Next Year's Hot Security Tools

Today's pain points are tomorrow's vendor opportunities

December 09, 2002 — CSO — If you want to predict the most important information security tools for CSOs in the coming year, just look at the problems that CIOs are trying to resolve today. Whereas today's security tools are intrusive, clunky and require significant commitment from both staff and users alike, tomorrow's tools will increasingly be automatic and even autonomous. Whereas today's tools are focused on delivering technical capabilities, tomorrow's tools will be focused on delivering concrete results. Finally, as CIOs and executive management focus on what ails them, more and more classic IT problems are going to be rephrased, right or wrong, as security problems.

That's sure to open the door to new solutions. Unfortunately, it will also open the door to new disappointments, as immature tools are frequently not a good match for the problems they seek to solve. So along with next year's likely winners, I've noted some widely hyped technology areas where available tools still earn a "needs improvement" grade. (Fair disclosure: Everybody gets a fair shake in this article, but I've been active in the security industry long enough to accumulate a number of potential conflicts in writing about some of these technologies. Those who want the gory details can see my bio at the end of the story.)

E-Mail Fixes

Without question, two of the most immediate pain points in corporate computing are e-mail-borne viruses and spam. One company I know recently had multiple computers infected by a virus after a sales manager disabled his antivirus software. He turned off the software because it interfered with another program that the manager needed to run. Next year, rather than leave their security in the hands of end users, more and more companies will institute antivirus scanning in their mail servers, their firewalls and even their routers. In the meantime, companies are looking for technology that automatically installs and updates antivirus software without needing any assistance from the PC user.

As for spam, so long as legislators twiddle their thumbs (and probably even if they stop), the amount of unsolicited e-mail circulating through the Internet will only increase. Already a serious problem for Internet service providers—more than 80 percent of the e-mail received by Hotmail is spam—spam is a growing issue for businesses as well. Companies will increasingly see spam as a security problem and move to widely deploy antispam tools.

The best technologies will combine antispam with antivirus, as Brightmail already does. Until then, spam-only solutions like ChoiceMail, SpamAssassin, Spamnix and SpamSubtract are sure to be quite popular. And while antispam services like SpamCop may remain popular with end users, I believe that businesses will shy away from those services, since they require that each e-mail message be sent offsite for antispam processinga move that potentially threatens business and client confidentiality.