RSA 2009 Another Year of Handwringing on Cyber Security
Deborah Gage writes on the San Francisco Chronicle "The Tech Chronicles" Blog:
Every year, the security industry gets together at the RSA Conference in San Francisco to learn new techniques for fighting the bad guys, who always seem to be a step ahead.More here.
This year is no different. Security vendors say they are not doing enough and government officials say they are not doing enough because attacks are getting worse -- in 30 minutes, Symantec blocks 200,000 attacks.
One problem is that computer systems are still too complicated, which makes them easier to attack and harder to protect.
"Separate groups (in a company) do testing, manage the data center and do security audits and a lot of what they do is manual," said Enrique Salem, Symantec's CEO. "If a security team needs information, they call a different department to get the logs, and it takes a couple of days for the logs to arrive. A week later, they change their audit procedures."
If you listen to the director of the NSA, the government isn't doing much better. "We don't have a way today of sharing and seeing networks in a timely manner," said Lt. General Keith Alexander. "How do we close that gap with the antivirus vendors [whose detection of threats tends to lag because cybercriminals create new threats so quickly]. And how do we provide early warning?"