With so much time and effort going into security these days, what issues need to be front and center for IT managers today?
Clearly there are two factors driving security. On the one side is the immediate attention that new outbreaks of worms are getting and on the other hand the more strategic, long-term securing the network. From a more technology perspective, its pretty clear the way we have been protecting ourselves over the five or six years is also changing drastically. We have been really focused, in the past, on protecting ourselves externally well at the perimeter. That’s really one of the significant shifts I see happening in the industry, is people are looking to do the same level of protection on the inside devices that they have been doing on the perimeter.
Why is this occurring?
“We have seen last year with the events of Blaster, for example, that those worms actually have caused more damage inside organizations’ networks than on the Internet. We have been doing a very good job on the perimeter but really it’s now time to take a step back and look [to] where is the next attack vector; where are they happening? And it’s pretty clear they’re happening inside networks.”
It seems that most of the damage from worms such as Blaster is the clogging of corporate networks. Could these worms actually lead to more advanced attacks that will be more malicious?
“It’s clearly a very similar trend to what we have seen in the anti-virus industry. The very early viruses were prototypes for what then became virus-building kits or virus tool kits and then those tool kits are very easily being used to build new viruses. I see the same happening here in the worm and malicious code area even in the MyDoom case we have seen already the fact that one worm came out on Monday and a derivative was already existing two days later.”