Could managed security services cause data woes?
Analysts at Gartner Inc. are predicting a steady increase in managed security services as companies look to outsourcing as a way to cut costs. In this edition of Security Squad, editors of SearchSecurity.com and Information Security magazine discuss the issues that result from outsourcing security services. They also discuss the sudden increase of SQL injection attacks and whether developers are using more secure software coding techniques.
Managed security services, SQL injection attacks
(1:15) Some vendors are offering their security products as software-as-a-service options.
(3:17) Gartner analysts tout managed security services.
(4:15) What are the problems with outsourcing security when the software is not within the confines of the company systems?
(8:29) Do regulations such as PCI cover managed security services?.
(9:44) Researchers have been tracking a wave of SQL injection attacks. Why are attackers using old methods?
(12:37) All it takes is a coding error. Online payment service, PayPal was the victim of a SQL injection attack.
(13:11) Why do security researchers such as Gary McGraw yawn when they hear SQL injection?
(15:45) Gary McGraw offered up a positive view of secure software coding.
(17:42) Are we ever going to see a seal of approval on products guaranteeing the secure coding?
(19:34) If more software is sold as a service, could that enable vendors to guarantee the security?
: The market for managed security services is expected to grow significantly, led by messaging security software, Web gateways and security intelligence products. Managed security services to climb as IT costs rise
: Small businesses are turning to managed security service providers. The industry is growing and Perimeter eSecurity's aggressive acquisition spree is shaping the market. Perimeter eSecurity acquisition shapes managed security services
: Services offered 'in the cloud' range from managed firewalls to intrusion detection/prevention services (IDS/IPS) to antispam/antivirus filtering. What are the benefits of 'in-the-cloud' network security services?
: In this video, Gary McGraw of Cigital Inc. explains why better secure coding could help thwart future Web 2.0 attacks. He says the industry is making progress. Gary McGraw on secure software development
:A new group of technology vendors, including Microsoft and Symantec, are joining together to raise awareness about the need for more secure code. Tech vendors team up for secure software development
: Visit SearchSecurity's podcast archive. Information Security podcasts