Adequacy of Security - A New Debate; An Old Issue
The success of recent large scale hacking attacks has fostered a new debate that has been taking place in the world of IT Security Specialists. On one side, we have those who believe that the tools traditionally used for intrusion prevention and detection are no longer up to the task. Some security companies have been trying to address this situation; this perceived need for stronger products.
"One new solution to the problem of securing the IT infrastructure is the PoliWall network security appliance from TechGuard Security." Another is Damballa - a system that promises early detection of threats weeks before their occurence.
On the other hand, some experts say that very effective systems have been in place for years. The problem is that they have been poorly implemented. In some cases, the risk assessments were simply proven wrong, providing an optimistic take on the risk. In other cases, companies have not been willing to endure the inconvenience that sometimes follows from the implementation of a tight security system. One expert likens it to removing the batteries from a smoke detection system because the occasional beeps annoy you.
There seems little doubt that in many cases, good security principles have not been followed. this has always been true because IT security traditionally has not received the degree of attention that it warrants, taking second place to IT strategies that will help to produce revenue and traditional security techniques that can be more readily understood by business executives.
E-Commerce Times has published a two part series on this issue, which is worth a read.