The Gartner Security & Risk Management Summit is held this September in London, UK.
Now you might occasionally deride Gartner for its (arguably) not-very-enchanted Magic Quadrants, but the CWDN blog will come out in defence of Gartner this week because:
a) The organisation has some amazing software application developer focused analysts with Merv Adrian surely the standout star.
b) Of all the “analyst” firms putting on vendor-wide events this autumn, Gartner is one of the few organisations to offer open press invites — there’s even a press room, these guys know what they are doing.
c) The content of the show is broad, non-salesy and (arguably) pretty compelling
The event’s opening and core theme centres around the suggestion that companies firms should be ‘smart’ about risk?
What does that mean?
It means firms should think about trying to balance ‘security’ on one hand with ‘opportunity’ on the other.
Verisign VP Danny McPherson suggests that highly-orchestrated DDoS attacks feature prominently in the kind of Internet attack we see today.
McPherson’s company produces a quarterly DDoS Trends Report for deeper reading on the 300 Gbps attack experienced by a media and entertainment firm.
Cyber protest & hacktivism
Putting this rare straight bot (as opposed to use of reflective amplification techniques) attack down to hacktivism, McPherson says that DDoS attacks have become one of the two main weapons of choice (along with SQL injection for system compromise) when it comes to cyber protest and hacktivism.
“Dealing with DDoS attacks today competently means traditional methods such as bandwidth overprovisioning and firewalls, are no longer enough,” he said.
Advocating cloud-based DDoS protection services, McPherson says these are more scalable, effective and affordable.
“Outsourcing DDoS mitigation and DNS availability services to a cloud-based provider allows for upstream resources to be protected from,” said McPherson’s
He also stressed that it helps eliminate issues such as bandwidth congestion and collateral damage in the case of an attack.
Patrick Kennedy of Internet security company Webroot agrees with many of these sentiments and says that cybercrime means we must innovate or die.
He advises that firms are struggling to categorise and kill off new and unknown threats faster and with greater accuracy because their rate of change is faster than many current security technologies can keep up with — so once again, turning to cloud and formalised security protection must be the way.
“Either firms are too slow to pinpoint new threats, or they are simply stunned and overwhelmed by the amount of data generated,” said Kennedy.
Webroot presented its predictive threat intelligence solutions and cloud-based endpoint protection at this September’s show.