Necessary But Not Sufficient
That's how Editor in Chief Derek Slater describes most information security tools these days.
By Derek Slater
December 21, 2007 — CSO —
That’s how I find myself describing most information security tools these days: necessary and insufficient.
Take firewalls, for example. You can’t really not have them. Still, having them doesn’t necessarily make you secure. Antivirus? Gotta have it. Antispyware? Ditto. Intrusion detection, intrusion prevention and spam filters? Check, check and check. All of it needed and none of it sufficient to fully defend against insider threats, or stealth Trojans, or holes in your Web applications, or insecure business partners.
What’s more, the baseline set of defenses, the Necessaries, keeps growing.
Even within one product category, the features and functionality have to keep pace with a growing and intelligently morphing roster of threats. Look at antivirus, for years the most basic, boring security product category. For years it was a cat-and-mouse game of attack-and-defend. But now VXers are creating multiple variants of their worm before the first one goes into the wild; then they can just sit and check against their own copies of commercial AV packages, and the minute the AV companies identify and block the signature of that first variant, the second variant launches. With the number of virus signatures increasing exponentially, it’s become pretty easy to imagine that soon purely signature-based detection, while still annoyingly necessary, will become too cumbersome. What will AV vendors do? Heuristics. Behavior-based detection. I recently met with both Panda Security and BitDefender; these historically tier-two vendors are pushing hard on the tech front of this move to develop new behavioral detection and blocking techniques. (Same with Sophos and likely the other AV vendors as well.) E-mail is undergoing the same transformation, as content analysis is augmented variously by whitelisting, blacklisting, and examination of sender behavior and reputation.
But even as these basic product categories grow and change, the list of additional necessary technologies keeps growing—a nice way of saying, “Get out your wallet.” And who can afford a baseline defensive portfolio that includes hundreds of products? That’s why it’s ultimately imperative for Microsoft, Apple and Mozilla to keep building more and more security functionality into their OS and browser products. Even if that means some smaller vendors see their product categories disappear. The only way for information security to remain remotely affordable is for many of the core features to be rolled into the basic computing platform.
Hopefully, when we roll all these necessary advances together, it’ll be sufficient.
But I won’t hold my breath.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.
Other stories by Derek Slater
Understanding malware techniques and the ever-more sophisticated cybercrime ecosystem
Advanced evasion techniques emerge
Organized cybercrime revealed
Inside the global hacker service economy
Anatomy of a DDoS extortion attack
The rise of anti-forensics
The botnet hunters
Timeline: a decade of malware
- FireEye Advanced Threat Protection KnowledgeVault
- Solving Cloud Complexity with Service Brokers with Cloud Security Alliance & NIST
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Is the title 'security evangelist' really that bad?
I've been watching the recent discussion over the idea of security evangelists with interest, but held off on weighing in because I didn't want to come off as a bandwagon chaser. Now that the dust has settled a bit, it's time for me to opine. Let's review first. - Teenage hackers could be our last, best hope
- Busted: When security tools fail
More Salted Hash with Bill Brenner
