Thompson Urges Everyone To Pitch In On Security

That was the message Symantec chairman and CEO John Thompson delivered in his keynote address Wednesday morning at the Comdex trade show.

Unlike his fellow keynote speakers at the show, most of whom delivered self-promoting, plodding, rote presentations to increasingly impatient audiences, Thompson artfully wove his company pitches into an engaging speech full of forceful language and emphatic warnings.

He says he's especially leery about computer users and companies being content to let the U.S. government regulate too many of our security issues. He cited the recent federal anti-spam legislation, which had broad public support, as an example of the kind of government action that's cause for concern.

"I predict the legislation will be unmanageable and create more confusion than ever," he says. "We can't assume someone will address our security problems for us or that news laws and regulations will take care of it."

He painted an alarming picture of the growing security threat, saying that the time between identifying network vulnerabilities and exploiting them has decreased dramatically while hacker activity has increased. Symantec now logs about 100 new viruses and 60 new network vulnerabilities every week, and the frequency of attacks was up 19 percent through the first half of 2003.

But weeding through the attacks to find the genuine threats is only getting more difficult. He cited one company whose security system recently identified 9.5 million alerts, 620 of which needed further analysis. Only 55 of those required in-depth examination, which revealed exactly two threats that required immediate action.

"It's the proverbial needle in the haystack," Thompson says. "We must be prepared to respond when these attacks take place, but system management is particularly challenging in environments with disparate products."

New dangers looming include "Warhol threats" (named for Andy Warhol's remark about everyone having 15 minutes of fame), which can spread across the Internet in a quarter of an hour; and "flash threats," which haven't occurred yet but could blow across the Internet within 30 seconds.

"We haven't seen these yet, but they're clearly possible," Thompson says. "We also might soon see a day zero threat, which could attack a previously unknown vulnerability on the same day or same time it becomes known." He further warns of an emerging skills gap in the United States, predicting a shortfall of about 10,000 trained security professionals in the coming years.

Thompson says the way to prevent, or at least deter, these kinds of attacks is through comprehensive security policies that deploy a wide range of technologies, some not yet available. These include host-based intrusion prevention and behavior blocking, generic exploit-blocking systems and protocol-anomaly protection. Thompson also advocates the development of more application-level security tools to protect specific things like company databases.

Failing to address these issues quickly and comprehensively could stunt the growth of the entire industry.

"We may come to a point where users view technology as more of a liability and only use it for a few crucial applications, which in turn could result in more government intervention," he warns. "The industry has the responsibility and opportunity to make sure technology users can live and work comfortably in a wired world. Today. not everyone has the tools and skills to do the job, but an integrated approach to security can help eliminate the challenge of point products and create the defense and depth that allows users to manage their whole environment."