IT security still has 'perilous gaps of risk': RSA
Summary
Topics
In his opening keynote at the annual RSA Conference, Art Coviello called for the improved collaboration.
"Today security is viewed as way too costly and not effective enough," he told the conference in San Francisco. "Security technologies are still applied piecemeal from multiple vendors, cluttering the information landscape, leaving perilous gaps of risk," he said.
See also from the RSA Conference:
He added: "One of the reasons why the fraudsters are so successful is they poke at the infrastructure until they find a weakness in the system. Today's security products tend to protect an element of the infrastructure against a defined set of threats, so what do fraudsters do? They just work around those products."Coviello argued that vendors need to work together better because hackers and fraudsters are already working in their own "fraud ecosystem" stuffed with innovation, and said hackers use an "amazingly sophisticated supply chain" when putting their attacks together.
"It cannot be solved by a suite of products from a single vendor. It must be solved by the vendor community," he said. "In the web 2.0 world, we have seen the power of mash-ups - so why not in the security world?"
Coviello said suppliers have to collaborate on standards, even though progress can be slow, and share technology, thereby cutting the time and cost of developing enterprise security products.
What does Coviello think the response will be from IT security professionals to all these initiatives? "I believe all of you will be saying 'it's about time'," he concluded.
This article was originally posted on silicon.com.
Talkback Most Recent of 5 Talkback(s)
-
IT Security Firms do have to cooperate
But until they are working for 'non-profit' I don't really see them doing that. It's all about the money, and keeping their best virus and other bad thing detection schemes to themselves is simply business as usual in our capitalist economy.
Lerianis22nd Apr 2009 -
Maybe something like...
Howdy,
In the process control community, DHS created the process control security requirements forum (PCSRF, see below). The work of this organization has delineated numerous threats and has forwarded proposed guidance to avoid or counter the threat. This may be a good starting point for other players to assess the governance of their own IT systems.
Finance and accounting areas also have guidance over IT governance in the IT governance Institute (ITGI, www.itgi.org). Perhaps it would be best to decide on the set of threats (as with PCSRF), or to decide on a desired end result (as with ITGI) and create a commonwealth .org to support those initial desires. Either way, in the US, I'd suggest beginning with NIST, since they are the standard.
PCSRF - http://www.isd.mel.nist.gov/projects/processcontrol/
yet_another22nd Apr 2009 -
chose your battle
Fighting software with software is a lost cause.
Fighting software with hardware is the best solution.
Vested interests prefer the first approach.
gary
gdstark1323rd Apr 2009 -
And WiFi is the largest security hole out there!
Ban wifi. Its a gaping hole.
VoiceOfLogic23rd Apr 2009 -
Windows is the weakest link
Though they are trying to improve it, MSFT is never willing
to cut off old legacy stuff, which makes it very insecure.
Virutally all mass security threats are tied directly to
Windows. Switch to all Unix based systems. And use
hardware whenever possible, firewalls, timed password synchronization systems (like banks use), etc...
Wifi isn't going away anytime soon, but it shouldn't be
used in all cases. Still, a hardwire can actually be tapped
into as well.
comp_indiana23rd Apr 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
