Security weapons to fight the next malware war

The shift from frontal assaults on enterprise networks to insider threats such as rootkits, Trojans, and bots signals big changes in IT security. Here are a few of the technologies that will play an important role in the years to come:

Strong authentication: From online banking to remote-worker VPN sessions, the days of the user name and password are numbered. Increasingly, organizations are turning to stronger, multi-factor solutions such as RSA SecurID tokens, Smart Cards, and biometric devices. Stronger authentication is also being driven by the U.S. government, which is responding to Homeland Security Presidential Directive 12, which mandates a governmentwide identification verification system for both physical and logical access. Smelling government largess, vendors of all stripes, including Cisco, RSA, and others, are now pushing out unified physical and logical access products.

Data encryption: No one needs to remind us that there’s lots of data stored on the laptops we carry wherever we go. Still, organizations such as the Department of Veterans Affairs, Ernst & Young, and others have been shocked to learn that sensitive data was allowed out unprotected. With stringent laws governing sensitive customer data, and 81 percent of companies in a recent Ponemon Institute poll saying they’d lost one or more laptops containing such data, enterprises are taking a hard look at data encryption technology. “How to protect data is a whole different story for organizations,” says Kerry Bailey, senior vice president of global services at Cybertrust. “There’s no perimeter. It’s like protecting the President — you’ve got to protect him where he goes.”

Application IDs: In the old days, there were a few thousand known computer threats. They kept computer security researchers busy developing unique signatures, so that anti-virus programs could spot each one should it try to infect a computer their product protected. These days, the job is a bit harder, with 200,000 pieces of malicious code officially logged — especially when 100,000 of those have appeared in just the past two years, after taking 18 years to reach the 100,000 mark, according to McAfee’s AVERT Labs. With so many new, rapidly morphing threats, some in the security community are thinking it might be smarter to just focus on the code you do want to run, rather than trying to filter out the stuff you don’t. Microsoft is looking closely at developing an application identity architecture for future versions of Windows. Application IDs will be cryptographic signatures based on an executable and its supporting files. Products from companies such as Bit9 already allow administrators to lock down desktops to all but approved applications — an increasingly attractive proposition for networks with click-happy users and besieged admins.