By Congress passing the bill forming the Homeland Security Department during the lame duck session and some general signs of a recovering economy, I think that 2003 will prove to be a positive year for increased spending on information security. I believe there are a few sectors of the security industry that are ready for a break out year:
- Managed Security Services, which received a lot of hype in late 2000/early
2001, has grown up and several companies offer complete solutions.
Meanwhile, many organizations with too few resources to cover all the bases
themselves are growing to trust MSSPs.
- Patch Management, which was highly touted in the government's "National Strategy to Secure Cyberspace" report will experience strong growth, as IT departments increase the frequency of patching vulnerabilities, as opposed to simply responding to attacks in
- Application Layer Security, characterized by solutions from
companies such as Entercept, KaVaDo, SPIDynamics and Sanctum, will gain
momentum. Hackers are discovering web applications and databases as the
path of least resistance and greatest profit. Improving application layer
security will be key to the widespread adoption of Web Services.
- While IDS is certainly a hot technology, by the end of 2003 I expect that we will reach a consensus that
- Host IDS and Network Traffic Behavior Monitoring
provides better ROI than traditional Network IDS.
- On the threat side, I expect that we will see 1 or 2 significant attacks on the infrastructure of
the Internet that will have origins in the US, Middle East and terrorism
conflicts. Like the 9/11 attacks, I expect them to be directed at
commercial targets, as an attack on the civilian infrastructure versus
direct attacks on the military, which are much more difficult to carry out.
- Finally, I will win the Washington State lottery on March 22, 2003 with the
winning numbers of 2-4-15-17-30-44.
About Jim Reavis: Jim is an independent research analyst focused on the information
security space. The founder of SecurityPortal and a longtime security
veteran, Jim currently edits the CSOinformer monthly research newsletter.