Adrian Kingsley-Hughes
Yes
No
Larry Seltzer
Audience Favored: No (88%)
The moderator has delivered a final verdict.
Opening Statements
Continues to play essential role
Adrian Kingsley-Hughes: There's no doubt that the security landscape has changed dramatically over the past decade, and that threats have evolved from relatively simple viruses and macros designed to cause mayhem buried in documents and files, to advanced threats designed to steal data and carry out corporate sophisticated espionage.
When it comes to security, make one false move and your company can make headlines – in a very bad way. While no amount of security software can compensate for bad judgment by the people behind the keyboard, but it can help the user make informed decisions, and help IT admins to lock down systems and protect the whole infrastructure from attack. But lately there has been concern that security software won't be able to keep up with the advanced threats facing enterprises, especially given the complexity of these threats and the fact that many are customized based on the target.
The problem with this statement is that it's not new – naysayers have been making the claim for years that security software won't be able to keep up with the rapidly changing landscape, and yet keep up with threats it has. And keep up with future threats it will continue to do.
A lot more than software
Larry Seltzer: When a Symantec executive declared recently that antivirus was "dead," it was inevitable that he would be misinterpreted. Security software, including antivirus, is an indispensable tool for IT to block advanced threats. It just can't do the job alone.
In an enterprise, all the best security software in the world won't secure your users and data unless the right policies are in place and administrators have the authority to enforce them. Some of these policies can be unpleasant for users, who must be required to use complex passwords and change them frequently, to use two-factor authentication, to log in to corporate resources over and over again.
Best practices, best defined by OWASP in their Top 10 Web Application Security Flaws, can make things hard on administrators and developers too: They have to be careful how they design web pages and access databases, how they handle user passwords, and so much more.
A company that follows these rules and does security right has a lot more than software. It has good IT people and senior management that is committed to giving them what they need to protect the company.
Talkback
It'll always be an arms race.
I just don't see a way around it. There will always be more flaws to find, and there will always be more tricks that criminals use that security software needs to deal with.
I just don't see any end in sight. Security software can *maybe* keep pace, but that pace will eternally be changing.
Only Possible To Slow Race
1) A fundamental change in the web that makes hiding your identity much more difficult. This means things like using real names, etc. I think this is inevitable but I will probably not see it my life time.
2) Government Action. This would take an international effort to strengthen laws and regulations. This could sharply increase risk and curtail profitability. It would never stop one government going after another one.
Eternal vigilance
Part of the problem is that....
LOL! Well Said
Ignorant
Not a chance.
The only way to keep up is for vendors to release fewer bugs, and fix them faster than they can be exploited.
Or if you're a big organization...
And...
Quality Not Consistent
One of the primary laws of software is there is no software that is totally bug free except that which is obsolete and no longer used. It is kind of like a dead organism. It will not catch any new diseases that will kill it.