In this Issue:
- Perspective: Fortune 1000 Hot and Cold on NAC; SMBs Struggling with Security
- Coming this Month
- October 2007 Articles in Print-Friendly Format
- Share Your Security Tips and Get $100
- The Security Pro VIP Forum
Perspective: Fortune 1000 Hot and Cold on NAC
Fortune 1000 companies are sending mixed messages about Network Access Control (NAC) technology through their purchasing and implementation practices. Twenty-two percent will spend more than $500,000 on NAC this year, while only 12 percent spent more than that amount in 2006, according to a survey by TheInfoPro (TIP), an independent research company. And, TIP reports, "NAC, in all of its variations appears to have the largest net positive planned spending increases projected for 2008, keeping NAC as the #1 Network Security technology on the Information Security Technology Heat Index, which gauges the immediacy of end user needs and then weights them against spending."
Sounds like a healthy technology segment, right? But before you go out and buy those Cisco Systems or Juniper Network shares, you might want to know that fewer companies are implementing NAC today (26 percent) than were doing so in 2006 (30 percent) or in 2005 (35 percent). And a whopping 53 percent today have no plans or only long-term plans to implement NAC, compared with 35 percent in 2005.
TIP has an explanation for why the Fortune 1000 aren't deploying NAC. The research company revealed that survey respondents said that NAC hasn't lived up to its promise and isn't delivering the ROI they expected. TIP cited one respondent comment as expressing the mood of the moment: "We had plans to deploy it, but the technology is just not ready yet. We are not sure what the specific problems are, but all I can say is that it is not ready."
What I'm wondering is, if companies are spending on NAC but aren't deploying it, where is all the NAC money going? There must be a lot of NAC equipment sitting in test environments. One more survey tidbit: As you might expect, Cisco is way ahead among the NAC vendors from which companies have purchased or plan to purchase NAC technology. Symantec, Juniper, and Microsoft have significant but much smaller pieces of the pie, and many other vendors were mentioned. To see (and hear) a presentation of the TIP survey findings, go to http://www.brainshark.com/theinfopro/infosec-pr3.
SMBs Struggling with Security
While the Fortune 1000 ponder the latest NAC technologies, small-to-midsized businesses (SMBs) struggle to implement basic protection against Internet-based and other threats with limited budgets and staff. Webroot Software, which sells antispyware and antivirus solutions, surveyed companies with five to 999 computers in the United States, Canada, the United Kingdom, France, Germany, and Japan.
The Webroot State of Internet Security: Protecting Small and Medium Businesses report presents a pretty sobering picture. It first cites outside research to demonstrate that SMBs play a large role in the world economy in terms of both revenue produced and workers employed. The report then uses a combination of Webroot's own survey findings and other research to show that SMBs are vulnerable in a number of areas.
One survey finding struck me as especially telling: SMBs operate with shoestring IT staffs. In the UK, Germany, and Japan, more than 50 percent of the respondents said their company had two or fewer IT staff members. The US, Canada, and France are better staffed, with 30 percent, 38 percent, and 47 percent, respectively, reporting only two or fewer IT people. Still, the majority of companies—with the US at 57 percent, Canada at 69 percent, and the other countries all at 75 percent or higher—had fewer than ten IT staff. It's not hard to imagine why many of these companies don't have policies governing employees' downloading of music or personal use of the Web and email—IT staff are juggling too many responsibilities to focus adequate attention on security policies.
The State of Internet Security report has lots more interesting information and suggestions about how SMBs can improve their security. You can download the report and Webroot's Guide to Security for Small and Medium Business from the Webroot Web site after filling out a short registration form.
—Renee Munshi, Security Pro VIP Editor
Coming this Month
"15 Tips for VMware Security" by Mark Burnett
Protect your virtual machine host and guests by isolating them from the rest of your network and each other.
This article is now live on the Web.
"Terminal Services Gateway in Windows Server 2008" by Damir Dizdarevic
This new feature of Terminal Services lets you securely establish a terminal session with a remote machine over the Internet by using RDP over HTTPS.
Coming November 8.
Toolbox: "CISSP Study Tools and Strategies" by Jeff Fellinge
Thinking about taking the CISSP exam? Here are some tools that worked for one security professional, from books to boot camp and more.
Coming November 15.
Randy Franklin Smith answers your Windows security questions.
Coming November 22.
October 2007 Articles in Print-Friendly Format
If you're someone who prefers your newsletters in printed form, check out this .pdf file. It contains all the security articles posted on the Security Pro VIP Web site in October. Print and enjoy!
Share Your Security Tips and Get $100
Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to firstname.lastname@example.org. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.
The Security Pro VIP Forum
The Security Pro VIP forum is your place to ask questions about security topics and about articles posted on the Security Pro VIP Web site and to get answers from other forum members, including Orin Thomas, forum moderator, and article authors. Let's talk!