Under Attack - InformationWeek
Software // Enterprise Applications
11:25 AM
[Cybersecurity] New Methods for Managing the Skills Shortage
Jun 06, 2017
In this webinar, security experts discuss methods for doing better security with fewer people, inc ...Read More>>

Under Attack

Businesses are suffering more downtime as the threat from viruses and worms continues to grow

The Profiler application helps Advo better understand how the network is being used and lets McMurray tighten security policies. "The more detailed analysis gives us a better understanding of what our threats really are. Have we seen this before? How big is the problem? And it helps us watch for those problems from then on," he says.

Fewer than a third of companies worldwide, the survey shows, use security event-management applications. But those apps can pay off. Companies with sophisticated security programs that use those tools to correlate and monitor security-related activity occurring throughout their networks and systems are reaping the rewards.

Union Bank of California installed security-management software from ArcSight Inc. about 18 months ago to help correlate threats across its many applications and security devices. "We chose this path so we could remain vendor neutral. ArcSight has the ability to adapt and be nimble," says Bob Justus, senior VP of corporate information security and IS/IT contingency. The bank uses ArcSight to monitor events from many network devices, business applications, and security software, including routers, firewalls, and application event logs. "This allows us to show the value of the security program in a comprehensive way," he says.

ChartLaw firm Sonnenschein Nath & Rosenthal also uses a security-event manager, OpenService Inc.'s Security Threat Manager. It monitors the firm's security apps, such as firewalls and intrusion-detection systems, and it also uses data from vulnerability-management and antivirus applications. That helps the firm focus on what's important and determine whether "someone is beating on our door," says security manager Hansen. "I don't want to be alerted about a bunch of garbage."

Nearly a third of survey respondents say they're deploying technology to spot anomalous behavior on their networks and lock down their applications. And more are experimenting with new intrusion-prevention systems.

They're also putting more pressure on software vendors by adding new requirements to contracts. "More people are requiring vendors to put in their contracts that the vendor is being diligent when developing security apps," says Michael Overly, a technology attorney with law firm Foley & Lardner. Such clauses require software vendors to promise that their products have undergone testing and a quality-assurance process. They also require that a software maker comply with best practices regarding security.

Around a third of all survey respondents say software vendors should be held legally and financially liable for software flaws. However, in the United States, 47% say vendors shouldn't be held legally or financially responsible if they can prove they have secure development practices in place. The bulk of worldwide respondents (68%) say they're "somewhat satisfied" with the security efforts of software makers, while 17% are extremely satisfied and 15% extremely dissatisfied.

Most security professionals say it will take time before applications are more secure. "You don't recover from years of code deployment that really didn't have the scrutiny from a security perspective," says Union Bank's Justus. "It's going to take a long time to catch up."

3 of 5
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll