New Security Tools and News

Packet Analytics Corp. recently announced the availability of its Network Forensics Search Engine. In other news, published reports attack retailer security shortcoming, and security spending could take up to ten percent of future IT budgets.

Focal Points:

• Officials from Packet Analytics said that it had made available Net/FSE, its search engine that is designed to do security analysis based on network forensics. Officials from the company said they do their analysis using NetFlow data to understand network alerts in more detail. The product analyzes terabytes of real time NetFlow router data, using a browser-based search engine. The product uses indexing and search algorithms that have been at use at the Los Alamos National Laboratory for over five years. Officials claim the product is easy to install and administer, and can be run on commodity Linux-based servers. Net/FSE can currently be obtained as a free download.
• Recent published reports have suggested that retailers worldwide are behind in their battle against IT security threats. The report found that most retailers did not have long-term security strategies, continuing to react to current incident reports. This technical approach to security is destined to place retailers in a poorer security posture, since hackers and organized crime appear to develop new, multi-vector attacks before IT shops can develop methods to counter the vulnerabilities. While most companies are still in a reactive security mode, the report found that over 93 percent of companies had established a person overall responsible for combating security vulnerabilities. While most companies have firewalls installed, less than 30 percent have anti-phishing tools deployed.
• President Bush's 2009 budget requests $7.2 billion for IT security spending. This represents an increase of $646.8 million from 2008's budget. This amount is 10.3 percent of the total $70.9 billion government IT budget. The requests highlight that  different departments would have different levels of IT security spending, with the Transportation Department spending over 25 percent of its IT budget on security. Much of this spending is planned for increasing the accreditation and certification of IT systems to meet security and compliance requirements. Another key area of increased security spending is on Cyber security, which the request cites as a critical domain of future national security. 

Experton Group believes security spending will continue to take a greater portion of IT budgets. However, combating security is not likely to prove effective until security personnel can work more closely with business and IT executives to improve all employees' awareness of security threats, with better security policies and education. IT executives should increase enterprise-wide security awareness and training, using advanced security tools to complement proactive security processes.