[ISN] Enterprise security is worst ever, experts say

From: InfoSec News (isn@private)
Date: Thu Oct 14 2004 - 01:52:30 PDT


http://www.nwfusion.com/news/2004/1012etreent.html

By Scarlet Pruitt
IDG News Service
10/13/04

Despite the number of IT security products and services cramming the
market, businesses are more exposed than ever to emerging threats,
according to industry experts speaking at the Etre technology
conference in Cannes.

"Enterprises are more exposed than a year ago.The hackers have won!"  
said Eli Barkat, managing director of venture capital firm BRM
Capital, who has been involved in investing in security firms.

Barkat cited a lack of innovation in the security industry as why the
situation has not improved.

Mike Dalton, president of McAfee in Europe, the Middle East, and
Africa, agreed that the security situation is dire, but said that
innovation was not necessarily the roadblock. A major problem is a
lack of integration in security products, he said.

And while all the experts predicted further consolidations among
security companies, that will not necessarily lead to more
comprehensive, integrated products, they said.

"Today the security business is very diverse and very complex," said
Phillip Dunkelberger, president and CEO of encryption company PGP.  
"You have four or five different point solutions and they don't all
work together."

Yanki Margalit, president and CEO of digital rights management
provider Aladdin Knowledge Systems, agreed that enterprises are more
exposed than ever, but did not put the blame squarely on security
company's shoulders.

"This is a long-term fight. There are so many threats," Margalit said.

Part of the remedy would be widely available tools that help
developers check the security of the applications they are building,
commented Barkat, adding that he hopes Microsoft takes a leading role.

On the subject of the software giant, the experts were divided on the
work the company is presently doing on the security front.

"Microsoft is clearly not doing a good job at security. Most people in
this room who work in security have their jobs because of Microsoft,"  
Dalton said.

Margalit disagreed. "Microsoft is getting its act together. They did a
horrible, terrible job (in the past) but now they are serious. I
believe that they will be a very strong security player and force the
rest of the industry to be niche players," Margalit said.

While the speakers gave no clear direction on the path the industry
needs to take to truly alleviate companies' security woes, they did
have some words of advice. Invest in integrated security products and
avoid security appliances whose architecture changes after a few
years, Barkat said.

Forget about white lists, which normally refers to a list of e-mail
address from which you agree to get mail, thinking they are safe. You
will fail if you try to define everything you can do, Margalit said.

"We need to get out of the defense mode and allow companies to go on
the offensive," Dunkelberger said.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Thu Oct 14 2004 - 04:16:12 PDT