Johannesburg, 11 Aug 2003
Trillions of e-mail messages are making their way around the globe as more organisations rely on e-mail and the Internet, but with this exponential increase in electronic traffic comes the increased threat of computer viruses and legal liability.
Meta Group`s risk and security practice leader Les Stevens says the threat from external malicious attack is continually growing and therefore intrusion detection (ID) is still very important in protecting organisations from legal liability. He says intrusion prevention (IP) does not take away the need for ID because IP methods can be circumvented in an increasing number of ways.
Stevens says Meta Group`s analysis of business`s future purchasing plans shows strong interest in various forms of intrusion detection, which is "finally becoming widely accepted as a necessary part of well-secured environments".
He says in the past 18 months, small and medium enterprises in particular have relied heavily on firewalls for protection, but he warns that some kind of ID is essential if a company has any kind of Internet presence.
"While firewalls alone do not offer complete protection, ID is also no guarantee of safety. Only about 20% of intrusion detection systems (IDS) are effective because administrators tend to reduce the sensitivity of systems to reduce the number of false alarms."
Stevens says there is a great need for better planning when it comes to IDS. "Those that have purchased a product without the benefit of an underlying policy and plan naturally feel like they have wasted their money, because they have. Technology alone does not improve security." He says this causes a false sense of security that can actually harm the security effort.
UK-based security software producer, Clearswift, agrees that enforceable security policy is vital and says a single line of defence is no longer adequate. Clearswift operations VP Andy Burton says businesses need a core set of competencies to protect them. He says in addition to anti-virus software and URL blocking, it is necessary to be able to dig down into the content of all electronic communications.
Burton says Clearswift`s marketplace was formed on the need to explore the content of messages. He says organisations need to be able to remove malicious code that may be contained in attachments, zip files, or embedded files as well as ensure employees do not expose them to legal liability through inappropriate use of electronic communication channels.
Meta Group says the minimal difference between the closely related intrusion protection and detection will disappear within two years. Stevens says the trend is towards having monitoring systems that provide both types of control. He says another significant trend is towards the shared responsibility for risk between business and the IT organisation.
"Business continuity should be the responsibility of business, whereas disaster recovery planning is the responsibility of IT."
Meta Group is to present a workshop on managing information risk and security later this month in Gauteng and the Western Cape.
Share