Security challenges take toll

The increased use of videoconferencing and Internet collaboration technologies, the rush toward Web services, and an emerging class of malicious code that blends virus and wormlike capabilities represent some of the biggest security challenges for 2002, according to analysts.

As was the case last year, users can also expect to see a sharp increase in the number of macro and script viruses that emerge. But major antivirus software programs should be able to handle most malicious software relatively easily.

“The bottom line of malware prevention remains the same: Filter, patch strategically and update your antivirus software. Use common sense to protect your network’s vulnerabilities,” said Roger Thompson, an analyst at Herndon, Va.-based security firm TruSecure Corp.

The rush by corporations to set up videoconferencing and Web seminar capabilities after Sept. 11 presents a particularly serious security risk for companies that aren’t careful, said John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc.

Users this year can expect to see at least one widespread attack that tries to exploit openings in enterprise firewalls created during the frantic push to set up these capabilities, Pescatore said. Corporations’ accelerating efforts to link their internal applications with those belonging to external partners and suppliers using technologies such as XML and Simple Object Access Protocol are another source of concern, Pescatore said.

Increasingly, companies are opening new ports on their firewalls to let outside applications talk with inside applications, “even though the security aspects of doing so are totally unproven,” Pescatore said.

“The rush toward Web services will result in glaring holes,” he cautioned. “2002 is not the year to jump on Web services.”

Malicious code that blends virus and wormlike features and is designed to take advantage of multiple software vulnerabilities also poses a major threat, said Thompson.

One example of this emerging class of threat was last year’s Nimda worm, which wreaked havoc on enterprise networks around the world. Unlike previous malware, Nimda spread both via the Internet and e-mail, taking advantage of multiple vulnerabilities.

Expect to see more sophisticated variants of Nimda this year, Thompson warned. Dealing with them will require constant attention to patching, intrusion monitoring and updating antivirus suites, he added.

The wireless security industry will also receive significant attention in 2002, said David Lelievre, a project manager at Clinton Township, Mich.-based application service provider Tweddle Information Services Inc. “The wireless Internet will emerge as the leading trend for the next three to five years. Security will have to be defined and established before the market hits full force,” Lelievre said.

Also expect to see a lot of vendor consolidation this year, especially in the managed security services arena, said Eric Hemmendinger, an analyst at Boston-based Aberdeen Group Inc. Corporations entering first-time relationships with security vendors need to pay special attention to the financial stability of the companies and their customer bases, Hemmendinger warned. “We are going to see some very public debacles in the security space this year,” he predicted.

“The caution here for users is you can’t afford not to do due diligence” before choosing a security vendor, he said.