Enterprise investment in network security products is set to be re-ignited by solutions that will monitor content as well as users and devices, said experts at a NetEvents conference in Geneva.

But there is a real danger that the pervasive real-time data inspection being proposed for enterprise network traffic will choke user productivity, drain IT finances and fall foul of EU data privacy laws.

Andy Buss, senior analyst with research firm Canalys, said that the wave of security investment prompted by compliance drivers such as Sarbanes-Oxley and Basel II is now largely over. Which means security vendors have to find a new set of products with which to tempt IT departments.

"Security is now having to fight for budget with other priorities in the network, like WAN optimisation, file systems, data replication and data centre availability, and security vendors need a very clear return on investment (ROI) argument to get their message through," Buss said.

Karl Driesen, vice president of EMEA sales at security appliance vendor Infoblox, believes that current network access solutions, which focus on user and device authentication, only detect when something is going wrong, and cannot provide the granularity of monitoring that future legislation may demand.

"If you ask CIOs who did what this morning, when and where, and what applications they were using, they cannot provide an immediate answer. But companies have a real need of knowing that in real time for compliance and regulation of the future," Driesen said.

Some in the industry argue that it is only necessary to monitor user and device access at the client side and network entry point, while others say that specific content of mission critical applications crossing the network should be analysed, even though this is expensive to do.

"Our vision is to move decision points at block level and to enforce trust policies at the point where the user device accesses the network. You might need to do some packet sampling by directing suspected traffic into an area of the network where full inspections can be carried out," said Bruno Hareng, EMEA product manager for network hardware company HP ProCurve.

James Collinge is director of product management at TippingPoint, a division of 3Com specialising in network security. He believes that some customers, regardless of the cost, may want to define security policy on a per-flow basis, so that problems detected with certain applications will not affect the user’s access to other applications.

"From the budget perspective, it ultimately comes down to the customer’s risk tolerance and the pain point they are trying to address - and that varies according to the industry they are in," Collinge explained.