|
|
|
UP
FRONT |
| Institute's 4th
Anniversary! |
|
June 6, 2005 marked the conclusion of The
Institute’s fourth year of bringing high quality
insights to practicing IT security professionals.
Over the past four years we have hosted 22 regional
Network Security Forums for over 1,000 practicing
network security professionals in six U.S. cities.
Many of our members have been to multiple forums
over the years, and are now finding huge value as
annual members of the Institute’s Partner Program.
Thanks go to all of the members who have supported
us over the years, as well as our outstanding
faculty group. We couldn’t have done it without
you.
In
early June, we took a peek over the Gartner fence to
get a view of what they’re saying lately about the
state of the profession. The subtitle of this
year’s Expo was “The Year of Reckoning
in IT Security”, which makes us wonder if
2005 will be a watershed year where the pace of
change may slow, or just another year of big growth
for the profession.
Be
sure to check out our latest postings to the Partner
Portal in Partner Program News below. We’re posting
new and interesting content everyday, and are proud
of our recently posted Institute Annual. The Annual
is our greatest hits from the 2004 year of forums,
and it is a great review for any IT security
professional wanting to pick up some tips. We’ve
summarized the high points in the Partner Viewpoint
section of this issue. — The
Institute |
|
 |
|
PARTNER VIEWPOINT: Jack Phillips |
| Introducing the Institute
Annual |
|
2004 was a tremendous
year of change and growth for the IT
security profession, and the Institute was
keeping track of it all along the way. Each
spring we publish for our Institute Partners
the Institute Annual.
This important document
draws the most compelling insights and ideas
from the six regional Network Security
Forums we hosted during the year. The
insights appeared in much more detail in
each of the Summaries of Findings we
published for attendees after each forum.
This month, we thought we would present to
you this list of the best in summary form.
1. “Network
perimeter” has lost its meaning; it’s no
longer the frontier to defend. IDS is
not dead, just not the primary focus any
longer. IPS remains hype in most end-users
minds. Behavioral and flow-based
technologies that focus on internal traffic
patterns now make the most intuitive sense
to users; “internal” is now the frontier to
be paying attention to.
2. Security is about
human behavior, not silicon and boxes.
IT security professionals must now
understand how to sell ideas and navigate
the political landscape inside most
organizations. These are skills which don’t
come naturally to technical professionals.
3. Security data
management has become a critical
competence for all security teams; SIM/SEM
products continue to be popular, but still
seen as immature. Adequate due diligence
and study in this area is the order of the
day.
|
4. Vulnerability management
now boils down as much to understanding the value of
organizational assets as it does to keeping up with
the threat landscape. The hardest part for
most security professionals is knowing what’s most
important to protect. Most teams are using a
“portfolio” approach with a mix of COTS and open
source tools.
5. Wireless networks
(both sponsored and unsponsored) are now the norm in
most organizations. Securing this infrastructure is
difficult since you don’t always know where it is.
Most professionals are insisting on internal
policies for proper use as a stopgap measure before
full wireless security can be implemented.
6. Increasing security’s
visibility (and funding) requires some kind of tie
the underlying business or mission of the
organization. Making the case that information
security either increases the top line (revenues,
customers, members), or lowers costs (direct costs,
insurance premiums) is the only way the profession
will continue to get the attention it deserves.
7. Despite all the hype
surrounding it, regulatory compliance is
probably the most effective way to focus attention
and resources on IT security today.
The full 12-page Institute
Annual is available upon request from the Institute
for Applied Network Security. |
|
|
|
|
DATA
POINT: Product Interests |
|
We ask our Forum attendees prior to each forum
which product categories are of most interest to
them right now. We present here the data we
collected from our Southeast Network Security
Forum in Atlanta in May 2005. Interesting to see how
things really stay the same over time, even in
the midst of a host of new product technologies
and offerings.
|
We were struck by the huge interest expressed
also in the emerging “data leakage” space. As
Peter Kuper refers to them, these are the “V
companies” since as recently as a few weeks ago
all of their names started with the letter V.
More to come from this group of companies in
future Forums.
|
|
|
"Product Categories
of Most Interest to Me Right Now" |
 |
|
|
PARTNER
PROGRAM NEWS |
| What's Available Now for
Partners |
|
|
Multimedia User Briefing summaries have been posted
to the Partner Portal on the following topics:
-
Selecting & Deploying Cisco Security Agent (CSA)
-
IPS Selection and Implementation in a University
Environment
-
Unlocking Identity and Secure Access: Real World
Lessons Learned
-
Getting Ahead of Regulations: Challenges and
Solutions for the Fortune 1000
The
2004 Institute Annual is now available for download.
Summaries of Findings from our Dallas, Washington
D.C., and Atlanta Forums are now available in a
searchable format by keyword, as well as in PDF
format.
The Institute’s remaining Forum calendar this year
is as follows:
-
Midwest (Chicago) – August 3-4, 2005
-
New England (Boston) – September 26-27, 2005
-
New York Metro (New York) – November 14-15, 2005
The
Partner Portal is
available exclusively
to Institute Partners.
To learn more, please
contact Phil Gardner at 617.399.8100
or direct an email
to
partner@ianetsec.com. |
|
|
