Enterprise security managers need host-based intrusion prevention systems, gateway spam and antivirus filtering, and vulnerability, identity and automated password management to secure their systems, according to a leading analyst group.
Conversely, Gartner Group analysts said, information security programs can do without personal digital signatures, passive intrusion detection and quantum key exchange, among other technologies.
Gartner recently unveiled a list of technologies enterprises need -- and those they likely don't when forming or evaluating security programs. The recommendations are based on what the firm's managing vice president called the "plateau of productivity," the window of time between adopting an emerging technology and when it begins to provide a return on investment. The analyst firm recommended that organizations focus on that plateau in combination with their business needs and threat assessments to prioritize security purchases.
"If the technology is adopted too soon, the enterprise will suffer the pain and expense of an immature technology," said Victor Wheatman. "In the case of information security, failing to deploy defensive solutions at the right time can leave the organization vulnerable."
Other recommended technologies and processes include the use of the Advanced Encryption Standard, the wireless protocol 802.1x, quarantine/containment products, SSL/TLS Web-based encryption, as well as having a business continuity plan and security
"For example, vulnerability management not only implies advancement from passive vulnerability monitoring to near-continuous monitoring, but also integration with workflow and rule engines to effectively correct vulnerable states without creating system conflicts," he continued. "In the case of gateway spam and virus scanning, we see defenses moving out from the desktop and e-mail servers to the edges of the enterprise boundary, and beyond to the ISPs."
On the flip side, Gartner said many enterprises could do without personal digital signatures. Passive intrusion detection, another "don't need," can be replaced by technologies that can respond to incidents instead of simply logging them.
Security awareness posters, default passwords and 500-page security policies have got to go, too. Instead, Wheatman recommended that security policies be a maximum of two pages in length so they are readable to users.