February 09, 2001, 4:53 PM — Companies need to pick and choose from a variety of security vendors to ensure they get the best products to protect their networks.
Listen to the debate
That's what a panel of security vendors told a ComNet 2001 crowd last week at the Network World Security Showdown. While some companies represented on the panel offer a range of equipment, they acknowledge their rivals may actually do a better job with individual technologies.
"Nobody has a solution to all the problems that are going to arise," said Bob Blakely, IBM-Tivoli's chief scientist for security, even though his company claims to meet all security needs. "Don't believe our marketing or anybody else's if they are obviously untrue."
Greg Smith, director of product marketing for firewall experts Check Point Software, admits his company doesn't even attempt to offer elements of network security such as antivirus protection or intrusion detection -- but he couches that as a strength. By teaming with top vendors in other areas, Check Point makes it possible to build a security scheme using only the best components, he claims.
During a spirited debate, the top five security vendors as ranked by IDC sparred over which offers the best network protection, but agreed on some principles.
For instance, no single type of security -- firewall, intrusion detection, antivirus software -- could protect against all threats. "There is too much code and too many lines of code to block all holes," said Rob Clyde, chief technologist for Symantec enterprise solutions. They agree that firms cannot look at security as a one-time event; they must constantly review and improve defenses.
Company executives need to be more wary than ever as they open their networks to legitimate business partners because at the same time attackers are becoming more sophisticated, the panel agreed.
"You are letting strangers in to operate your machines," Blakely said. Some of those strangers are there on legitimate business, but others are there to cause mischief or worse.
Panelists tried to poke holes in each other's products. For instance, Blakely pointed out that Computer Associates' eTrust products must be present in all networks crossed in, say, an e-business transaction in order to be effective. Simon Perry, CA's vice president of security, acknowledged that was true, but countered that would not be a problem if companies did as they should and carried out security analyses of business partners' networks. Based on the results, they can then defend their networks. He recommended compartmentalizing corporations to isolate the resources business partners have access to.