Is Gap Growing Between Security Haves and Have-Nots?

 
 
By Wayne Rash  |  Posted 2004-11-08
 
 
 
WASHINGTON—Patch management, compliance and vulnerability management all vied for the attention of attendees on Monday at the Computer Security Institutes annual Computer Security conference here. However, some security professionals worried about a new digital divide: large enterprises that can afford security and small companies that cant.

"Im trying to help small facilities do HIPAA [Health Insurance Portability and Accountability Act compliance]," said Brad Smith, a consultant with CIR Security, of Helena, Mont., a consulting group that supports smaller hospitals and related medical facilities. While Smith said he pleased to see that a number of innovative solutions were being launched here by security vendors, he was disappointed to see that nearly all of them were aimed at the largest of enterprises.

"Theres not much here for smaller organizations," Smith said, adding that companies in his region were suffering at the hands of online attackers, especially those from Brazil. Still, he had uncovered solutions for there attacks. "Im thankful for some of the software here," he said.

Communication was also a trouble with clients, Smith said. Sometimes problems with attacks may be overlooked because chief information security officers are reluctant to discuss the issue.

Patch management software could provide one answer, offered Herbert Schneider, security manager with Electronic Data Systems Corp.s European operation based in Rüsselsheim, Germany. Schneider said he was looking for ways to support EDS customers against attacks by patching their enterprises as soon as the patch became available and had been tested.

Overwhelmed by patches. The latest "cumulative security update" from Microsoft pluged eight holes in the Internet Explorer browser, while other patches address "critical" vulnerabilities in the Windows shell, in SMTP and elsewhere. Read more here about patching.

"The underlying problem to preventing attacks is really patch management," Schneider said. Adding to that issue is the need for testing, which can last from hours to weeks, depending on the applications that might be affected. "You see problems with home-grown applications," he said.

Schneider said that his office will patch as soon as it can, but that patch management solutions being shown on the CSI show floor really didnt solve all of the problem. "You still need approval to patch," he said.

The expansion of security into the far reaches of the market was evident in the growth of the annual show, noted several attendees. This year CSI exhibits took all of the available space at the Marriott Wardman Park hotel, where the event has been based for the last several years.

"The hottest topic here is compliance," said Kevin Mahoney, CEO of The Human Factor, of Woodstock, Ga., pointing to increased security interest surrounding the entire data life-cycle mandated for medical and financial data, including archival storage.

While attendees agreed with Mahoney that compliance issues were the hottest theme at this years conference, new products in that area were scarce. However, products to deal with unauthorized access, whether across the network or from within the enterprise, were a common sight on the show floor.

A number of the new product announcements at the CSI conference covered software for handling attacks.

Check Point Software Technologies Ltd.s Zone Labs company announced Total Access Protection, a framework for enforcing security policy on heterogeneous networks. This effort was started when Zone was acquired by Check Point earlier this year, officials said.

The company also announced Zone Alarm Security Suite 5.5, which adds anti-spam and anti-phishing capabilities to the product. Its Integrity Clientless Security, also unveiled, is designed to simplify deployment. A spokeswoman said that intrusion prevention will be added to the mix before the end of the year.

Three players in vulnerability management announced new releases at the show. Qualys Inc. said that its winter release will include an agentless scanner for Unix system and a remediation workflow module for third-party helpdesk applications.

Mazu Networks Inc. announced Version 5 in its Profiler line of intrusion prevention products. The new release includes a "surgical mitigation system" that allows enterprises to leverage routers and other infrastructure in the mitigation process.

Finally, Lumeta Corp. announced Version 3.5 of its IPSonar vulnerability management system. The company says that the product performs network-wide analysis of access control lists.

Meanwhile, a group of application-firewall vendors said they will issue a challenge on Tuesday to Check Point Software, Symantec Corp. and others to prove that their offerings are truly capable of stopping application-level attacks. Executives from Teros Inc., NetContinuum Inc. and Imperva Inc. said the reasoning behind the challenge is simple: to give customers a clearer picture of which products do in fact stop application-layer attacks.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Rocket Fuel