What Are the Most Overrated Security Technologies?
Which security technologies are IT shops putting too much faith in? Some readers weigh in.
By Bill Brenner , Senior Editor
March 10, 2010 — CSO —
The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with?
CSOonline.com recently conducted an unscientific survey on the matter, asking those questions to a variety of security forums on LinkedIn and following it up with e-mails and phone conversations. What follows are four technologies several cited as overrated in today's security fight.
We'll follow up next week with security technologies many believe are underrated. It's safe to predict that some of the technologies on this list will also appear there.
This one isn't a total surprise. Security experts for years have been complaining that antivirus has grown obsolete because the security vendors can't keep up with all the AV definition changes required to thwart every new piece of malware. In fact, some of the more advanced security practitioners of the world are ditching it altogether. In a previous story on the subject, David Litchfield, a leading database security expert who has authored such books as "Oracle Forensics," "The Oracle Hacker's Handbook" and "The Database Hacker's Handbook," summed up why he's lost faith in AV:
"As an experienced security guy, I have no faith in most of the AV packages out there because they're completely reactive, offer little advance protection, massively increase the attack surface and have a long history of vulnerable ActiveX controls," he said at the time. "I've never used AV software and I've never once been infected with a virus."
Most organizations are still advised to have AV software in place. But security experts generally agree IT shops need a variety of other security tools to go with it. In other words, companies need defense in depth.
"Any reactive security technology keeps failing more and more each year. AV does not work, [a fact] proven by a detection rate that degrades each year," said Ari Takanen, founder and CTO of Codenomicon in Finland. "All technologies that look for attacks can be worked around by building a tailored attack that will not be detected. Even if you take a five-year-old attack you probably see that it passes through undetected today. You just cannot keep building more and more walls around bad-quality technology."
Firewalls have faced equal scrutiny in recent years for similar reasons. But the biggest problem cited in our most recent poll is that the increasingly disappearing perimeter has rendered the technology obsolete.