AOH :: IS1536.HTM

Re: Looking ahead at security trends for 2009

Re: Looking ahead at security trends for 2009
Re: Looking ahead at security trends for 2009

Forwarded from: security curmudgeon 

I don't know about you, but we've had years of these IT or Security 
trends/prediction mails now, and they are getting old and more 
irrelevant. It's hard to take any of these seriously if they don't 
reference a previous years predictions and how they turned out.

: Looking ahead at security trends for 2009
: Posted by Jon Oltsik
: In spite of the global economic recession, information security will 
: continue to be a dominant IT priority in 2009. Why? There are simply 
: too many threats and vulnerabilities creating a perpetual increase in 
: IT risk.

"Continue" to be a dominant IT priority? So all of the articles i've 
seen for years about security making up 5% of an IT budget counts as 

: 1. The evolving definition of endpoint security: Some analysts have 
: declared that, antivirus software is dead. I disagree and submit 
: that endpoint security is simply evolving as a function of the 
: changing threat landscape. This is the primary reason why Sophos (a 
: legacy antivirus company) bought Utimaco (a data security company) 
: in 2008.  Look for traditional antivirus, anti-spyware, and 
: firewall software to merge with endpoint operations, data loss 
: prevention, and full-disk encryption in 2009.

1. Anti-virus is a completely catch-up market that lives off 
   subscription fees more than new sales. As such, signatures 
   (responsive) are priority, not heuristics (proactive) development.

2. We've heard about this full-disk encryption crap since 1995 and the 
   PGP bandwagon was just getting moving. Solid encryption has been 
   around for a long time. Software has been around for a long time. 
   Yet, we haven't seen this become a reality. Why not, and why will 
   that change this year.

: 2. More emphasis on cybersecurity: This year began with the
: establishment of the Comprehensive National Cybersecurity Initiative
: (CNCI), an effort to strengthen government networks. While well-
: intended, CNCI has received minimal funding and support. In December, a
: Center for Strategic and International Studies report, further described
: the sorry state of cybersecurity and called for drastic improvements.
: Look for President-elect Barack Obama to get behind this effort in a big
: way with funding, a real public/private partnership, and cooperative
: intelligence and law enforcement with a growing list of foreign nations.

A lot of big pretty words that make up the same prediction we see every 
year, while .gov security continues to be dismal at best. Some new 
acronym initiative isn't enough to make it a reality. We've had our 
share of these groups/bodies/standards, we haven't had our share of .gov 

: 4. Security in the cloud: While "cloud" has turned into a vague industry
: security blanket term, I do believe that 2009 will be a strong year for
: managed security services. Many organizations simply don't have the
: capital budget dollars or security skills to take on the increasingly
: sophisticated bad guys themselves--good news for IBM and Symantec.
: Additionally, companies like Blue Coat, Cisco, and Trend Micro will
: supplement on-site security equipment with scalable reputation and
: update services in the cloud.

Wait, you said that security will be a dominant priorit, and now you say 
organizations simply don't have the budget or skill. Pick one.

I like your term "Scalable reputation", as it's something I have been 
using for a long time. As vulnerabilities in products from IBM, Symantec 
and Cisco are released, my perception of their reputation drops.

: 5. Virtualization security: As server and desktop virtualization
: continues to proliferate, we will need better security tools for things
: like role-based access control, virtual server identity management,
: virtual network security, and reporting/auditing. Citrix, Microsoft, and
: VMware will lead this effort with partnering support from others like
: IBM (Project Phantom), McAfee, and Q1 Labs.

Plug all of those names in your favorite vulnerability database, then 
ask why you think they will lead anything in the realm of security.

Please help with a donation! 

Site design & layout copyright © 1986-2014 CodeGods