Check overhyped and must--have security technologies

With security vulnerabilities increasing, IT managers who do not make the right decisions today face an even greater level of exposure over the next five years, analysts warned last week.

Some security technologies in place today will be outdated and obsolete by 2009 so IT managers need to know which technologies are "must haves".

Gartner security vice president Victor Wheatman said emerging technologies will obliterate previous security architecture and leave an organization open to more security exposures in current and legacy environments.

"In this way, each new wave of technology obliterates the security architecture appropriate to its predecessor, opening the enterprise up to an ever-increasing raft of security risks," Wheatman said.

"Perfect security is impossible, but continual scanning for new vulnerabilities and monitoring for new threats are critical and a much better investment than to passively sit back and wait to detect attacks.

"In security, the best defence is a good offence, and the more offensive you can be, the more secure you will be."

As a result, Gartner has released a cyberthreat hype cycle, a list of six myths and hype that surrounds IT security today. The guide is aimed at helping IT managers stay informed.

Over-hyped technologies include personal digital signatures, quantum key exchange, passive intrusion detection, biometrics, 500-page security policies, and default passwords.

Advanced encryption standard, identity management, vulnerability management, host-based intrusion prevention systems, automated password management and gateway spam and antivirus scanning make up the must-haves.

Gartner estimates that even if only 50 percent of software vulnerabilities were removed before the software goes into production, enterprise configuration management and incident response costs would be reduced by 75 percent each.

Gartner research director Steve Bittinger said bug-riddled software is hard to avoid.

"Microsoft has spent one billion dollars trying to identify software flaws in its existing suite which is big money because it is not easy to re-architect existing systems," he said.