Software // Enterprise Applications
News
7/2/2004
11:25 AM
Connect Directly
RSS
E-Mail
50%
50%

Under Attack

Businesses are suffering more downtime as the threat from viruses and worms continues to grow

The Profiler application helps Advo better understand how the network is being used and lets McMurray tighten security policies. "The more detailed analysis gives us a better understanding of what our threats really are. Have we seen this before? How big is the problem? And it helps us watch for those problems from then on," he says.

Fewer than a third of companies worldwide, the survey shows, use security event-management applications. But those apps can pay off. Companies with sophisticated security programs that use those tools to correlate and monitor security-related activity occurring throughout their networks and systems are reaping the rewards.

Union Bank of California installed security-management software from ArcSight Inc. about 18 months ago to help correlate threats across its many applications and security devices. "We chose this path so we could remain vendor neutral. ArcSight has the ability to adapt and be nimble," says Bob Justus, senior VP of corporate information security and IS/IT contingency. The bank uses ArcSight to monitor events from many network devices, business applications, and security software, including routers, firewalls, and application event logs. "This allows us to show the value of the security program in a comprehensive way," he says.

ChartLaw firm Sonnenschein Nath & Rosenthal also uses a security-event manager, OpenService Inc.'s Security Threat Manager. It monitors the firm's security apps, such as firewalls and intrusion-detection systems, and it also uses data from vulnerability-management and antivirus applications. That helps the firm focus on what's important and determine whether "someone is beating on our door," says security manager Hansen. "I don't want to be alerted about a bunch of garbage."

Nearly a third of survey respondents say they're deploying technology to spot anomalous behavior on their networks and lock down their applications. And more are experimenting with new intrusion-prevention systems.

They're also putting more pressure on software vendors by adding new requirements to contracts. "More people are requiring vendors to put in their contracts that the vendor is being diligent when developing security apps," says Michael Overly, a technology attorney with law firm Foley & Lardner. Such clauses require software vendors to promise that their products have undergone testing and a quality-assurance process. They also require that a software maker comply with best practices regarding security.

Around a third of all survey respondents say software vendors should be held legally and financially liable for software flaws. However, in the United States, 47% say vendors shouldn't be held legally or financially responsible if they can prove they have secure development practices in place. The bulk of worldwide respondents (68%) say they're "somewhat satisfied" with the security efforts of software makers, while 17% are extremely satisfied and 15% extremely dissatisfied.

Most security professionals say it will take time before applications are more secure. "You don't recover from years of code deployment that really didn't have the scrutiny from a security perspective," says Union Bank's Justus. "It's going to take a long time to catch up."

Previous
3 of 5
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.