NEW YORK — With a constantly evolving threat landscape attacking IT
infrastructures, the impulse for many enterprises is just to throw more
technology at the problem.
According to Forrester Research Analyst Paul Stamp, that may not necessarily
be the right approach.
Speaking on a panel at the Interop conference, Stamp said IT needs to address risks from the top down, first identifying the top five scenarios of how someone could “mess you up.” Only after that can IT security techniques be employed.
There is a lot of noise in the security space about new
technologies, he said, and we’re in a period of digestion where enterprises are trying to make sense of what’s out there already.
Enterprises are headed toward more mobility and collaboration technologies, he continued, and they will deploy them first before considering how to secure them. They’ll also take a look at virtuatlization first.
Shane Coursen, a virus researcher at Kaspersky Labs, told the audience that he noticed a lot of malware doesn’t work well on VMware, if at all.
“I don’t know if VMware malware will take off,” Coursen said. “We need to
look at it from the point of view of the advantages of virtualization, and
figure out how the bad guys will twist advantages to their advantage.”
Stamp said there’s an even bigger issue to deal with in terms of
virtualization security. Simply focusing on the vulnerabilities associated with the underlying platform on which a virtual machine exists isn’t the whole problem. Enterprises have to manage the way a virtual machine gets configured and reconfigured over time.
Speaking of dealing with security in a holistic way, an emerging trend in IT
security has been all-in-one security tools that combine anti-spam, antivirus and system health capabilities, for example. It’s a trend that, according to the Interop security panel, isn’t necessarily in the best interest of users.
“When you rely on one application to cover every type of security issue, it’s
generally not a good idea,” Coursen said. “If one vulnerability is
discovered in the product, you’re in trouble. I’m a big proponent of multiple
tools from multiple vendors.”
Relying solely on one type of approach, whether it’s signature files
or whitelist approach, isn’t the right idea, either. Gary Leibowitz, general
manger of Panda Security, said that the signature-based approach doesn’t work
because it can’t keep up with emerging threats. That said, signature files have their place.
“It’s like thieves in the city; if you have a list, then why not use it,”
Leibowitz said. “It’s a good approach, but what we’re afraid of is the
quantities and tactics means we need better mechanisms to identify threats
and rapidly deploy updates.”
The whitelist approach means that nothing will run unless it’s explicitly
allowed. Leibowitz argued that whitelists are a business disabler.
For Forrester Research Analyst Stamp, a discussion on the technology tools
needed to protect IT is not the level that needs the enterprise’s attention.
“I’ve seen people spend money on tools and yet do not have a configuration
management function in place,” Stamp said. “The change is in the way we use information, we need to put in place tools to protect information as it moves in ways it hasn’t before.”
Unfortunately, he doesn’t expect any dramatic change in the threat landscape moving forward.
“We’re talking about staying one step ahead of the bad guy here when, in
reality, we’re actually one step behind the business. In order for us to
start attacking data security more closely, we have to get better visibility
into what the business does with data.”