as CloudShield, Crossbeam, NetScreen, Nortel, Symantec, and Tipping Point are developing. The goal is to run all network traffic through an appliance that consolidates many security applications so they're faster and easier to manage. The devices will gain prominence by 2004, because they'll increase security while reducing costs, says John Pescatore, a security analyst at Gartner. By the second half of 2004, security vendors will improve integration among the various security applications on these platforms, which often will include firewall, intrusion-detection, antivirus-gateway, and vulnerability-assessment functions, Pescatore predicts.

That should reduce management headaches and increase security. For example, if a new worm traveling the Internet attempts to infect a business, the vulnerability-assessment software should be able to tell the intrusion-detection app not to issue alerts to the security team if the company doesn't have the at-risk software or if its antivirus software is prepared for the attack. "If you're not vulnerable, you can just drop the packets, and no one ever needs to be notified," Pescatore says.

Gartner predicts that 60% of intrusion-detection systems will run on these kinds of network-security platforms. But integration is easier to promise than to produce. "Analysts predicted PKI public key infrastructure would be huge. People making these predictions don't have to implement this stuff," says Lloyd Hession, chief security officer at Radianz, an outsourcer that runs networks for financial-services companies. "We're going to see a lot of hype and big talk about appliances and tight integration. I'm very skeptical, because this stuff rarely works as advertised."

False alarms are one of the biggest headaches caused by today's intrusion-detection applications and the No. 1 problem vendors need to solve. If they don't, these intrusion-detection apps "will die as a standalone product category," Pescatore says. Christopher Klaus, founder and chief technology officer of Internet Security Systems Inc., says ISS is improving its ability to root out false positives. "We have over 20 different algorithms that we use to make sure it's a real attack," he says.

Last month, Cisco Systems unveiled plans to acquire Psionic Software Inc. for $12 million. Psionic's software eliminates most false alarms that intrusion-detection systems generate, and Cisco says it plans to incorporate those features into its security products, including intrusion-detection systems and security-management applications.

The line between firewalls and intrusion-detection software is blurring, as evidenced by network-security appliance vendor NetScreen's recent acquisition of intrusion-detection and -prevention vendor OneSecure Inc. By next spring, NetScreen plans to integrate OneSecure's capabilities into a multipurpose appliance, which already includes a firewall, denial-of-service attack prevention, IPSec, VPN, and traffic-management capabilities. "You only have one device to worry about and one management system rather than four or five and one policy for intrusion detection, firewall, antivirus, and VPN access," says Nir Zuk, chief technology officer at NetScreen.