advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

November/December 2006 issue

2007 preview: What's rollin' round the bend?

A ‘Council of Ten’ ran the Venetian Republic from 1310 to 1797. Infosecurity Today here presents its own ‘Council of Ten’, but does not envisage the same longevity. We asked ten distinguished infosecurity experts to reflect on 2006 and look ahead to 2007, asking them six questions.

Click to read the answers to each question:

1. What’s been the most significant development in the IT security market in 2006? (scroll down this page)
2. Has compliance been too much of a driver in this market, to the detriment of real security?
3. Do you see IT security becoming operationalized to the extent that information security professionals will (have to) play a more strategic role in their businesses?
4. What examples have you seen, in 2006, of organizations using security as a business enabler?
5. Who has impressed you as innovative in terms of security this year?
6. What do you think will be the big new threat to enterprise security in 2007?

1. What’s been the most significant development in the IT security market in 2006?

Adrian Asher, Global Head of Security, Betfair
The most interesting development and in my opinion something of great significance was the case regarding a SMTP mail spammer. This individual was disgruntled with his former employer, and sent an “email bomb” to their mail servers. Some five million emails, which caused their email servers to melt. When this case first went to court it was thrown out by the judge, saying there was no case to answer.

This set extremely dangerous precedence, even potentially allowing for DDoS attacks (with no extortion demands) to continue with impunity. However when the CPS appealed the verdict, the case was returned to the court. The outcome at this second presentation was a guilty plea, which in some part has reversed this precedence. It is an example like this that shows there is a continuing need for the law to keep pace with the ever changing view of Information Security. The Computer Misuse Act is dated: 1990!

Brian T. Contos, CISSP, CSO ArcSight
I believe the most significant development is the realization that approaching security from the perspective of multiple, disparate, segregated point solutions is dead. It has been my experience that more organizations are starting to approach security from a holistic 'system' perspective. They’ve learned that preventative security can only scale so far, and that a combination of incident prevention, incident detection and incident management is needed across all mission-critical assets (IT, telephony, physical security, etc). This larger, system-based perspective increases operational efficiencies, mitigates risk, and increases an organization’s overall security posture.

Leo Cronin, CISO, Reed Elsevier
In my perspective, the most important development has been a shift from products that are designed to shield our corporations from external threats to those focusing on the actual data assets. Although a lot of this has been driven by compliance, data protection is really at the roots of where the data/information security profession started, especially in the days of mainframes, ACF2/RACF and TSO terminals. (Oh, I sometimes miss those days!)

During the late 80’s and up until recent times, the IT industrial-complex has made it very difficult to continue on a data-focused path with the advent of the PC, LAN and IP networks. The IT security profession has had to focus its energy (and spend) on the threats emerging from distributed computing and the Internet — of course unless you had a pile of cash given to you from the company genie. I am actually glad we are returning to the fundamentals of data protection. The ones and zeros located on distributed computers and removable and transportable data vaults (aka as iPODs, thumb drives and our employee’s home data centers) have been neglected for far too long.

Robert Gleichauf, VP and CTO, Security Technology Group, Cisco
The growing interest in the control of intellectual property, commonly referred to as 'Data Leakage'. This is an age old problem that has come to the forefront in large part because of regulatory compliance. This has lead to the emergence of a number of startups in the past 18 months as well as larger companies reassessing the focus of their products and services. Ultimately I view this as a systems problem that will take years to properly address.

Paul Henry, VP, Secure Computing
In late 2006, we began to see a paradigm shift in our over all approach to information security. Simply put, we have learned from experience that you cannot defend yourself from a well-organized global foe using only an isolated and unaware internet security gateway.

Over time, cyber criminals have altered their modus operandi from that of a small group of hackers launching malware across the internet in effort to show off their skills, to that of working in cooperation with other groups with malicious intent on a global scale. This unprecedented cooperation, and information sharing for shared financial gain, results in a growing global problem where defensive mechanisms places the defender at a clear disadvantage.

The best analogy in the physical world is that of the common 'beat cop' tasked with defending his turf from global terrorists. The limited information a traditional beat cop has to work with clearly put him at a disadvantage against a well organized, funded and multi-faced foe. The beat cop only realizes that he is under attack once the attack has in fact already occurred; leaving little or no chance for any defensive effort on his part. Now, take that same beat cop and equip him with the global intelligence from police forces across the country, the FBI, Interpol and other cooperating global law enforcement agencies regarding the reputation of individuals entering his beat. You then give the beat cop the advantage of being able to stop the attacker at the border long before any attack is launched.

In the Cyber-World we can establish 'reputations' for IP addresses, networks and domains in a similar manner. Botnets and compromised servers never act once and disappear, they are used time and again in various malicious activities such as DDoS attacks, hosting of malware, and of course spamming. Hence it is easy to analytically quantify a reputation for a given IP address, network or domain. The physical world example above the sharing of global intelligence affords the previously unaware defender with the ability to effectively stop the potential attacker at the border.

Simply put, internet defences can now better mitigate risk based on decisions made from the global intelligence shared on a given IP address, network or domains. Every once in a while we see something new in network security that makes you think “why weren’t we doing this all along?” when it occurs we see a paradigm shift as we are seeing today.

Evan Kaplan, CEO Aventail
Microsoft entering the end point security market will have a tremendous ripple effect throughout the industry. Just remember, selling TCP IP stacks for the PC was a billion dollar industry before Microsoft entered that market in 1994 and put it their OS. Where is that market today? It’s going to be tough going for those companies who have made their living selling security solutions like AV for the desktop.

Tom Noonan, General Manager, IBM Internet Security Systems
The foundation for security to be delivered as a service in an on-demand manner. The foundation to this delivery is a scalable, adaptable platform where security technologies operate in an integrated manner as part of an open security platform. With on-demand services and enterprises, Small and medium businesses have the opportunity to draw the level of protection, reporting and risk management information they require from the network, without adding additional complexity to already overburdened security layers.

Hugh Penri-Williams, Chairman of the Information Security Forum
For me, it’s been the trend for the major security vendors to purchase niche security specialist service providers. It therefore enables them to ramp up and make more complete the diversity of analytics and defences of their hitherto primarily anti-virus dedicated offerings. In certain cases, this has evolved into fully-fledged Managed Security Services run on an outsourced basis for major corporations and interfacing with their ticketing systems, incident management processes and dashboard reporting.

Paul Simmonds, CSO, ICI
BP moving 18,000 PCs from working on the Intranet to the Internet, proving the business case for de-perimeterisation.

Alex van Someren, CEO nCipher
The global acceptance that data-centric protection is replacing the traditional secured perimeter. This means protecting critical data wherever it is found in the organization; while at rest within databases or storage systems or while being processed within applications and business systems. There’s still a long way to go but 2006 was the tipping point.

2. Has compliance been too much of a driver in this market, to the detriment of real security?

Features index

 



 

 
Search this Site:
Google Custom Search



Click here...