Moore's Law, the evolution of Web 2.0 applications and virtualization are among the trends influencing the network security industry, according to unified threat management vendor Fortinet.
Fortinet's chief marketing officer, former Gartner analyst Richard Stiennon, spoke to Network World Canada about the seven major trends affecting the direction of the industry.
1. Moore's Law
"You've got static security technologies that exist -- antivirus tools on the desktop, for instance, aren't going through any major upgrades to their efficiency or their methodology -- and yet computers are becoming more powerful and (shipping with) bigger disk drives, so there are more things to scan," Stiennon says. This may be a case where security manages to keep up -- the antivirus products take advantage of the computer's power as well, he says.
"But on the network throughput side, the status quo right now is to do most networking firewalling and encryption for SSL and VPN with the CPU on your desktop and laptop. But on the network gear side of things, MIPPS chips or standardized CPUs are not able to keep up with network throughputs." Specialized content-processing network devices will need more specialized silicone to deal with throughput, he says, whether homegrown ASICS or off-the-shelf products from manufacturers like Mistletoe Technologies.
2. Application evolution
"Over and over, someone will roll out an application, and because they roll it out to trusted parties, there are no vulnerabilities or exploits used against the application." But the applications become more popular -- Salesforce.com, for example, now has a million users and is starting to become a target for attack. "We know with online banking, the user name 'password' isn't strong enough, but here all these salespeople are getting onto Salesforce.com with a user name of 'password.'
MySpace and FaceBook allow anyone to create and deploy applets or widgets, and they reach huge audiences quickly, opening up the underlying architecture of the sites to having personal information harvested, or distributing malware to users.
3. Automated management
We're on the way to network equipment that's aware of where it is on a plug-and-play basis, Stiennon says. "Even if it first grabs a random IP address from a DHCP server, eventually it will phone home and find out its new policy is such and such, it's IP address is such and scutch, and it'll be reminded to register with the vendor for warranty and subscription updates and signature updates," he says.
Now, it's often done with a USB token with preconfiguration information, Stiennon says, but it's "pretty imminent" that the machines will be taking care of it themselves over the network.
4. Research trends
Research is driven by the bad guys, Stiennon says. "If they'd stop being so innovative, we could all stop hiring new people and getting smarter," he jokes. "Research is chasing. It makes it easy to predict where it going to go. It has to follow the bad guys."
Pundits predicted the demise of signature-based research as early as 2000, he says. "Microsoft was going to fix this problem. We wouldn't need antivirus research. Obviously, that isn't the case."
The more than 70 antivirus companies researching worldwide share their signatures, "but the methodologies and tools are proprietary to everybody."
Stiennon bucks the recent trend among some security thinkers that whitelisting certain applications rather than trying to keep up an ever-expanding black list is a more effective approach. "It's got some merit, in a law office or a publisher, where you use standard, off-the-shelf applications," he says. "But most large enterprises have lots of custom applications."