Two glimmers of hope for enterprise security

Will the endless stream of security compromises ever stop? No single security product can deliver salvation, but two new solutions, PingID and Tanium, show real promise

Enterprise security has become the breach-of-the month club. No wonder the pipeline of new security solutions runneth over, promising salvation in the form of APT detection, new encryption schemes, malware early-warning systems, next-generation firewalls, sneaky employee monitoring software, and a whole lot more.

Whether or not such security tools make a dent in the problem -- most security disasters result from sloppy practices -- the demand seems limitless. InfoWorld's own 2014 survey saw a rise from 71 to 84 percent year over year in the number of IT respondents who declared security a "critical or very important" investment priority. Organizations are in a desperate search for technology to correct a security situation that has spun way out of control.

[ Horrifying confessions of a security sleuth | Take another look at security -- two former CIOs who show how to rethink your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

People who understand IT know there can be no magic bullets. But recently I've come across a couple of inventive solutions that stand out from rest.

The first is being announced today: PingID from Ping Identity, a firm that has been a pioneer in enterprise identity management. With PingFederate, it offered one of the first federated identity management solutions; with PingID it hopes to replace passwords -- as well as key fobs and smart cards -- with a two-factor authentication smartphone app. To start working, users sign on to the PingOne cloud service, which sends a one-time token to the app. Users then simply slide a big red button on the smartphone app to gain access to their work applications and services.

Makes sense, doesn't it? For most people, their smartphone is as indispensable as their keychain. Why shouldn't a smartphone be at the center of identity? And the user experience is simplicity itself (see "Ping Identity wants to replace sign-ons with smartphones" for details.)

Another intriguing solution, Tanium, applies highly original search techniques to interrogating endpoints across the enterprise. Most successful attacks occur when individual users download malware or malicious hackers poke their way through unpatched software. Tanium can obtain a near-real-time view of hundreds of thousands of endpoints to detect anomalies and determine which software lacks the latest patches -- and roll all of this into a dashboard view.

According to the company, the solution scales to half a million endpoints and you run use simple English queries across that infrastructure -- such as "show me all systems running Java 1.6" -- and get answers in seconds. To anyone who knows system administration, this sounds crazy, since it can take days to get such answers using conventional tools. The magic is performed by passing compressed messages from client to client, in what Tanium calls a "linear peer-to-peer" architecture, rather than the usual hub-and-spoke architecture employed by system management tools.

The result is a kind of hybrid security and LAN/system management. Using Tanium dashboards and alerts based on what's happening on every endpoint, an administrator could detect an attack as it happened and identify which nodes are being compromised. No wonder Tanium recently received a $90 million investment for Andreessen Horowitz.

I'm calling out PingID and Tanium before InfoWorld has had the opportunity to test them, because they both promise to strike at the heart of two huge areas of vulnerability: identity and patch management. There's lots of security innovation going on -- Intel's TrustLite architecture for securing the Internet of things comes to mind -- but much of it addresses areas on the margin.

I've often felt, particularly given the glut of compromises we hear about constantly, that security deserves "the dismal science" title more than economics. It's exciting to stumble across a couple of bright spots.

This article, "Two glimmers of hope for enterprise security," originally appeared at Read more of Eric Knorr's Modernizing IT blog. And for the latest business technology news, follow InfoWorld on Twitter.

Copyright © 2014 IDG Communications, Inc.