Preparing for Battle in the Next Security War | eWeek

Preparing for Battle in the Next Security War

Written By
Eric Lundquist
Eric Lundquist
May 23, 2005
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

My intent was to write about the improving state of computer security. However, before starting, I had to clear up all the spew in my in-box from the 16th variant of the Sober worm, which had spent the weekend vomiting neo-Nazi spam into in-boxes around the world.

Is political propaganda spam more malicious than product spam trying to get you to buy bogus products? Id offer an overwhelming yes. Are we still talking about zombie computers under remote control six years after the Melissa virus appeared in 1999? Absolutely. Are technology vendors still fighting the last war instead of preparing for the next one? While that is true to some degree, Id argue that the opportunity does exist to get ahead of the security curve.

There is a lot of evidence of last-war battles going on. Microsoft Chairman Bill Gates made security a top priority in a widely publicized corporate memo in 2002.

/zimages/5/28571.gifClick hereto read about Microsofts next-generation Windows security systems set to debut in Longhorn.

Since then, much of the companys security effort has gone into fixing past errors of omission (leaving access defaults open instead of closed); crowding into territory once the province of its partners (the recently announced OneCare security subscription service); and promising greater security advances in products still in the pipeline, such as “Longhorn.” Microsoft is also addressing the difficulty of administering security in a shared environment with a shared security tool kit now in beta.

At least Microsoft has gotten better at admitting its past problems, unlike Apple, which is still waffling on admitting that the patches issued for its Tiger operating system were not just upgrades but also security patches for its Dashboard Widgets.

But there is also a lot of evidence of vendors getting ahead of the curve. Those vendors are concentrating on addressing security from the server side rather than trying to fix every client in existence. At the server side (which today means youre looking at hosted offerings), you can apply computer muscle for the identification, analysis and filtering required to stay ahead of the bad guys.

Qualys, for example, offers a vulnerability and assessment management service for the enterprise. The three basic elements of enterprise security—assessment, auditing and compliance—are offered as a service, avoiding the capital outlay normally associated with big, enterprise-level security undertakings.

In the future, security will be treated as a service by the internal technology staff or purchased via subscription from an outside provider. The days of piecemeal security upgrades and client-to-client scrambles are quickly coming to an end.

Pushing the security model upstream away from the client to a hosted solution is good news for companies with a strong host-based business such as telecommunications, hosted e-mail and even hosted search companies. Trying to drag along a big client base is difficult, as is evident by Microsofts upcoming “Eiger” operating system, which aims to beef up security capabilities for its existing, older client base.

Cyota, a company in the anti-fraud space, boasts some of the largest banks as clients. With anti-fraud and user authentication much in the news, its refreshing to find a company that is applying business and human intelligence to the issue rather than broadly calling for massive identification programs that probably create more problems than are solved.

Amir Orad, Cyotas executive vice president of marketing, explained to me how the company uses a combination of technology and traditional investigative techniques to focus on fraud instances based on risk level.

The monthly, online mortgage payment always originating from the same place does not need the same attention as a spate of withdrawals suddenly being made to the same account in different places around the world. Whats most needed today is the ability to identify and go after that small percentage that is causing the big headline-grabbing problems.

The solution to computer security problems will not come in one quick event but will be the result of sustained effort that whittles down the openings available to online criminals. That whittling down is what is now taking place.

Editor in Chief Eric Lundquist can be reached at eric_lundquist@ziffdavis.com.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.