RSA: Security in 2002 worse than 2001, exec says
By Sam Costello
(IDG) -- If you thought computer security was bad in 2001, you're not going to enjoy 2002. That was the message from SecurityFocus co-founder and CEO Arthur Wong in a presentation he gave at the RSA Conference 2002.
Wong's message to attendees was sobering. Despite such major security incidents as the "Code Red" and "Nimda" worms, "2001 wasn't as bad as it could have been," he said in a presentation at the start of the show.
In 2001, about 30 new software vulnerabilities were discovered each week, Wong said, marking a decrease in a trend that had seen the number of new vulnerabilities doubling every year for much of the late '90s. Wong expects that 2002 will bring a return to old growth rates, predicting that 50 new software security holes will be found each week in the coming year.
Along with forward-looking figures, Wong also provided a glimpse into the raw number of attacks that companies faced in 2001. Wong's company, SecurityFocus, sells a security threat analysis and warning service which draws its data from the intrusion detection systems of about 10,000 companies in 150 countries on six continents. From those companies, Wong was able to present some interesting data.
In 2001, SecurityFocus customers experienced a total of more than 129 million network probes, often a precursor to a network attack. They also faced more 29 million Web-based attacks, over 6 million denial of service attacks and about 154,000 Windows-specific attacks, he said.
The company's data also showed that, in what was likely not a surprise to some, Windows in all its versions is attacked more than any other operating system, with over 31 million security incidents in 2001. Following Windows, all versions of Unix run by SecurityFocus customers were attacked 22 million times and Cisco Systems' IOS operating system underwent over 7 million attacks, he said.
On the Web server front, Microsoft was again the most popular target. Microsoft's IIS (Internet Information Services), the software that was exploited to spread Code Red and Nimda, was attacked over 17 million times, Wong said. SecurityFocus customers running the open-source Web server Apache were attacked only 12,000 times, he said, meaning that IIS systems are "1,400 times more frequently attacked than Apache."
Despite the large gap between the rates at which different products are attacked, "there is no way that you can buy anything, subscribe to anything, and say you're 100 percent secure," Wong said. "Security is a process, not a product."
That process, he said, should involve a security monitoring service, such as that offered by his company.
"We spend too much time fighting the last war when we ought to be trying to figure out what the next war is going to be," he said.
The 11th annual RSA Conference, which began last Tuesday and ended Friday, drew over 10,000 attendees to discover details about new security products, as well as hear speeches about topics such as cyberterrorism and cryptography, to say nothing of a couple early morning songs from the rock band Cheap Trick.
Sam Costello is a Boston-based correspondent for the IDG News Service, an InfoWorld affiliate.
Huge RSA showcase highlights managed security
April 10, 2001
RELATED IDG.net STORIES:
RSA: Microsoft readies Baseline Security Analyzer
RSA: Counterpane CTO says insurance, liability to drive security
RSA: Cybersecurity czar urges cooperation, spending
Free Cisco router security tool released
Compaq, SafeNet partner for wireless security
Web services leave a wake of security worries
P.J.'s parting shot
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars
New telemarketer tool trumps TeleZapper
Terra Lycos logs $2.2B loss
AOL to offer song downloads
Microsoft seeks fiscal fountain of youth
|Back to the top|