|
Driving Security Innovation
Although handicapped by a shortage of resources and more dependent on proven technologies, midmarket companies may actually help drive innovative approaches to security, EMA's Crawford says. For instance, some midmarket companies are marrying security management and IT operations by leveraging a configuration management database to improve IT operations like patch management.
The midmarket is also helping drive the convergence of security and management technologies, particularly by demanding that tools in both sectors interoperate. "We're seeing major vendors adopt this story by bringing their core management technologies to bear on both security and IT ops," Crawford says. "You can expect to see a lot more visibility around that trend this year."
When it comes to server virtualization -- a popular development on the operations side of IT -- security and operations overlap. Crawford says that while the downside of server virtualization is that IT departments may have to authenticate servers, the upside is additional security by isolating a virtualized environment from security threats.
Another example of innovative thinking to defend against multi-vector attacks is when two elements of IT -- in this case, operations and development -- are united in a partnership to improve application security. Over the past two years, experts have emphasized the importance of having security "baked in" to new IT projects, whether they involve in-house development or packaged applications. Obviously it's much easier to deal with security issues throughout the development or acquisition process than on the eve of deployment.
Crawford notes the efforts of numerous vendors to deal with security during application development. Ounce Labs Inc., Security Innovation Inc., Fortify Software Inc., Watchfire Corp., SPI Dynamics and other software providers are working to help developers spot security flaws in code long before it reaches the deployment stage.
Inside Threats
Whether or not they are multi-vector, insider attacks are perhaps the most difficult threats to defend against. "People have been focused on preventing bad guys from getting into the network, but what a lot of people don't realize is that a lot of the data that is stolen from a company is actually an inside job," says Robert Frances Group's Murphy. He notes that while 80% of threats are external, most of these threats can be dealt with. The remaining 20% come from inside companies, such as from database admins who sell information.
"It doesn't even have to be malicious," Murphy says. For example, a salesperson might have customer data that is encrypted in a back-end database but then send the data to someone in an email without knowing that Sarbanes-Oxley requires the transmitted data to be encrypted.
To address internal threats, Murphy cites Fidelis Security Systems Inc.'s Fidelis XPS (an extrusion prevention system) as a product that looks at all data crossing a network, checking patterns associated with sensitive data such as Social Security numbers. Other products take different approaches, such as Vontu's line of products designed to target specific portions of the network, such as an email server, in a search of sensitive information.
Controlling user behavior can also lead to adoption of older technologies. Murphy says a technology that once carried high expectations -- public key infrastructure, or PKI -- may attract new attention in the next couple of years. PKI isn't as ubiquitous as was predicted, largely because of the complexity of managing keys. "Using the key is easy," says Murphy, "but if you lose your key or leave the company, that data is now encrypted. So how do you or your company get access?" he says. But as standards continue to develop, vendors such as VeriSign Inc. now offer services to help companies manage keys.
Midmarket companies are looking at powerful technology such as SIM and PKI, as well as ways to combine disciplines, in order to meet the challenge of today's complex, multi-vector attacks. "In general, [midmarket companies] don't have the resources that the larger enterprises have, and so they have to look at solutions that have had wider penetration, more broad market acceptance and tend to be more mature," Crawford says. "They have to get more bang out of the buck for security."
|
