Security show tackles online threats
The security industry takes on phishing, viruses and all manner of online threats at the annual RSA Security Conference this week.
With phishing attacks plaguing consumers, viruses showing no signs of abating, and regulations such as the Sarbanes-Oxley Act worrying clients, business has been brisk for security companies.
 | ||||
| | | ||
| Related story virus-proof?  As more cars and home appliances get networked, people are more at risk. | | ||
| ||||
| ||||
Yet the continuing rise of online threats underscores the lack of progress in solving corporate and consumer security problems, which have many customers demanding easier-to-use and more effective security tools. The result: Large companies--from Cisco Systems and Symantec to Microsoft and Juniper Networks--have reason, not to mention the cash, to go hunting for acquisitions.
"The security industry is saying, 'We're back, and security is on top of the world,'" Charles Kolodgy, a security industry analyst with IDC. "But people will be talking about where does the security industry stand...Is consolidation finally here, and will be security market finally be swallowed up?"
Three major themes will dominate the RSA Security Conference, which kicks off today in San Francisco. Customers are complaining that the security products are not making them safe; government regulations are driving many purchase decisions; and most visibly, consolidation seems likely to continue into 2005.
"Expect to see a lot of consolidation," said Amrit Williams, research director of information security at Gartner. "People want more integrated solutions."
Last week, Microsoft bought its third security company, picking up corporate e-mail security company Sybari for an undisclosed amount. How much Microsoft's recent acquisitions will affect the industry may be answered Tuesday, when the company's chairman, Bill Gates, takes to the stage for the conference's opening keynote.
Microsoft is just the latest company to make a move in the security industry. Symantec's recent announcement that it will acquire storage vendor Veritas shows that large security firms are looking to expand outside the industry.
In December, networking company 3Com announced plans to acquire intrusion prevention appliance maker TippingPoint Technologies. And in February, Juniper announced a deal to acquire VPN (virtual private network) maker NetScreen Technologies.
John Thompson
CEO, Symantec
John Thompson, chief executive of security giant Symantec, is scheduled to address the importance of security intelligence in IT operations, an increasingly critical issue as companies seek to comply with federal regulations. Building on that theme, the conference will also feature a panel on Friday, covering "Sarbanes-Oxley Compliance: Lessons Learned and the Road Ahead."
The event will also feature a cryptographers' panel to delve into the latest trends and products to secure data transmission. And also on tap is a session on the type of security solutions consumers are seeking when ease of use is paramount.
"The problems have gotten worse every year," said Bruce Schneier, a cryptographer and chief technology officer at Counterpane Internet Security. "Basically, security gets better, but systems get worse. We are not addressing the complexity problem."
Keeping the worms out
With the rampant infiltration of worms, customers have been driven to seek out intrusion prevention technologies to combat the problem, Schneier said.
Companies are also increasingly loading firewalls and intrusion prevention on their desktops, moving beyond just antivirus software. The plethora of worms that emerged in late 2003 prompted companies to move in that direction, he noted. At the heart of the matter is the danger of workers bringing in a virus via a mobile device.
"Most companies are good at perimeter security," said Amrit Williams, a Gartner analyst. "But as soon as laptops enter into hotel or (connect at a) conference, they can get an infection and then bring it to the network."
Analysts note some of the hot trends at the forefront of conference-goers' discussions this year will range from intrusion detection to desktop security to vulnerability risk assessment management to new identification authorization technologies. Another big focus will be on identity management technologies, with a number of new devices likely to be unveiled at the conference, said Steve Hunt, a security analyst.
"We'll see it take many different forms...Some will store passwords, or have digital certificates or credentials for authentication," Hunt said.
While Microsoft shores up its security through acquisitions and its Trustworthy Computing initiative, some companies are fed up with dealing with the constant security headaches of Windows, said Stephen O'Grady, a senior analyst with RedMonk.
"Linux and Apple are saying their platforms are more secure, and we're seeing some enterprises paying attention to that," O'Grady said.