Tony Lucich, chief information security officer (CISO) and enterprise architect for Orange County, Calif., and Mark Starry, manager of enterprise architecture and security for in New Hampshire, each hit a few roadblocks during some recent security projects. There were incompatibilities between switching and gear, or security products fell short of accomplishing exactly what was desired. But Lucich and Starry, who don't know each other, share a spirit for overcoming obstacles by getting vendors to innovate to help their organizations.

Some analysts say this willingness to accommodate customers' special needs happens less often in the good times when fat-and-happy vendors will be complacent, but when the bad times arrive, customizing is a way to grow market share. "This 'responsiveness' to customers is most important in downturns like we are in now," says Gartner analyst John Pescatore, noting the smaller vendors often take the lead in this regard.

For Starry at Concord Hospital, the basic challenge was finding the means to comprehensively monitor the complex, high-speed network put in place based on core routing switches and trunking to link healthcare facilities in its New Hampshire locations to share high-speed IP traffic, including voice over IP.

While Concord Hospital already had 's Internet Security Systems intrusion-detection and protection systems at the perimeter, this gear wasn't the right choice for monitoring the entire internal network. Starry says that was mainly because the Nortel network, with its Routed Split Multi-Link Trunking, is so good at eliminating , it made collecting security-related information related to packet flows harder to collect, too.

Starry began a hunt to see what kind of security-monitoring equipment might be out there that could work inside the new network, narrowing down a short list that included Mazu, Q1 and Lancope. But no vendor seemed to support Nortel's proprietary protocol. Rather, 's version of NetFlow was the norm.