Security Web Digest: Security Burden Moving To Private Industry
House cybersecurity subcommittee chair says private sector needs to step up
A top Republican congressman with jurisdiction over cybersecurity said it maybe time to require private industry to protect its slice of cyberspace from attack. While both President Bush and the Clinton administration before him have urged voluntary private-sector cooperation on this issue,Rep. Mac Thornberry (R-Texas), chairman of the House Subcommittee on Cybersecurity, Science, Research and Development, said hes investigating whether urging CIOs and CISOs to improve security is enough. The congressman offered no further detail about his criteria for imposing regulations or what they would be. Enterprise Symantec Corp. said Monday that it purchased a key security technology patent as part of a settlement of a lawsuit filed by Hilgraeve Inc.,and will take a charge to its previously reported first-quarter earnings. Symantec also received licenses to the remaining patents in Hilgraeves portfolio. "This is a patent that is fundamental to several security technology defenses, including antivirus technologies, and it is an essential part of providing comprehensive protection against the growing number of threats," Symantec Chief Executive Officer John W. Thompson said. Sygate Inc.this week announced updates to its security software making it possible to secure all endpoints on a network -- servers, desktops, via remote access or on the LAN -- by making sure they are compliant with corporate security policies. Sygate Secure Enterprise 3.5 software can deny or restrict use of corporate networks by any machine running a Secure Enterprise agent. Previously, Sygate could enforce policies at key network access points, but not on all machines with the agent software. Agents check whether machines have the proper operating system configurations, appropriate patches, and security applications such as firewalls,antivirus and intrusion detection. Devices that come up short can be monitored, blocked from network access or referred to update servers.