Pulaski: There're some things you really, truly need experts for. Then there're some things that software tools can help you automate to the point where, for example, the work of one expert can be leveraged by a whole team of nonexperts. It can basically help the people who are not experts figure out how secure things are and if their policies are being followed. The goal of companies like BindView is to develop software and methodologies and processes that customers can use to take the work of a very few number of experts and leverage them.
InfoWorld: Will security tools ever just become another embedded part of the network infrastructure?
Pulaski: Ideally, more and more of the security infrastructure components need to be built into the security infrastructures themselves, rather than coming from third-party applications. BindView focuses not on providing the pieces of the security infrastructure but in analyzing how the security infrastructure is configured and deployed enterprisewide, looking for vulnerabilities and problems with implementation of policy and in the configuration. The problems that people face is that the processes and people that implement and deploy these systems typically have a very difficult time managing the configuration of the infrastructure enterprisewide, especially as new users get added and users get assigned temporary rights for some reason.
InfoWorld: There's a lot of criticism of the resources that security tools consume on systems because most of them rely on processor-intensive agents to accomplish their tasks. Is this a fair criticism?
Gardner: That is a shortcoming of a lot of technologies. Not only are the agents out there at every desktop but they also gobble up a lot of the resources of those servers. One of the reasons that we should not be painted with that same brush is our technology does not require agents on all of the servers. And if you have performance issues, you can choose to balance your system and how many agents you do deploy. But the technology has to be able to scan all the environments and all the users and all the IDs in order to do security checks.
InfoWorld: Where do most attacks come from?