Security regroups and rebuilds
Perhaps it was the flood of viruses and worms distributed via spam techniques that kept catching everyone off guard.
Perhaps it was the abysmal budgets that kept development money out of the industry. Whatever the cause or combination of causes, this wasn’t a big year for security innovation or new technologies.
Last year’s status as the Year of the Worm pointed out just how little progress has been made in security technology. Although the patches necessary to defeat the worms were available long before they appeared, the attacks were successful because the technology to apply those patches on an enterprise-wide basis was lacking or limited.
For the most part, security product improvements during 2003 were incremental and evolutionary. Firewalls became more effective and faster, protecting against a greater range of attacks. Virus scanners became better at finding malicious code. Some intrusion detection and prevention products approached usefulness, and management consoles and utilities were easier to use. New security appliances demonstrated that you can sell nearly anything if you can stuff it into a 1U Linux box.
But there were a few innovations. SSL-based VPN gateways arrived as a simpler alternative to traditionally complex gateways. Although it’s not clear whether they dramatically improve security over long-standing IPSec solutions, the SSL VPNs do have the potential for better performance.
Perhaps more important are the new vulnerability assessment and remediation products that started to show up in useful form in 2003. Companies such as Qualys, Foundstone, and eEye Digital Security produced software and appliances that could scan every entity on your enterprise network, determine its vulnerability based on OS, application, patch level, security policy, and other factors, then alert the network manager to problems. Even better, these products can also fix many of the vulnerabilities they find, or at least provide instructions for remediating the problems.
Those vulnerability products can go a long way toward solving the rampant problems caused by staffing and budget shortfalls, and they can make even well-staffed and well-trained departments more effective. After all, automating those mind-numbing monitoring tasks allows your staff to tackle more interesting and productive projects.
What didn’t arrive in 2003 year but was badly needed was a means to easily and effectively apply updates to Windows and, to a lesser degree, Linux systems. The enterprise versions of Microsoft’s Windows Update are cumbersome, and unless most or all of the Windows machines in an enterprise are identical, the solutions are time-consuming.
What may start showing up commercially in 2004 (but was needed much sooner) is a means to proactively identify malicious code. The major virus scanners and OS update sites are all reactive, so worms are loose for hours before the updates appear; in the meantime, your enterprise is wide open to attack. It’s a tough nut, but it needs cracking as soon as possible.
Story by Wayne Rash