New products and press fascinations come and go (mobile worms, anyone?), but IT security managers will stick with what works -- until it doesn’t. A few years from now, we may look back on 2006 and 2007 as that kind of turning point, when enterprise IT security folks took a good hard look at some of the products that were mainstays of their defensive strategy and asked whether they are pulling their weight.
Anti-virus software is likely to get the most scrutiny. In addition to being haunted by Microsoft’s entry into the anti-virus software market, the likes of Symantec and McAfee face an even bigger challenge in the enterprise: namely, a sense among security experts and enterprise IT staff that anti-virus software, as we’ve known it, has lost its edge against sophisticated malware that exploits previously unknown (“zero day”) software vulnerabilities. Look for more CISOs to seek alternative forms of protection in 2007 -- such as the use of behavioral analysis to spot compromised machines -- to try to get in front of zero days and other threats.
IT developments in the government space don’t typically foretell those in the private sector. But the government’s push to implement Homeland Security Presidential Directive (HSPD) 12 could have a spillover effect in the enterprise space, according to security experts. That directive, which went into force in October, requires a single, secure form of identification for all federal workers that can be used for both physical and logical access. It also affects defense contractors that do business with the government, and those companies may find it more affordable to standardize on some form of HSPD 12-compliant ID than to try to create a special ID just for their government contractors.
Intrusion detection and prevention is another area where enterprise security folks will be pressed to make the numbers add up. After sinking millions into IDS and IPS deployments over the past few years, companies have found themselves wading through vast seas of events that, in some cases, actually obscured attacks. In the case of IPS, security managers found themselves wary of turning their new hardware into “block” mode for fear of slowing or disrupting legitimate network traffic. With the stakes of network intrusions and data loss higher than ever, look for enterprises to ask their IDS and IPS vendors to put up or shut up (literally) when it comes to spotting and blocking attacks.