Analysts weigh in on security, content

With 2003 around the corner, consider these New Year’s resolutions: Better secure your networks, more efficiently manage your company’s content, and rethink how to exploit the Internet.

NEWTON, MASS. – With 2003 around the corner, consider these New Year’s resolutions: Better secure your networks, more efficiently manage your company’s content, and rethink how to exploit the Internet.

That’s the advice of industry experts who spoke last week on a panel sponsored by the Association for Information and Image Management (AIIM).

Companies could use more sophisticated security tools, including better management software, said Dan Keldsen, senior analyst and IS director for Delphi Group. But to take advantage of such tools, companies first need to make security more of a businesswide effort.

“Security is not one person’s or one department’s responsibility. It needs to be more effectively addressed across the board in enterprise companies,” he said. “Hackers share more information about how to break into networks than enterprises do about how to protect against hackers.”

Keldsen predicted correlation, playback and host-based intrusion-prevention products will flourish next year.

Products that correlate data from multiple security devices already have started to roll out from companies such as Network Intelligence and SilentRunner. But Keldsen said he expects offerings with more intelligence to roll out – and be adopted – in the months ahead.

Playback products – tools that replay events and show a map of the network when a security problem was detected – will help security specialists discover holes and other attacks when taking a second look at the network. And a new breed of honeypot or honeynet products will emerge, Keldsen predicted. He said these will work to trap hackers before they do damage, letting security managers move from a reactive to proactive mode. Symantec (through its recent acquisition of Recourse Technologies) is among the players in this market.

Keldsen encouraged network executives to learn more about host-based intrusion-prevention products, too. Unlike traditional intrusion-detection offerings, which mainly identify attacks, the newer products also can be instructed to block them.

Another technology to watch is content management, said Geoffrey Bock, senior vice president at Patricia Seybold Group. He said the tools currently in place for content management can handle content within individual repositories but not across them. Bock said all content should be seen as shared data by management systems. But he said Web content management, electronic document management, digital asset management and enterprise content management still exist in stovepipes.

Bock explained that today’s content-searching systems look for key words, but tomorrow’s technology should be able to support thematic trends in content. Companies should prepare for this change by putting people in charge of making sure that their content – actually, their intellectual property – stands out, he said. This could involve, for example, the use of XML metatags within content or the positioning of content for multiple uses.

“Search and discovery engines today work so well, they’re useless,” Bock said, referring to the fact that search tools are good at finding lots of information although not necessarily at pinpointing the most appropriate information.

Eric Brown, research director at Forrester Research, focused his comments on the need for companies to exploit the coming executable Internet, or X Internet, as Forrester has called it for the past two years.

“The Web is just one application that runs on the Internet,” he said. “The X Internet will interconnect billions of smart devices in companies, homes, cars and more to execute two-way conversations and actions.”

He said the X Internet will offer advantages over the Web in that it represents a lot of “cheap, powerful and low real-estate processing,” it leverages bandwidth, and it can act in a peer-to-peer fashion – unlike the server-centric Web.

Brown went on to explain how electronic chips, or basically miniature computers, can be installed today on packages to be tracked by shipping firms such as UPS and FedEx. And how large trucking companies can manage fleets of trucks by using chart cards, Global Positioning Systems and the Internet. He spoke of medical monitors that feed data about heart rates directly to doctors via an Internet document.