The forecast for improvements to IT security has been a bleak one because no technology vendor has had the right combination of resources and knowledge to adequately attack the problem. Until now, that is, Tom Noonan said Wednesday during his first RSA Conference keynote as an IBM employee.
Noonan, who in October became general manager of IBM's Internet Security Systems when his company ISS was bought for $1.3 billion, said that IBM's move has sparked a resurgence at ISS, starting at the top. "For the first time in more than a decade, I'm reporting to more than a board of directors and Wall Street," Noonan said, adding that he expects IBM's backing to accelerate ISS's security research and product development. "The problems that we were trying to solve were too big for us. IBM ensures the systems view is designed into the network."
The insatiable appetite that IT infrastructure vendors Cisco Systems, EMC, IBM, and others have displayed over the past few years for security technology is a crucial step toward giving businesses and other organizations the secure systems needed to finally get in front of the security threats they face. "Our customers are in business to serve their customers," but Internet security threats keep them from those goals, Noonan said.
Noonan cited research from ISS's X-force research team to support his assertion. The average large enterprise has security products and/or services from 32 different security vendors in its IT environment, he said. In addition, IT security spending continues to grow at a rate of three times that of other IT investments. "This is a pretty unsustainable business problem," Noonan said. Despite these investments in security technology, customers are left with the most difficult task: making them all work together.
The ideal security solution today can't be based on reactive, signature-based systems. "We must have systems that are continually enabled by the intelligent monitoring of systems," Noonan said. "Security has to have a continuous source of intelligence," rather than waiting on vendor software patches. This intelligence will come from security information extracted from multiple points throughout the network, including intrusion detection and prevention systems, identity and access management systems, and PC and mobile endpoints.