Can security software keep pace with advanced threats?

Moderated by Ed Bott | June 9, 2014 -- 07:00 GMT (00:00 PDT)

Summary: The threat landscape has changed dramatically over the last decade. How well are security software companies keeping up with the new challenges?

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes

Yes

or

No

Larry Seltzer

Larry Seltzer

13%
88%

Audience Favored: No (88%)

Closing Statements

Security pros have our backs

Adrian Kingsley-Hughes

OK, we've talked a lot about digital security here, but let's come back to where we started: Can security software keep pace with advanced threats?

I believe it can. Sure, having a security policy is important, as is endpoint security and educating users about safe and unsafe practices (something we used to call "practice safe sectors" back in the day). However, at the end of the day, the security industry is populated by clever folks who've been in this industry for decades, and not only do these folks know the digital threat landscape like the back of their hand, they're also right there at the frontline and they see what's coming before the rest of us have to deal with it.

Security pros have had our backs for decades, and I trust them to have out backs for the foreseeable future.

Sure, feel free to think that you're cleverer then the folks behind security software, but in my opinion you take the approach at your peril. Hubris is a dangerous attitude to have when it comes to security, because when things go wrong, they go wrong in a big way, and fast!

 

You can't program common sense

Larry Seltzer

It's always impressive how smart software can get, but I suspect they'll be planting tomatoes on the moon before it gets smarter than humans.

A big reason for this is that nobody knows how to program common sense. Human attackers can and will learn how to get around the capabilities of software and an alert and diligent human will always be better able to adapt to changes in circumstance than security software.

The other big reason, as I have said, is that people resist the policies that are necessary in order for software to do its job. When convenience is a higher priority than security, no security software can do its job.

A great deal of time and money has been put into making consumer/small business security turnkey, i.e. so that the software could replace people. It's good, but any determined attacker can get around it with some effort. Usually, and ironically, they do this by tricking a human. Humans are smarter than software, but they can still be pretty stupid.

No easy answer

Ed Bott

Both debaters did an excellent job of trying to make sense of a complex, rapidly shifting landscape. Adrian Kingsley-Hughes argues, persuasively, that security software developers are an essential first line of defense against advanced threats. Larry Seltzer argues, equally persuasively, that the bad guys will always have an edge and even the most diligent administrator should plan for the proper response when a network attack is successful.

Because both arguments are convincing, I declare this debate a tie.

 

 

Talkback

73 comments
Log in or register to join the discussion
  • It'll always be an arms race.

    Unless something truly groundbreaking or magical happens - it'll always be an arms race.

    I just don't see a way around it. There will always be more flaws to find, and there will always be more tricks that criminals use that security software needs to deal with.

    I just don't see any end in sight. Security software can *maybe* keep pace, but that pace will eternally be changing.
    CobraA1
    Reply 59 Votes I'm Undecided
    • Only Possible To Slow Race

      There are two possible ways to slow the race but both are probably unacceptable. They will never totally stop it.

      1) A fundamental change in the web that makes hiding your identity much more difficult. This means things like using real names, etc. I think this is inevitable but I will probably not see it my life time.
      2) Government Action. This would take an international effort to strengthen laws and regulations. This could sharply increase risk and curtail profitability. It would never stop one government going after another one.
      MichaelInMA
      Reply 43 Votes I'm Undecided
  • Eternal vigilance

    I figured this one would be a no-brainer, but apparently not.
    John L. Ries
    Reply 54 Votes I'm for No
    • Part of the problem is that....

      it takes more than brains (re: "no-brainer") to work and live safely - and way too many folks either do not catch on, choose convenience over safety, or may indeed be too ignorant to make an intelligent decision.
      Willnott
      Reply 52 Votes I'm Undecided
      • LOL! Well Said

        Thanks for the morning laugh.
        GotThumbs
        Reply 34 Votes I'm Undecided
      • Ignorant

        Ignorance does not lead to unintelligent, it leads to uninformed. Stupidity leads to unintelligent.
        DKFlorida
        Reply 26 Votes I'm Undecided
  • Not a chance.

    The problem is that vendors release bugs faster than they fix them. Next, the "security software" can't paper over the bugs until the bugs are identified - thus there is always a delay.

    The only way to keep up is for vendors to release fewer bugs, and fix them faster than they can be exploited.
    jessepollard
    Reply 54 Votes I'm for No
    • Or if you're a big organization...

      ...and you use open source software, you can always put some of your own people to work finding and fixing bugs. In that case, you're not entirely dependent on the vendor.
      John L. Ries
      Reply 55 Votes I'm Undecided
      • And...

        ...as a consequence, you end up with some in-house security expertise (less need to rely on consultants).
        John L. Ries
        Reply 47 Votes I'm Undecided
        • Quality Not Consistent

          There are a lot of different skill levels. Not every company would have or could afford the best. Also there are different kinds of threats that that take different expertise. Only consultants with large dedicated staffs can have the level of expertise needs. In-house is not a solution.

          One of the primary laws of software is there is no software that is totally bug free except that which is obsolete and no longer used. It is kind of like a dead organism. It will not catch any new diseases that will kill it.
          MichaelInMA
          Reply 36 Votes I'm Undecided