http://www.eweek.com/article/0,3658,s=701&a=26622,00.asp By Dennis Fisher May 9, 2002 LAS VEGAS -- Despite the current emphasis on security in the IT industry, CIOs and IT managers are still not paying enough attention to the problems facing their organizations, a panel of security experts said Wednesday. "Security is still very much an afterthought," said Robert Thomas, CEO of Netscreen Technologies Inc., of Sunnyvale, Calif. "It's reactive and not proactive." Thomas' comments came during a keynote panel discussion at the NetWorld+Interop show here that also included representatives from Network Associates Inc., Enterasys Networks and Internet Security Systems Inc. The other panelists echoed Thomas' sentiments, saying that although security currently is getting a lot of attention, the basic infrastructure of the Internet and corporate networks is still fundamentally vulnerable. "The reality is, everything is vulnerable. I just don't believe that we'll ever get ahead of the attacks," said John Roese, chief technology officer of Enterasys, of Portsmouth, N.H. "There will always be a threat, and you'll never be completely protected. I'm disturbed that most enterprises don't have the mechanisms to react to things like Code Red and Nimda." That lack of readiness extends to the government and its vital networks, said Christopher Klaus, co-founder and CTO of ISS, of Atlanta. "Any system that the government says isn't connected to the Internet, that's false," said Klaus, whose company does quite a bit of work with the government. "There's always some engineer who needs to get his e-mail and he plugs the machine into the Internet." And, although many enterprises revisited their security plans after Sept. 11, that hasn't necessarily translated into a boon for security vendors. "The increase in spending on security products hasn't been that big," said Sandra England, vice president of business development and strategic research at Network Associates, of Santa Clara, Calif. - ISN is currently hosted by Attrition.org To unsubscribe email email@example.com with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon May 13 2002 - 03:55:01 PDT