RealTime IT News

How to Fight the Onslaught of Security Threats

NEW YORK -- With a constantly evolving threat landscape attacking IT infrastructures, the impulse for many enterprises is just to throw more technology at the problem.

According to Forrester Research Analyst Paul Stamp, that may not necessarily be the right approach.

Speaking on a panel at the Interop conference, Stamp said IT needs to address risks from the top down, first identifying the top five scenarios of how someone could "mess you up." Only after that can IT security techniques be employed.

There is a lot of noise in the security space about new technologies, he said, and we're in a period of digestion where enterprises are trying to make sense of what's out there already.

Enterprises are headed toward more mobility and collaboration technologies, he continued, and they will deploy them first before considering how to secure them. They'll also take a look at virtuatlization first.

Shane Coursen, a virus researcher at Kaspersky Labs, told the audience that he noticed a lot of malware doesn't work well on VMware, if at all.

"I don't know if VMware malware will take off," Coursen said. "We need to look at it from the point of view of the advantages of virtualization, and figure out how the bad guys will twist advantages to their advantage."

Stamp said there's an even bigger issue to deal with in terms of virtualization security. Simply focusing on the vulnerabilities associated with the underlying platform on which a virtual machine exists isn't the whole problem. Enterprises have to manage the way a virtual machine gets configured and reconfigured over time.

Speaking of dealing with security in a holistic way, an emerging trend in IT security has been all-in-one security tools that combine anti-spam, antivirus and system health capabilities, for example. It's a trend that, according to the Interop security panel, isn't necessarily in the best interest of users.

"When you rely on one application to cover every type of security issue, it's generally not a good idea," Coursen said. "If one vulnerability is discovered in the product, you're in trouble. I'm a big proponent of multiple tools from multiple vendors."

Relying solely on one type of approach, whether it's signature files or whitelist approach, isn't the right idea, either. Gary Leibowitz, general manger of Panda Security, said that the signature-based approach doesn't work because it can't keep up with emerging threats. That said, signature files have their place.

"It's like thieves in the city; if you have a list, then why not use it," Leibowitz said. "It's a good approach, but what we're afraid of is the quantities and tactics means we need better mechanisms to identify threats and rapidly deploy updates."

The whitelist approach means that nothing will run unless it's explicitly allowed. Leibowitz argued that whitelists are a business disabler.

For Forrester Research Analyst Stamp, a discussion on the technology tools needed to protect IT is not the level that needs the enterprise's attention.

"I've seen people spend money on tools and yet do not have a configuration management function in place," Stamp said. "The change is in the way we use information, we need to put in place tools to protect information as it moves in ways it hasn't before."

Unfortunately, he doesn't expect any dramatic change in the threat landscape moving forward.

"We're talking about staying one step ahead of the bad guy here when, in reality, we're actually one step behind the business. In order for us to start attacking data security more closely, we have to get better visibility into what the business does with data."