[ISN] Security survey finds 'best of breed' software works best

From: mea culpa (jerichoat_private)
Date: Sun Dec 27 1998 - 12:05:03 PST

  • Next message: mea culpa: "[ISN] 1998 Hacker Darwin Awards :)"

    Forwarded From: darek milewski <darekmat_private>
    Security survey finds 'best of breed' software works best
    By Jim Kerstetter, PC Week Online
    December 23, 1998 9:00 AM ET
    It's a debate reminiscent of the early days of enterprise resource
    planning applications: best of breed or packaged suites? Which is best for
    your company? 
    Security software is no different. A recently published report by
    Forrester Research Inc., in Cambridge, Mass., says best of breed, at least
    for now, is the best way for your company to go because one company may
    not be best at all aspects of security. The maker of a good firewall, for
    example, may not know what to do with digital certificates. 
    Forrester interviewed security managers at 50 Fortune 1000 companies and
    talked with executives at more than a dozen security companies, ranging
    from IBM to Netegrity Inc.  The conclusion among many of those security
    managers was twofold: First, security suites have so far been products
    picked up in the acquisition process and are weakly integrated;  second,
    companies tend to buy security products one at a time, as needs arise, and
    aren't likely to have a suite strategy. 
    A security administrator at an East Coast utility backed up Forrester's
    contentions, saying that buying into a security suite strategy doesn't fit
    his company--yet. "We don't have that kind of need because we're buying
    things one at a time," said the administrator, who requested anonymity.
    "It's hard for us to plan for a suite when, really, we're just looking to
    solve our next problem." 
    "Suites aren't a solution to users' security problems. And the way that
    [users] can rise to the security selection and implementation challenge is
    by dividing and conquering," said analyst Ted Julian, the report's
    Julian divided the market into four major areas for products and
    responsibilities inside a corporation: infrastructure access, content
    integrity, application user and operational compliance. 
    Infrastructure security systems control network and system access and
    protect against denial-of-service attacks, Julian said.  Those systems are
    the domain of a network administrator, who must handle a variety of
    systems, such as firewalls, routers and remote access servers, and work
    with protocols such as IP Security as well as authentication services
    including hardware tokens and digital certificates. 
    On another level, an IS administrator should be focused on content
    integrity, which means looking for malicious content in viruses, Java and
    ActiveX code and office suite macro viruses. 
    In turn, application security middleware controls access to enterprise
    applications by adding security to software that doesn't already have it. 
    Application developers with skills in Component Object Model, Common
    Object Request Broker Architecture, C++ and Common Gateway Interface
    should be assigned to these tasks, Julian said. 
    Finally, operational security--the true domain of security
    administrators--detects security breaches in progress and discovers
    systems that are not in compliance with security policy. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:14:41 PDT