Hewlett Packard, Co.IBM Corp.Micron Inc.

Recent published reports indicate a growing need for IT security personnel to deal with the dramatic increase in security attacks across multiple new vectors. In other news, Inspekt Security, Inc. announced a new security product that bases its security analysis on machine learning instead of standard rule-based development.

Focal Points:

• Several published research reports are showing an increase in the demand for enterprise security shops to get more experienced security personnel to deal with the influx of security threats coming from new attack vectors. Some of these threats are the result of increased offshore outsourcing, which increase the number of places that are vulnerable in corporate infrastructure. In addition, new attack vectors, including voice over Internet (VoIP), instant messaging (IM) and Web 2.0 technologies, present a cornucopia of new exposures attackers can, and have, exploited. In addition, increasing numbers of government regulations and the public exposure of vulnerabilities have made IT security a boardroom-level issue.
• Predictions for security professional growth range from 11 and 12 percent for Europe and America, respectively, and up to 18 percent in the Asia-Pacific region. This compares with growth rates of five to eight percent for general IT jobs. This will represent a total growth in IT security staff from a little over 1 million in 2003 to over 2 million in 2008. Studies have also shown that corporations are reluctant to offshore security functions, due to the sensitivity of these tasks to corporate information, as well as the limitations of legal recourse in the event of third-party data breaches in other countries. Research did indicate a willingness to outsource some security tasks to either large consulting firms or those with security-specific expertise.
• Inspekt Security, a Danish security company started in 2006, is announcing its new security product, InspektOne, at the upcoming RSA Conference in California. Officials stated the product uses machine learning instead of the typical rules-based development in order to detect security problems as a result of looking at anomalous network traffic patterns. The product is designed to be used to monitor security for large data networks. Officials believe the problem with rule-based approaches is that they only check for problems people already know about, which is insufficient in today's constantly-changing threat environment. Some examples of what the product can identify are changes in login frequency or sudden deletions of critical information. InspektOne can be purchased as a product or implemented as a service.

Experton Group believes security demands will continue to grow, which will force IT executives to look for new security professionals in the coming years. To meet the shortcoming, Experton Group recommends that IT executives retrain IT professionals that are likely to be freed from other areas, such as server administration, that will be available as a result of data center consolidation efforts. In addition, IT executives should evaluate new security technologies that will help automate security administration and event management. In addition, IT executives should evaluate new security technologies that will help automate security administration and event management.