Software // Enterprise Applications
News
7/2/2004
11:25 AM
Connect Directly
RSS
E-Mail
50%
50%

Under Attack

Businesses are suffering more downtime as the threat from viruses and worms continues to grow

The Profiler application helps Advo better understand how the network is being used and lets McMurray tighten security policies. "The more detailed analysis gives us a better understanding of what our threats really are. Have we seen this before? How big is the problem? And it helps us watch for those problems from then on," he says.

Fewer than a third of companies worldwide, the survey shows, use security event-management applications. But those apps can pay off. Companies with sophisticated security programs that use those tools to correlate and monitor security-related activity occurring throughout their networks and systems are reaping the rewards.

Union Bank of California installed security-management software from ArcSight Inc. about 18 months ago to help correlate threats across its many applications and security devices. "We chose this path so we could remain vendor neutral. ArcSight has the ability to adapt and be nimble," says Bob Justus, senior VP of corporate information security and IS/IT contingency. The bank uses ArcSight to monitor events from many network devices, business applications, and security software, including routers, firewalls, and application event logs. "This allows us to show the value of the security program in a comprehensive way," he says.

ChartLaw firm Sonnenschein Nath & Rosenthal also uses a security-event manager, OpenService Inc.'s Security Threat Manager. It monitors the firm's security apps, such as firewalls and intrusion-detection systems, and it also uses data from vulnerability-management and antivirus applications. That helps the firm focus on what's important and determine whether "someone is beating on our door," says security manager Hansen. "I don't want to be alerted about a bunch of garbage."

Nearly a third of survey respondents say they're deploying technology to spot anomalous behavior on their networks and lock down their applications. And more are experimenting with new intrusion-prevention systems.

They're also putting more pressure on software vendors by adding new requirements to contracts. "More people are requiring vendors to put in their contracts that the vendor is being diligent when developing security apps," says Michael Overly, a technology attorney with law firm Foley & Lardner. Such clauses require software vendors to promise that their products have undergone testing and a quality-assurance process. They also require that a software maker comply with best practices regarding security.

Around a third of all survey respondents say software vendors should be held legally and financially liable for software flaws. However, in the United States, 47% say vendors shouldn't be held legally or financially responsible if they can prove they have secure development practices in place. The bulk of worldwide respondents (68%) say they're "somewhat satisfied" with the security efforts of software makers, while 17% are extremely satisfied and 15% extremely dissatisfied.

Most security professionals say it will take time before applications are more secure. "You don't recover from years of code deployment that really didn't have the scrutiny from a security perspective," says Union Bank's Justus. "It's going to take a long time to catch up."

Previous
3 of 5
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.