When there's not quite the right fit in network security gear to meet your needs and goals, you might wind up settling for some distant second choice, if one exists. But enterprise technology managers are proving you can get what you want by pushing vendors to innovate—a trend that may be growing because of the economic downturn.

Tony Lucich, chief information security officer (CISO) and enterprise architect for Orange County, Calif., and Mark Starry, manager of enterprise architecture and security for Concord Hospital in New Hampshire, each hit a few roadblocks during some recent security projects. There were incompatibilities between switching and security gear, or security products fell short of accomplishing exactly what was desired. But Lucich and Starry, who don't know each other, share a spirit for overcoming obstacles by getting vendors to innovate to help their organizations.

Some analysts say this willingness to accommodate customers' special needs happens less often in the good times when fat-and-happy vendors will be complacent, but when the bad times arrive, customizing is a way to grow market share. "This 'responsiveness' to customers is most important in downturns like we are in now," says Gartner analyst John Pescatore, noting the smaller vendors often take the lead in this regard.

For Starry at Concord Hospital, the basic challenge was finding the means to comprehensively monitor the complex, high-speed network put in place based on Nortel core routing switches and trunking to link healthcare facilities in its New Hampshire locations to share high-speed IP traffic, including voice over IP.

While Concord Hospital already had IBM's Internet Security Systems intrusion-detection and protection systems at the perimeter, this gear wasn't the right choice for monitoring the entire internal network. Starry says that was mainly because the Nortel network, with its Routed Split Multi-Link Trunking, is so good at eliminating bottlenecks, it made collecting security-related information related to packet flows harder to collect, too.

Starry began a hunt to see what kind of security-monitoring equipment might be out there that could work inside the new network, narrowing down a short list that included Mazu, Q1 and Lancope. But no vendor seemed to support Nortel's proprietary protocol. Rather, Cisco's version of NetFlow was the norm.

But Starry didn't give up. He discovered that Lancope was willing to update its StealthWatch network behavior analysis monitoring gear to support Nortel, and he brought Lancope engineers together with Nortel ones to make it happen. This didn't come cheap: Starry says there's so much additional stress put on switches made to export every session out to a security collector that the switches had to be boosted with special hardware cards that cost upwards of $100,000.