Security News > 2004 > December > Q&A: ISS exec on security threat prevention
http://www.computerworld.com/securitytopics/security/story/0,10801,98047,00.html By Jaikumar Vijayan DECEMBER 03, 2004 COMPUTERWORLD Security architectures that are designed solely to react to threats instead of preventing them in the first place are doomed to fail in a world of fast-evolving and self-propagating threats, says Tom Noonan, CEO of Atlanta-based Internet Security Systems Inc. What do you see as some of the big trends in the security market? This whole notion of reaction in terms of how our systems have been built is running out of steam. Preemption is going to be a very, very fundamental theme in the direction which security is taking. The concept of preemption basically addresses the question of why not avoid a threat or detect it and prevent it rather than react to it. If you look at the traditional security model, all of our technologies have been built as an ad hoc response to a new threat. Fifteen years ago, the only threat was floppy-transported viruses, so the solution was PC-based antivirus. When the threat became unauthorized access, we built firewalls; when it was spam, we built antispam; when it became spyware, we built antispyware tools; and when it is malicious content, we built content security tools. This entire industry has been built in an ad hoc, reactive manner. The technologies that lie underneath are all signature-based, and you cannot have a signature until you have an active threat. That was fine in a disconnected world. When you mention "signature-based technologies," are you referring specifically to antivirus tools? I'm talking about a signature that uniquely identifies a threat by name. Most intrusion-detection systems, most antivirus products, spam, spyware and content-security systems effectively work this way. So how does being preemptive help? Today, time and again, you see the devastating and pervasive impact of highly effective, self-propagating viruses and worms because the vast majority of businesses are dependent on multiple layers of reactive technology. Businesses are suffering daily from this reactive model. They have added every layer of protection they can, and they are still being compromised. The highly effective, self-propagating nature of Internet threats today forces companies into a reactive posture, and that is inefficient. The threat has scaled the control systems that are in place. When you talk about being more proactive, it's not only technology we are talking about, right? We are talking about technology and also about architecture. We are already seeing a pretty dramatic shift in security architectures on the Net. We are talking about management, which is very, very different in a preemptive world. We are talking about a dramatically different economic model in terms of the cost structure and clearly we are talking about different processes internally. What shift are you seeing in security architectures? A move away from point products toward platforms. The disaggregated, multiple layers are going away because the responsibility for making all that stuff work together has been thrust upon the unknowing IT department. The reality is that a whole bunch of acquired products marketed under the same brand, or the same bunch of products marketed under different brands, have never been built as a system or as a platform for security -- only as independent point capabilities to detect a threat. You also mentioned a shift in security economics. Since 2001, security budgets have been increasing on an average of 15% to 20% a year. That is totally unsustainable. No aspect of your cost structure can possibly sustain that kind of growth rate in a competitive global economic environment. CEOs and CFOs are forcing CIOs to be more efficient, not just with capital purchases but with the cost of labor itself. The economic shift in moving toward a platform is pretty significant. Platforms are built to be enterprisewide, meaning they are built and integrated to operate as one system from a vendor. What kind of products or services are you delivering to help your customers address these trends? If you look at our company, most people recognize us as the inventor of intrusion-detection systems and vulnerability-detection systems.
News URL
http://www.computerworld.com/securitytopics/security/story/0,10801,98047,00.html
Related news
- AWS security essentials for managing compliance, data protection, and threat detection (source)
- Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority (source)
- MUT-1244 targeting security researchers, red teamers, and threat actors (source)
- Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat' (source)
- Balancing security and user experience to improve fraud prevention strategies (source)
- Are threat feeds masking your biggest security blind spot? (source)
- Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released (source)