How to Fight The Onslaught of Security Threats

NEW YORK -- With a constantly evolving threat landscape attacking IT infrastructures, the impulse for many enterprises is just to throw more technology at the problem.

According to Forrester Research Analyst Paul Stamp, that may not necessarily be the right approach.

Speaking on a panel at the Interop conference, Stamp said IT needs to address risks from the top down, first identifying the top five scenarios of how someone could "mess you up." Only after that can IT security techniques be employed.

There is a lot of noise in the security space about new technologies, he said, and we're in a period of digestion where enterprises are trying to make sense of what's out there already.

Enterprises are headed toward more mobility and collaboration technologies, he continued, and they will deploy them first before considering how to secure them. They'll also take a look at virtuatlization first.

Shane Coursen, a virus researcher at Kaspersky Labs, told the audience that he noticed a lot of malware doesn't work well on VMware, if at all.

"I don't know if VMware malware will take off," Coursen said. "We need to look at it from the point of view of the advantages of virtualization, and figure out how the bad guys will twist advantages to their advantage."

Stamp said there's an even bigger issue to deal with in terms of virtualization security. Simply focusing on the vulnerabilities associated with the underlying platform on which a virtual machine exists isn't the whole problem. Enterprises have to manage the way a virtual machine gets configured and reconfigured over time.

Speaking of dealing with security in a holistic way, an emerging trend in IT security has been all-in-one security tools that combine anti-spam, antivirus and system health capabilities, for example. It's a trend that, according to the Interop security panel, isn't necessarily in the best interest of users.

"When you rely on one application to cover every type of security issue, it's generally not a good idea," Coursen said. "If one vulnerability is discovered in the product, you're in trouble. I'm a big proponent of multiple tools from multiple vendors."

Relying solely on one type of approach, whether it's signature files or whitelist approach, isn't the right idea, either. Gary Leibowitz, general manger of Panda Security, said that the signature-based approach doesn't work because it can't keep up with emerging threats. That said, signature files have their place.

"It's like thieves in the city; if you have a list, then why not use it," Leibowitz said. "It's a good approach, but what we're afraid of is the quantities and tactics means we need better mechanisms to identify threats and rapidly deploy updates."

This article was first published on InternetNews.com. To read the full article, click here.