This year, we took a look in the rearview mirror and observed a lot of convergence, but despite this trend interesting companies still flourish, says Peter Stephenson, technology editor.

Every now and then, some bright security pro has a flash of brilliance. Sometimes those flashes are hidden under mundane challenges. Passlogix's new Shared Accounts Manager (SAM) is one of those products. The mundane problem is password sharing. There are many, what I refer to as, password carvers. These are intended to take passwords -- mostly administrator passwords -- and make them available to multiple users without compromising the password.

And so we reach the end of this year's batch of innovators. But, as we look at this subcategory, we find that it wraps the whole shebang into a neat package, defining what needs to be done to secure the enterprise (and prove it) and why.

All of us old-timers remember LanDesk from its days as part of Intel. It always was a solid suite of products. Now that it is part of Avocent, its promise as a hybrid of network and security policy management is being realized. The notion of managing the desktop and evolving that into security policy management makes a lot of sense.

The views of the visionary I spoke with from this veteran anti-malware company took the conversation in directions I had not expected. He started out by asking, "Why, if I have done everything I can to secure my enterprise, is my data still being compromised?"

Our last category this year is the one that ties everything together: security infrastructure. Here we are talking about those things that support all of the other bits and pieces of security architecture. Just like network infrastructure, security is, essentially, the platform on which everything else rests.

I don't recall the first time I heard the term "extrusion prevention system." It was, I think, an effort on the part of some marketer to tie the notion of preventing data from unauthorized exit (extrusion) from the enterprise to the notion of unauthorized entry (intrusion). Very clever.

No matter how much things change, they stay the same. As I have pointed out, there have been massive changes in security drivers over the past 12 months. The changes have generated a new set of challenges, but, even though our encryption innovator has done a first-rate job of addressing them over the past year, the new issues are generating a sort of déjà vu picture of the encryption market.

The big question I had for Tumbleweed was, "What is email security?" Over the past two years, as we have passed products through SC Labs, I have noticed that the vendor public relations folks who we talk to seem to have a hard time differentiating between the many aspects of threats associated with email.

So far, we have been concerned with tools that manage security and move information around. This category addresses the data itself. Data is, after all, the reason we implement security in the first place. Protecting the infrastructure and protecting the data both are necessary to ensure that our valuable information is not compromised.