If there is one single word that is uppermost in the minds of IT managers today, it is security. The proliferation of viruses, spam and spyware have caused headaches aplenty. In addition, the ability to connect various company locations via a virtual private network (VPN) over the Internet also means that data needs to be sent securely. Firewalls, Intrusion Detection, Encryption have all become part of the technology vocabulary. If anything, the emphasis on security will continue to increase in times to come. The recent purchase of Brightmail, an anti-spam services provider, by Symantec for $370 million highlights the growing focus by vendors to provide integrated solutions in this space.
Business Week provides an overview: Software and services that deliver early warnings of trouble on the Net are the latest big advance for the $27 billion computer security industry. Unlike traditional antivirus or intrusion-detection software that builds walls around corporate networks, early-warning systems scan the Web for new viruses and alert companies to the danger. Instead of waiting for the virus to hit, they dispatch instructions on how to close network holes, patch faulty software programs, or, like IronMail, automatically erect defenses against new outbreaks. While early warnings can’t yet make corporate networks impervious to attacks, computer security experts predict they could eliminate as much as 50% of the damage from viruses over the next three years — when used in conjunction with traditional defenses.
Symantec’s John Thompson elaborates in an interview with Business Week:
What’s driving the desire by chief information officers around the world to invest in security is the change in the threat environment. Our Internet Security Threat report clearly identified three important trends: the rate of propagation in virus and worm activity is accelerating, the new number of [computer] vulnerabilities is also accelerating, and there’s a desire on the part of the malicious attackers to perpetuate this stuff more frequently then ever before. That’s driving not just large companies, but midsize firms and individuals to want to protect themselves from this newfound activity.
What has changed is the relative proportion of [IT] budgets that companies are contemplating to allocate to security. Not too many years ago, it wasn’t unheard of for a company to allocate less than 2% of their IT spending to security. Today, that’s starting to creep up to the 4% to 5% range. And some of the enterprises that are more digitally oriented — financial services, insurance companies, and health care — are starting to push up into the 10% to 12% range. That’s an important trend for not just our business, but the [computer-security] industry in general.
A glimpse of the future comes from Ciscos recent release of products which takes steps towards a self-defending network. A News.com report wrote:
The release is the first phase Network Admission Control (NAC), a collaboration program between Cisco and antivirus companies. Through this program, Cisco has developed technology with three antivirus specialists–Network Associates, Symantec and Trend Micro–that will let Cisco’s networking products communicate with antivirus products. Devices running NAC technology will allow network access only to compliant and trusted endpoint devices, like PCs and PDAs (personal digital assistants). NAC can also restrict access of noncompliant equipment. This decision can be based on information about the endpoint device, such as its current antivirus state and operating-system patch level Extending security to these network elements helps Cisco fulfill its vision of protecting the entire network. Eventually, all Cisco routers and switches will be checking end devices connected to them for worms and viruses. And a remote user will not be able to connect to the corporate network unless his or her device is free of viruses and worms.
Next Week: Tech Trends (continued)
TECH TALK Tech Trends+T