Forwarded from: security curmudgeon <jericho (at) attrition.org> I don't know about you, but we've had years of these IT or Security trends/prediction mails now, and they are getting old and more irrelevant. It's hard to take any of these seriously if they don't reference a previous years predictions and how they turned out. : Looking ahead at security trends for 2009 : Posted by Jon Oltsik : : http://news.cnet.com/8301-1009_3-10128133-83.html?part=rss&subj=news&tag=2547-1_3-0-20 : : In spite of the global economic recession, information security will : continue to be a dominant IT priority in 2009. Why? There are simply : too many threats and vulnerabilities creating a perpetual increase in : IT risk. "Continue" to be a dominant IT priority? So all of the articles i've seen for years about security making up 5% of an IT budget counts as 'dominant'? : 1. The evolving definition of endpoint security: Some analysts have : declared that, antivirus software is dead. I disagree and submit : that endpoint security is simply evolving as a function of the : changing threat landscape. This is the primary reason why Sophos (a : legacy antivirus company) bought Utimaco (a data security company) : in 2008. Look for traditional antivirus, anti-spyware, and : firewall software to merge with endpoint operations, data loss : prevention, and full-disk encryption in 2009. 1. Anti-virus is a completely catch-up market that lives off subscription fees more than new sales. As such, signatures (responsive) are priority, not heuristics (proactive) development. 2. We've heard about this full-disk encryption crap since 1995 and the PGP bandwagon was just getting moving. Solid encryption has been around for a long time. Software has been around for a long time. Yet, we haven't seen this become a reality. Why not, and why will that change this year. : 2. More emphasis on cybersecurity: This year began with the : establishment of the Comprehensive National Cybersecurity Initiative : (CNCI), an effort to strengthen government networks. While well- : intended, CNCI has received minimal funding and support. In December, a : Center for Strategic and International Studies report, further described : the sorry state of cybersecurity and called for drastic improvements. : Look for President-elect Barack Obama to get behind this effort in a big : way with funding, a real public/private partnership, and cooperative : intelligence and law enforcement with a growing list of foreign nations. A lot of big pretty words that make up the same prediction we see every year, while .gov security continues to be dismal at best. Some new acronym initiative isn't enough to make it a reality. We've had our share of these groups/bodies/standards, we haven't had our share of .gov security. : 4. Security in the cloud: While "cloud" has turned into a vague industry : security blanket term, I do believe that 2009 will be a strong year for : managed security services. Many organizations simply don't have the : capital budget dollars or security skills to take on the increasingly : sophisticated bad guys themselves--good news for IBM and Symantec. : Additionally, companies like Blue Coat, Cisco, and Trend Micro will : supplement on-site security equipment with scalable reputation and : update services in the cloud. Wait, you said that security will be a dominant priorit, and now you say organizations simply don't have the budget or skill. Pick one. I like your term "Scalable reputation", as it's something I have been using for a long time. As vulnerabilities in products from IBM, Symantec and Cisco are released, my perception of their reputation drops. : 5. Virtualization security: As server and desktop virtualization : continues to proliferate, we will need better security tools for things : like role-based access control, virtual server identity management, : virtual network security, and reporting/auditing. Citrix, Microsoft, and : VMware will lead this effort with partnering support from others like : IBM (Project Phantom), McAfee, and Q1 Labs. Plug all of those names in your favorite vulnerability database, then ask why you think they will lead anything in the realm of security. _______________________________________________ Please help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Wed Dec 31 2008 - 01:02:22 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 31 2008 - 01:13:44 PST