CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Security

Through the security looking glass

Yes, there's glitz and glamour, but industry watcher Tim Clark says cybersecurity experts are still arguing about many of the same things they did five years ago.

The annual RSA Conference, which just concluded in San Francisco, is the technology industry's premier security event.

After covering a half-dozen RSA conferences in the 1990s (including several for CNET News.com), I returned this year for the first time since 1999. Talk about a time warp.

As cybersecurity has become an ever larger concern,


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


the data security industry has mushroomed. But although the lingo has changed from the prespam days, you can divide the technology on display from the nearly 250 companies into one of two categories: "hot stuff" and "perennial stuff."

First, the hot stuff:

Appliances: Five years ago, software applications were all the rage; today, there are hardware appliances for almost any conceivable security need. Secure proxy appliances, firewall appliances, virtual private network appliances, antispam appliances. Just plug them in to a network, and they start protecting.

Software appliances: Not an oxymoron, apparently. specializes in software appliances, offering a kind of "virtual hardware" that gets installed on a server to create an instant appliance. Immunix makes software appliances that can be filled up with any security application, making an appliance without the messy step of building special-purpose hardware.

Intrusion prevention: Five years ago, intrusion detection software was the latest thing. Today, intrusion prevention is all the buzz. It certainly sounds better. Who wouldn't want to prevent a nasty intrusion instead of merely detecting it? The question is if the technology has really changed or if it's just more marketing hype.

Antispam: One reseller told me that there are now more than 200 antispam vendors in the market, or roughly one for each spam message that reaches my in-box every week.

You can divide the technology on display from the nearly 250 companies into one of two categories: "hot stuff" and "perennial stuff."
How will they differentiate themselves? How will any of them survive against bigger companies like Microsoft, Yahoo and EarthLink? Here's to hoping that the winning antispam solution is one that works.

Proactive vs. reactive: Proactive software is the good stuff, which anticipates security problems. Reactive software is the bad kind, which reacts to the problem you've just encountered. And the best software combines proactive and reactive solutions. That way, when the proactive software doesn't work, the reactive software can tell you what just happened to you.

Wireless: The wireless revolution has spurred a huge outpouring of security offerings for notoriously insecure wireless devices. Analyst Julie Ask of Jupitermedia says security concerns are crimping wireless adoption.

SSL VPNs: These are the good kind of virtual private networks, based on the Secure Sockets Layer protocol. Indeed, SSL VPN vendors abound. The other kind of virtual private network is IPSec (Internet Protocol Security). SSL VPN vendors treat IPSec VPN like a dreaded legacy application.

Identity management: It used to be that PKI (public key infrastructure) systems and digital certificates would solve the problem of tracking who's who and what they're allowed to do on a computer network. No more. Now, the hot ticket is identity management software that can handle all kinds of legacy stuff, including PKIs, and delivers single sign-on at the same time.

And now the perennial stuff:

Channels: It was hard to find a company that sold directly to end users rather than through resellers. It was also difficult to identify who these resellers are, because they did not turn out for the show.

Smart cards: These chip cards offer so many obvious advantages that they constitute the wave of the future--much as they have for the last decade.

Biometrics: Biometrics is the term for security systems that are based on something on your body: iris, fingerprint, face recognition, etc. Supposedly, they can't be broken, but this remains a work in progress.

Tokens: These are little devices you carry around and plug in to computers or other things you want to use. One, called a key fob, fits on your keychain, and then you plug it into a Universal Serial Bus port on a computer to prove that you're really you.

Then, there's RSA's own SecurID token, a little gizmo that displays a number that you type into a computer to sign on. The number changes every 60 seconds. RSA has marketed SecurID for years without blockbuster success. Now, Microsoft is backing them as a Windows sign-on. Will Microsoft's security endorsement hand RSA a smash hit?

Wake me up in another five years for another look.