Your take: Making the virtual marketplace safe

Give a man a fish and he will eat for a day. Teach him how to fish, and he will sit in a boat and drink beer all day.

George Carlin

Dear Vorticians,

A relatively quick missive this week as I get ready to race to the airport in Montreal. I’m leading my second roundtable with top technology buyers and, as discussed in last week’s edition, the key theme they sounded was security. Actually, the critical issues on their minds are security, mobility and compliance. Of the three, only mobility has an upside. But even the optimism about the potential business gains from mobility is negated by grave concern over the impact of mobility on security and privacy.

I want to share some thoughts from your fellow Vorticians on the security challenges I outlined last week. Of course, I welcome your continued thoughts on this and other topics at jgallant@vortex.net.

Vortician Jeff Hartley wrote: “Thanks much for the insight into industry FUD. (That’s fear, uncertainty and doubt.)  I must say I’m rather disappointed in their bleak outlook and shaky shoes.

“Indeed, explicitly advertising security techniques can create a virtual ‘attack me’ map for the malcontents, but as providers of the world’s best economy-enabler (the Internet), we’re obligated to announce that we can indeed make this virtual marketplace safe enough for daily business operations. Fear, uncertainty, and doubt (FUD) from technology leaders will drive the dollars away like ocean-fearing rats on a sinking vessel.

“One of my ongoing goals is to provide our ‘Net security peers (particularly in the broadband space) with the techniques that they need to deal with these threats in an open, interoperable fashion. I’ve already had great success within the IP cable space by evangelizing anti-spam, DDoS (distributed denial-of-service) detection, abuse tracking and threat sharing techniques, not only from a technology standpoint but also soft-side topics such as customer education and marketing integration. Via efforts such as Microsoft’s GIAIS consortium, I hope that these efforts will echo to our international peers as well.”

Vortician Tom Arthur of Arbor Networks added: “John, similar to classical engineering tradeoffs between time, cost, quality or features – ‘simple, common, global’ and secure are obviously desired. 

“Today’s networks are common and global but not simple or secure.  The complexity of today’s common, global IP networks, combined with the dynamics of everyday business, is inherently a challenge for making networks secure.  As the network perimeter continues to crumble due to new vulnerabilities – worms, wireless networking, VPNs and insider threats – the need to understand exactly how the business uses the internal network becomes necessary. Management or security systems that are element-centric or focused on detailed packet analysis on a particular link do not have context.

“Through real-time awareness of all network traffic in the context of your normal operating business; not only can ‘early warning systems’ be implemented but proactive internal network hardening and preemptive active defenses are being deployed today.”

Vortician Scott Olson of Whole Security also chimed in, saying that new, proactive security technologies – like those developed by his company – are needed to deal with constantly morphing security threats.

“I read your item in VORTEX Digest regarding the issue of IT security and the importance of early warning systems.  I couldn’t agree more: Proactive measures are the only way to effectively guard against the “unknown unknown.” To answer your question, things will get worse before they get better, because vendors need to change their approach to security threats. All of the recent attacks have demonstrated that signature-based solutions do little to stop the spread of new threats. Many organizations fall victim to new or modified attacks because they continue to rely on protection from signature-based anti-virus solutions. During widespread attacks, companies cannot afford to wait until a new signature is issued for the latest worm code. In just a few hours, the worm could be spreading rapidly via unmanaged systems and employee endpoints, spurring massive downtime and ultimately, significant damage control costs. 

“(Proactive) solutions take an on-demand, behavioral-based approach and provide zero-hour protection against backdoor threats on employee and consumer PCs.  Unlike signature-based technologies, (proactive solutions) do not require PC owners to depend on software patches and other reactive solutions to detect, quarantine and destroy malicious code on their computers. The solutions can detect new and altered types of code instantly (as opposed to waiting for a patch), so the issue of lag time is eliminated altogether.”

That’s it for now. I’ll share more thoughts on this next week and I look forward to hearing from you at jgallant@vortex.net.

Bye.

VORTEX Update: Speaking of security, I’m happy to report that Verisign CEO Stratton Sclavos has joined the speaker roster for VORTEX 2004 and he’ll be talking about the company’s plans for the managed security market, among other things. To find out more about VORTEX 2004 and to register (most importantly!) go to www.vortex.net.