Containers Expo Blog Authors: Pat Romanski, Yeshim Deniz, Elizabeth White, Liz McMillan, Ravi Rajamiyer

Related Topics: Containers Expo Blog

Containers Expo Blog: Article

Gartner Attacks Overhyped Security "Myths"

Maybe the World's Not as Dangerous as It Seems

According to a presentation at the company's IT security event this week in Washington, DC, a report from Gartner said that the five most over-hyped security threats are, the company's opinion:

- Internet Protocol (IP) telephony is unsafe
- Mobile malware will cause widespread damage
- “Warhol Worms” will make the Internet unreliable for business traffic and virtual private networks (VPNs)
- Regulatory compliance equals security
- Wireless hot spots are unsafe
“Many businesses are delaying rolling out high productivity technologies, such as wireless local area networks (WLANs) and IP telephony systems because they have seen so much hype about potential threats,” said Lawrence Orans, principal analyst at Gartner. “We’ve also seen the perceived need to spend on compliance reporting for Sarbanes-Oxley hyped beyond any connection with the reality of the legislation,” added John Pescatore, vice president and Gartner Fellow.
Gartner analysts examined the status of each of these over-hyped security risks.
IP Telephony is Unsafe. The reality is that security attacks are rare for IP telephony. Preventive measures for securing an IP telephony environment are very similar to securing a data-only environment. IP telephony eavesdropping is the most over-hyped threat. Eavesdropping is unlikely to happen since it requires local area network (LAN)-based access to the intranet. The attackers must be inside the company because they have to be on the same LAN as the IP telephone that is subject to the eavesdropping attack.
Gartner analysts said companies can encrypt voice traffic to protect IP telephony eavesdropping, but typically it is not required. It is no more difficult to eavesdrop on voice packets than it is on data packets.
“Enterprises that diligently use security best practices to protect their IP telephony servers should not let these threats derail their plans,” Mr. Orans said. “For these enterprises, the benefits of IP telephony far outweigh any security risks.”
Mobile Malware Will Cause Widespread Damage. In most cases, mobile malware will be a niche nuisance in the foreseeable future. Penetration of smartphone and personal digital assistants (PDAs) with always-on wireless to knowledge workers or consumers was about 3 percent in 2005. Gartner projects it to reach approximately 10 percent by the end of 2005.
“Anti-virus vendors see huge potential profit opportunities in selling security solutions to billions of cell phone and PDA users,” Mr. Pescatore said. “In particular, the anti-viral industry sees cell phones as the way to grow sales outside of a flat, commoditized PC market. However, device-side anti-viruses for cell phones will be completely ineffective.”
“The most effective approach to blocking mobile malware will be to block it in the network,” Mr. Pescatore said. “Companies should ask their wireless service providers to document existing and planned capabilities. By the end of 2006, all wireless service providers should be required to offer over-the-air mobile malware protection.”
“Warhol Worms” will Make the Internet Unreliable for Business Traffic and VPNs. A “Warhol Worm” is a worm that infects all vulnerable machines on the Internet within 15 minutes. The “SQL Slammer” worm had a strong impact on the Internet in 2003, but this is the only observed example of a “Warhol Worm.”
Gartner analysts project that through 2007, the Internet will meet performance and security requirements for all business-to-consumer traffic, 70 percent of business-to-business traffic and more than half of corporate wide area network (WAN) traffic.
“Every organization should consider using Internet VPNs, and most should adopt them in some way,” said Mr. Orans. “Today’s Internet offers a low-cost, good-enough or better option to the data networks of traditional global carriers.”
Regulatory Compliance Equals Security. Regulations often provide a means to obtain funding for important security initiatives before incidents occur, but most regulations lead to increased reporting rather than increased levels of security.
“Regulations generally take more static looks at issues and generally don’t lead to higher levels of security in proportion to the spending required to meet the latter of the law,” Mr. Orans said. “The best way to increase enterprise IT security is to buy and build software that has fewer vulnerabilities, but there has been no regulatory focus on this area. Companies should focus on building stronger security processes, then document these processes to demonstrate regulatory compliance.”
Wireless Hot Spots Are Unsafe. Uneducated consumers can fall prey to wireless hackers, but enterprises can equip and educate their mobile workers with the tools and knowledge to mitigate these threats and increase business productivity via hot spot usage.
Gartner analysts said mobile users should seek out 802.1X protected access points because these points facilitate encryption between the mobile endpoint and the access point. Users can also use client-based software, such as solutions from AirDefense, AirMagnet or T-Mobile’s Connection Manager, that can validate the access point’s identity and thereby reduce the risk of connecting to a hacker’s access point.
“Mobile uses in hot spots should utilize their corporate VPN connection to protect traffic as it travels through the Internet,” Mr. Pescatore said. “Mobile users in hotspots should use personal firewalls and turn off file/print sharing to protect their endpoints from data theft.”

More Stories By Security News Desk

SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

IoT & Smart Cities Stories
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...