Gartner Attacks Overhyped Security "Myths"
Maybe the World's Not as Dangerous as It Seems
Jun. 9, 2005 09:00 PM
According to a presentation at the company's IT security event this week in Washington, DC, a report from Gartner said that the five most over-hyped security threats are, the company's opinion:
Protocol (IP) telephony is unsafe
malware will cause widespread damage
Worms” will make the Internet unreliable for business traffic and virtual
private networks (VPNs)
compliance equals security
hot spots are unsafe
businesses are delaying rolling out high productivity technologies, such as
wireless local area networks (WLANs) and IP telephony systems because they have
seen so much hype about potential threats,” said Lawrence Orans, principal
analyst at Gartner. “We’ve
also seen the perceived need to spend on compliance reporting for Sarbanes-Oxley
hyped beyond any connection with the reality of the legislation,” added John
Pescatore, vice president and Gartner Fellow.
analysts examined the status of each of these over-hyped security risks.
Telephony is Unsafe.
The reality is that security attacks are rare for IP telephony. Preventive
measures for securing an IP telephony environment are very similar to securing a
data-only environment. IP telephony eavesdropping is the most over-hyped threat.
Eavesdropping is unlikely to happen since it requires local area network
(LAN)-based access to the intranet. The attackers must be inside the company
because they have to be on the same LAN as the IP telephone that is subject to
the eavesdropping attack.
analysts said companies can encrypt voice traffic to protect IP telephony
eavesdropping, but typically it is not required. It is no more difficult to
eavesdrop on voice packets than it is on data packets.
that diligently use security best practices to protect their IP telephony
servers should not let these threats derail their plans,” Mr. Orans said. “For
these enterprises, the benefits of IP telephony far outweigh any security
Malware Will Cause Widespread Damage.
In most cases, mobile malware will be a niche nuisance in the foreseeable
future. Penetration of smartphone and personal digital assistants (PDAs) with
always-on wireless to knowledge workers or consumers was about 3 percent in
2005. Gartner projects it to reach approximately 10 percent by the end of 2005.
vendors see huge potential profit opportunities in selling security solutions to
billions of cell phone and PDA users,” Mr. Pescatore said. “In particular, the
anti-viral industry sees cell phones as the way to grow sales outside of a flat,
commoditized PC market. However, device-side anti-viruses for cell phones will
be completely ineffective.”
most effective approach to blocking mobile malware will be to block it in the
network,” Mr. Pescatore said. “Companies should ask their wireless service
providers to document existing and planned capabilities. By the end of 2006, all
wireless service providers should be required to offer over-the-air mobile
Worms” will Make the Internet Unreliable for Business Traffic and VPNs.
A “Warhol Worm” is a worm that infects all vulnerable machines on the Internet
within 15 minutes. The “SQL Slammer” worm had a strong impact on the Internet in
2003, but this is the only observed example of a “Warhol Worm.”
analysts project that through 2007, the Internet will meet performance and
security requirements for all business-to-consumer traffic, 70 percent of
business-to-business traffic and more than half of corporate wide area network
organization should consider using Internet VPNs, and most should adopt them in
some way,” said Mr. Orans. “Today’s Internet offers a low-cost, good-enough or
better option to the data networks of traditional global carriers.”
Compliance Equals Security.
Regulations often provide a means to obtain funding for important security
initiatives before incidents occur, but most regulations lead to increased
reporting rather than increased levels of security.
generally take more static looks at issues and generally don’t lead to higher
levels of security in proportion to the spending required to meet the latter of
the law,” Mr. Orans said. “The best way to increase enterprise IT security is to
buy and build software that has fewer vulnerabilities, but there has been no
regulatory focus on this area. Companies should focus on building stronger
security processes, then document these processes to demonstrate regulatory
Hot Spots Are Unsafe. Uneducated
consumers can fall prey to wireless hackers, but enterprises can equip and
educate their mobile workers with the tools and knowledge to mitigate these
threats and increase business productivity via hot spot usage.
analysts said mobile users should seek out 802.1X protected access points
because these points facilitate encryption between the mobile endpoint and the
access point. Users can also use client-based software, such as solutions from
AirDefense, AirMagnet or T-Mobile’s Connection Manager, that can validate the
access point’s identity and thereby reduce the risk of connecting to a hacker’s
uses in hot spots should utilize their corporate VPN connection to protect
traffic as it travels through the Internet,” Mr. Pescatore said. “Mobile users
in hotspots should use personal firewalls and turn off file/print sharing to
protect their endpoints from data theft.”
Reader Feedback: Page 1 of 1
Subscribe to the World's Most Powerful Newsletters
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Jun. 17, 2018 06:00 PM EDT Reads: 1,576
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, ...
Jun. 17, 2018 05:45 PM EDT Reads: 8,066
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
Jun. 17, 2018 05:45 PM EDT Reads: 2,138
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point wh...
Jun. 17, 2018 05:15 PM EDT Reads: 5,209
Modern software design has fundamentally changed how we manage applications, causing many to turn to...
Jun. 17, 2018 04:45 PM EDT Reads: 4,335
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provid...
Jun. 17, 2018 04:15 PM EDT Reads: 5,916
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discu...
Jun. 17, 2018 03:00 PM EDT Reads: 6,288
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
Jun. 17, 2018 01:00 PM EDT Reads: 3,006
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT...
Jun. 17, 2018 12:45 PM EDT Reads: 3,177
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing w...
Jun. 17, 2018 12:30 PM EDT Reads: 5,264
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held Novemb...
Jun. 17, 2018 12:00 PM EDT Reads: 2,639
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...
Jun. 17, 2018 11:30 AM EDT Reads: 3,779
Dynatrace is an application performance management software company with products for the informatio...
Jun. 17, 2018 11:30 AM EDT
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
Jun. 17, 2018 10:15 AM EDT Reads: 1,527
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 1...
Jun. 17, 2018 10:00 AM EDT Reads: 10,445
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @...
Jun. 17, 2018 09:00 AM EDT Reads: 4,934
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22n...
Jun. 17, 2018 08:00 AM EDT Reads: 4,336
A valuable conference experience generates new contacts, sales leads, potential strategic partners a...
Jun. 17, 2018 08:00 AM EDT Reads: 4,643
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st I...
Jun. 17, 2018 07:30 AM EDT Reads: 5,436
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 20...
Jun. 17, 2018 06:45 AM EDT Reads: 2,665