Security's Cost Of Living Adjustment

Let me sum up the state of information security for you, save you a little time: the problems are more complex, the threats more ominous, the vulnerabilities more numerous, the attacks are more sophisticated, the intruders nearly invisible.
Let me sum up the state of information security for you, save you a little time: the problems are more complex, the threats more ominous, the vulnerabilities more numerous, the attacks are more sophisticated, the intruders nearly invisible.1999, 2009, the words are all the same. The mousetraps? They're better, more clever, but it feels like they've merely risen to meet the growing challenge, like a woeful cost-of-living adjustment.

I haven't been to an RSA conference in a few years, but it didn't seem like I'd missed much. I saw old friends, some who've swapped companies, others who've launched startups and most of whom talked about the same old things. Everything I heard this year, I've heard before, just with a new counter-twist to combat the new bad-guy twists.

Exhibit 1: Webroot. This company, which boasts the unflappably kind CTO Gerhard Eschelbeck, provides most of what you already have: Web and e-mail security. The difference is that it comes as a service (SaaS, where the "S" stands for Security, for those of you following along at home). Webroot's data center serves as a proxy for your browser and scans all of the traffic and enforces policies you've created, including blocking URLs (you don't really do that, do you?). It blocks 97 categories of URLs.

As if to underscore how normal this technology is, WebRoot partners with Sophos to block malware. I'm not saying that's a bad thing, just not new.

In the case of e-mail, your MX records get redirected, scanned and then messages sent along all scrubbed up like a kid on his way to church. This technology is four years old, and like the Web security product, the e-mail version has a portal where you set policies and monitor activity. WebRoot offers SLAs for speed and performance. Most of the normal spam filter techniques and features (like giving users the ability to whitelist e-mail addresses) are put to use here.

Exhibit 2: Palo Alto Networks makes . . . are you ready for it? A firewall. But not just any firewall. Many of its employees wear shirt proclaiming: It's Time To Fix The Firewall. You'd think 15 years after Cisco acquired the Network Translation team that built the original PIX firewall, we'd have it by now. Palo Alto says that most firewalls can't keep pace with the trends of the day, especially when end users are stealthily employing external proxies or port hopping. Some 92 percent of organizations, Palo Alto's survey reveals, have peer-to-peer software running on their networks.

But what Palo Alto does differently is look not just at the network, but at applications, content and users, and either block on that basis, or block applications based on user role. It filters dozens of application types. For example, with Twitter, it doesn't just find it, it looks for bad URLs or other clickable items within Twitter; ones that can obscure malware's presence.

Again, as with WebRoot, you can start to look at trends, what the biggest apps were, what the highest risk apps are, trends in application usage. The company separates the management plane from the data processing part to boost performance. This is also part of that ongoing debate we've had for years about where to put the processing, how many redundant filtering and scanning and packet inspections are going on. Of course, only by observing traffic in the real world can we tell whether this sophisticated device will degrade the performance of your applications.

Exhibit 3: Triumfant makes a product that detects and remediates malware in real time. Faster than you read that sentence. Triumfant takes a snapshot of every machine on the network (yes, yes, each one has an agent), uses this to determine what "normal" is (which is a bit like dropping someone into Kentucky and extrapolating to all of America), and repeats the process on a weekly basis. Then Triumfant probes machines (agents) constantly looking for anything that looks like an anomaly. It does all of this transparently, and, in the words of CTO David Hooks, "it just gets well." The software removes the problem. The demo the company showed me was, obviously, canned (sorry guys, I figured it out), so as always it's best to see how these work in the real world. (Wait, I already said that.)

Exhibit 4: Symantec. It bought a company (Mi5). Different year, different company acquired. Need I say more? OK, I will. Enrique Salem, the company's new CEO, a 16-year company veteran, is truly a breath of fresh air. Moments after a keynote, he came by, natty in his grey and purple, and was . . . human. He joked about the make-up he needed to go on camera, asked whether he had food in his teeth (OK, I made that one up), and nailed the interview by talking about "return on yesterday," organic growth as the company's next big move (and here, focusing on the mobile security space), and then talked privately to me about cloud security. Maybe they've finally found the guy who can make Symantec known for more than just being an anti-virus company.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing