http://www.haaretzdaily.com/hasen/pages/ShArt.jhtml?itemNo=304489 By Galit Yemini June 17, 2003 "About 70 to 80 percent of information security breaches in organizations are caused by the firms' own employees, and not by outside hackers," says Arie Danon, CEI of information security company Symantec Israel. "It is customarily thought that the danger to an organization is from some crazy bored hacker sitting at home looking for a site to vandalize, but in most instances this is not the case," says Danon. "Most breaches and failures of information security in organizations are caused by its employees, whether maliciously, because the employee wants to take revenge on the organization or because he has found an easy way to make money, or by accident, when employees don't follow information security procedures and cause information leaks from the organization, a very common phenomenon." In recent years Symantec, which purchased the Norton Anti-Virus software program, has diverted the focus from the home market to the organizational market. In the past four years, sales to the home market have dropped from 70 percent of total sales to 40 percent, and the trend is likely to continue. This is no accident. The Gartner research company announced this week that most organizations worldwide will invest more than 5 percent of their information technology (IT) budgets on information security - an all-time high. Organizational spending on security has grown by 28 percent annually since 2001, while IT budgets have grown by just 6 percent per year over the same period. The technological abundance in this field causes problems. "The more security tools an organization has, the harder it is to manage the systems together," says Danon. "So this year Symantec entered the Managing Security Systems (MSS) field, for the remote management of security systems. Thousands of different kinds of warnings reach an organization each day via various warning systems, and it is important to collate and analyze the data in order to improve the quality of the information coming from the systems." Outsourcing is in Baruch Gindin, CEO of Gartner Israel, says that the information security field has changed its focus from management from within an organization to outsourced management. "One can see that organizations today prefer to buy security services, and not specifically security software," says Gindin. "Instead of buying a separate product each time, they prefer to buy a package of products, and that someone else, an expert, manage the package for them. Even though organizational spending on IT during the recession declined by 10 percent or more, there has been no option but to maintain spending on security." This is the niche in which Symantec Israel has chosen to expand its operations. Symantec has five Security Operations Centers (SOCs), in Britain, Germany and the United States, which receive data from security systems. These enable Symantec to manage the company's information security remotely, to integrate the data arriving from various organizations, and to identify trends in security problems around the world. Symantec obtained the technology for managing information security remotely after acquiring the American Ribtech company in July 2002 for $145 million. Symantec Israel, which sells its products to organizations via business partners such as Ness Technologies, Netvision and Spider, is trying to offer Israeli organizations its remote security systems management. Someone to call "Data is sent to a COS abroad and is processed, but someone has to be available for the Israeli customers here in Israel, in order to handle a security problem when it crops up," says Danon. "Israelis love having someone nearby whom they can call to handle the system all the time, so we are looking for potential candidates to manage this operation in Israel. It will ultimately be worthwhile, because outsourcing of security systems is a natural extension of outsourcing IT in general." In the meantime Symantec is not establishing a development center in Israel, but is planning to continue its sales and business partnership activities with Israeli companies. Danon figures that the information security market in Israel alone is worth $30 million a year. The IDC research company estimates that the market for information security software will more than double by 2006. Despite this great potential for growth, however, the veteran market players must beware. Microsoft has already declared that the information security market is the next field on its agenda, and to prove it acquired anti-virus technology from a Romanian company called GeCAD Software last week. "The information security and anti-virus field has never interested Microsoft," says Arie Scope, CEO of Microsoft Israel, explaining the software giant's latest move, "but since Microsoft has been blamed so often for the infiltration of viruses due to insufficient security, the company realized that it has to tackle the security problem itself." The biggest fear of companies in the information security field is that Microsoft will use its platform to distribute anti-virus software free, as it did in its campaign against Netscape over Internet browsers, and will almost wipe out the market. This fear is not exaggerated. "It is almost certain that Microsoft will distribute its new anti-virus program free," says Scope, "not with the intention of destroying competitors, but to provide better service to customers. If customers want more sophisticated supplementary products, they'll buy them from companies that specialize in information security." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jun 17 2003 - 02:26:43 PDT