|
Gene Hodges has been the chief executive officer and director of Websense
since January 2006. Prior to joining Websense, Hodges served as president,
McAfee from November 2001 to January 2006. In a recent interview, Hodges shared
his thoughts on latest trends in the security services and products and
cautioned about the new threats that are seen currently. Excerpts
What opportunities are you seeing in this downturn?
The world economy is having a very uneven impact on IT security from what we
can see. Luckily, security is being fairly resilient even in countries like the
US, the UK and Europe where there is a significant impact on IT overall.
Even in the middle of the budget tightening, we see a very rapidly growing
awareness by senior management about the need to protect their essential
information. This may be driven in some cases by regulatory changes like the IT
Act in India, or it may be driven by concerns about intellectual property (the
US has had some very high-profile incidents recently); and for our business,
this implies that times are actually pretty good and we feel very lucky.
Are customers cutting their budgets on security?
On an average around the world, security budgets are flat. They are most
impacted; and the impact is not necessarily cuts, rather its longer analysis
periods to make sure that the right investments are being made in countries
where currencies have devalued most against the dollar.
But in India, the rupee has lost, as I understand, about 3%; the pound is
down about 35%; the euro is off about 25%; the real in Brazil was off 45%.
Customers who have some of their supply chain coming from the US have to figure
out how they can pay these effectively raised prices; and I think thats been a
big challenge.
Our solutions are generally well below an infrastructure projects cost, and
so we have not seen them being budgeted out. We do, as you know, offer data loss
prevention solutions. They have probably had the roughest time because almost
all are new projects and these get seven signatures of scrutiny, even if they
are small, and these projects are proceeding fairly well. It looks like a very
strong quarter for data loss prevention, even in the middle of such a gloomy
situation.
Do you think companies should look at increasing their budgets on security
products?
This is not a time that most companies can afford to increase spending in
any area. We would advise our customers that they should do a simple analysis in
their mind, take a page, draw a line down the middle, and look at the
investments that are being made, basically to prevent or to protect the
infrastructure and then the investments that are being made to protect the
essential information in the corporation.
Infrastructure is an area where you can afford to compete vendors against
each other very aggressively; you are definitely going to get significant price
concessions in anti-virus, in firewall, in IDS/IPS. The other side of the page
is generally less than 20% on the IT investment today. Yet, from a threat
perspective, its 90% of the threat. So, I think good business judgment says
balance to take the infrastructure investment down and shift that and, of
course, not just in web sense but authentication projects, encryption projects,
all types of technologies that support information assurance.
Do you see customers leaving hardware security solutions and gravitating
towards managed security services as the economy worsens?
I would characterize it as a myopic vendor behavior trying to make it look
that way. There is an old American phrase, To a carpenter everything looks like
a nail. So, if you are a vendor who has been in the cloud solutions, you would
argue that the total cost of ownership over a period is going to be cheaper.
Our view is these are sides in a debate that really shouldnt be occurring
because the way the customer will have the best solution in terms of security,
effectiveness, and cost is to be able to combine these two and to do that
transparently in terms of a policy management model.
So, we are developing an integrated policy management, which combines
software service with on premise, and we will ship the first of this capability
at the beginning of next year.
How has web 2.0 increased the security threat?
First, many business-minded security people are probably a bit jaded about
the phrase web 2.0 and they deserve to be jaded. You look at the Gartner hype
cycle, I think web 2.0 is probably just going over the peak. And, when everyone
hears the phrase web 2.0, they think Facebook, and Facebook is absolutely a web
2.0 cycle, and the social networking sites are the highest volume web 2.0 sites.
But, there is a broader issue which is collaboration on the web, and you can
call that whatever you want, but in terms of business value, that
collaborationto help your customers, to work with your partners, even make your
own employees happyis something that has definable business benefit.
The bad guys have figured this out, and they have found now that the easiest
way to compromise is to attack users of collaboration applications, whether they
are social or corporate oriented.
So, instead of sending a piece of malware in an email or instead of embedding it
on a porn site which is what they used to do, now they put it in these
collaboration areas by attacking an individual computer; and the compromise rate
of pages on these sites is relatively high. Its a few percent but there are
billions of them, and they are growing at a compound rate of several hundred
percent in a year.
How does Websense look at the inbound threats?
This has been a fairly radical change for us in terms of technology. For
years, Websense and our smaller competitors have basically done our job by
building a big list and you build the list by looking at the Internet and
classifying which sites are good or bad or which sites are social networking
sites and then setting policy by site.
With the intense use of collaboration sites and the very rapid change on
those sitesif I remember correctly, Facebook is updated every forty-five
microsecondsyou cannot be effective in keeping track of whats happening on
collaboration sites. So, we have developed new technologies.
We believe these are unique where instead of relying on the list, we look at
every piece of content that comes down from the Internet. So, in real time, you
watch the code thats coming down.
If its executable, and its malicious data stealing malware, block it. If
its pornography, block it. If its racial hatred, you block it.
And, usually, what would be the success rates?
Well above 99% at this point. And if you look at anti-virus scanners, they
are at 20%; that is a high enough success rate to be implementable as a broad
policy.
In 2009-2010, what will be some of the biggest threats users will face,
and what kind of technologies is Websense investing in to combat such threats?
Well, I think you will get a variety of answers from different customers.
The biggest concern that I hear from CSOs and CIOs is the insider risk. You can
find studies that show you outsider risk, insider risk is the big one to worry
about. I think the exact numbers are not really the issue because they are both
significant enough30-40% of the total threats that a comprehensive policy has
to protect from both the outside and the inside risk.
In both the cases, the most effective way to protect against these risks is
the ability to characterize what the information is in real-time. We just
discussed the inbound information from the web. We do the same thing for
customer proprietary information, your customer database, the PCI information of
your customers, your employee records, your earnings release, merger and
acquisition documents.
So, we can identify your specific information as it moves around the network
and help develop what we call contextual awareness, the new policies which are
data centric and not about infrastructure.
And you write a policy which is very explicit, that defines a logical
perimeter around the data. So, its very different from the old typical
perimetorized security. The perimeter is gone. The perimeter is around the data
object whether its internal or external.
Let me give you an example of how this works on the internal machine. The
network security administrators worse nightmare is me, the CEO. When the little
dialog box comes up to apply the latest Microsoft terrible Tuesday patches, I
click later, and I click later for a month. So, my machine is un-patched, my
machine contains sensitive information, and I go to places I shouldnt go.
Last week I was in Beijing, I am sitting in the hotel, I am on a weakly
encrypted wireless network. So, this is the worse nightmare.
If you device the policy around dataon my laptop are financial forecasts for
the year, also in my laptop is an iTunes library and our standard public
corporate presentation. So, in building a data-oriented policy, you basically
say, I dont care if anybody steals my iTunes library. I dont care if someone
wants to look at the Websense Public Company presentation, but that financial
information cannot go out over a wireless port eighty hole, they cant be TPed,
my evil twin cannot put it on a thumb drive, cant burn it on to a CD.
We havent told the user you can have a thumb drive where you cant use your
CD player. All we have told them is that data cant go thereand, this applies
to printing, it applies to strain captures. We dont know how to stop people
taking pictures of the screen yet, but being able to constrain where the data
goes is a massive step-up in the effectiveness of the security.
Srinivas Rasoor
maildqindia@cybermedia.co.in Page(s) 1
| 
Print
Comment
Email
Digg
Del.icio.us
Reddit
Twitter
