By Congress passing the bill forming the Homeland Security Department during the lame duck session and some general signs of a recovering economy, I think that 2003 will prove to be a positive year for increased spending on information security. I believe there are a few sectors of the security industry that are ready for a break out year:
- Managed Security Services, which received a lot of hype in late 2000/early 2001, has grown up and several companies offer complete solutions. Meanwhile, many organizations with too few resources to cover all the bases themselves are growing to trust MSSPs.
- Patch Management, which was highly touted in the government's "National Strategy to Secure Cyberspace" report will experience strong growth, as IT departments increase the frequency of patching vulnerabilities, as opposed to simply responding to attacks in process.
- Application Layer Security, characterized by solutions from companies such as Entercept, KaVaDo, SPIDynamics and Sanctum, will gain momentum. Hackers are discovering web applications and databases as the path of least resistance and greatest profit. Improving application layer security will be key to the widespread adoption of Web Services.
- While IDS is certainly a hot technology, by the end of 2003 I expect that we will reach a consensus that Host IDS and Network Traffic Behavior Monitoring provides better ROI than traditional Network IDS.
- On the threat side, I expect that we will see 1 or 2 significant attacks on the infrastructure of the Internet that will have origins in the US, Middle East and terrorism conflicts. Like the 9/11 attacks, I expect them to be directed at commercial targets, as an attack on the civilian infrastructure versus direct attacks on the military, which are much more difficult to carry out.
- Finally, I will win the Washington State lottery on March 22, 2003 with the winning numbers of 2-4-15-17-30-44.
About Jim Reavis: Jim is an independent research analyst focused on the information security space. The founder of SecurityPortal and a longtime security veteran, Jim currently edits the CSOinformer monthly research newsletter. www.csoinformer.com