This month, we get a chance to take a peek into the future, as well as viewing the current state of information assurance (IA) practice. The future comes to us in the form of a closer look at the participants in the Security Innovators Throwdown, which took place at the 2010 SC World Congress in New York. The current state is focused on web content management, arguably one of the most important IA functions in our enterprises. We take that notion a step further in our First Look for this month as we examine trusted browsing for the banking industry.
Web content management is a key piece of our security infrastructures because today virtually everything comes into our enterprise through web browsers. A vendor with whom I was speaking recently estimated that more than 80 percent of all malware enters the enterprise through the web browser. Certainly there are a plethora of exploits that target browsers specifically. That said, many question the efficacy of web content management and we will see a bit of that skepticism in our interviews with Throwdown participants.
The Security Innovators Throwdown has become a staple of the SC World Congress and this year was no exception. By the time Congress attendees see the Throwdown participants show their wares, there has already been a winnowing process and, while there can be only a limited number of winners, in reality, getting into the top 10 – the maximum size of the group that participates at the Congress – is quite a feat in itself. This year, we had only eight companies that were worthy of further scrutiny in New York.
I have railed long and loudly about the state of innovation in our industry and it seems to me that, finally, innovation is returning to information assurance. However, there are lots of opinions as to what constitutes innovation. For example, as I was talking to Throwdown winners, I noted that the level of innovation seems to me to be a bit higher than in previous years. In fact, one participant characterized what usually passes for innovation as a new coat of paint covering the same old capabilities. I don’t think it is quite that bad, but, certainly, in the past a bit of extra speed, a few more vulnerabilities of viruses caught, or a new user interface has seemed to suffice.
This year, though, I was impressed by the level of original thinking that characterized the Throwdown participants. The all have tackled difficult problems and produced solutions to those problems that to understand require a bit of new thinking. That is good. We often are so entrenched in “the way it is done” that we forget that there may be better approaches that don’t really look like what we’re used to seeing. This year, there was some of that and it is gratifying to see. More about that in the special Throwdown section.
As we discuss in the web content management introduction, that group has begun to mature. However, it is not without some controversy. At least one person who I interviewed recently, characterized the current state of web content management as the anti-virus industry 10 years ago, depending on signatures and black/whitelists. I’m sure that I buy that completely, although it certainly is only partly true. That said, there are some very solid players in that product sector and, as always, we have them for you. Chatting about the products he looked at this month, SC Lab Manager Mike Stephenson tells me that two of the major improvements he is seeing over the past few years are improved user interface – significant simplification – and improved ease of deployment. So, overall, we have an exciting issue for you this month with a look at the here and now, plus a peek at what’s coming down the pike. Let’s get to it… – Peter Stephenson, technology editor