Next Year's Hot Security Tools

Today's pain points are tomorrow's vendor opportunities

Astute readers are sure to realize that the confidentiality problems inherent in sending e-mail to another company are also present when you use another company's products on your confidential data behind your firewall. Antispam programs that filter your e-mail necessarily have access to your mail and your e-mail passwords. What guarantee do you have that these programs are not surreptitiously copying this information and sending it somewhere else? The answer is that there are no guarantees unless the source code of the programs is professionally evaluated—and that is one of the reasons behind the perennial push for evaluated software, the Common Criteria and trustworthy operating systems. Expect to see an increased attention to that kind of formal evaluation applied across many different categories of security tools.

Sleuthware

Forensics is likely to be a huge growth area during the coming year. Today, disk forensic programs are popularly used by law enforcement to discover what was on a suspect's hard drive, as well as by attorneys involved in litigation and discovery to search for documents that the other side might possibly be hiding. I expect that as the understanding of these tools grows, many businesses will use them for investigating the computers of problem employeesboth before and after termination.

Today, disk forensic tools are divided into high-end programs like Encase, low-end tools like Norton Utilities and free software like @Stake's Task. What's needed are more midrange tools built around specific problems that people want to solve, rather than specific capabilities that programmers have been able to develop. We need tools that can run off a bootable CD-ROM so that they can be used without disturbing the host operating system but still have full access to the Internet so that recovered documents can easily be copied to another machine without resorting to sneakernet or CDRs. What's more, these tools need to be usable with little or no training.

Unfortunately, forensic tools also make great tools for burglars. If one of your employees stayed late in the office and spent the night copying files from people's computers to some website in Argentina, would you ever find out? For most businesses, the answer is no. That's because most businesses simply do not monitor what information is passing over their Internet connection. That leads us to the next hot area for 2003: network forensics analysis tools (NFAT). Right now, several such tools exist on the market, including NetDetector, NetIntercept, NetWitness, NFR, SilentRunner and the open-source program Ethereal. All of these products will capture every packet that moves across your Internet connection and then allow you to reassemble TCP/IP connections so that you can really understand what's going on.