Yankee Group: Enterprises Must Address Atypical Security Threats

Analyst firm offers advice for mitigating vulnerabilities.

• By Matt Migliore
• 09/25/2002

According to the analyst firm, DoS attacks have become a regular problem and are prohibiting enterprises from accessing the Internet, as well as inhibiting IP carriers’ from fulfilling their service-level agreements for both availability and latency in their backbone networks.

Furthermore, the IT consultancy says most enterprises have yet to address potentially exploitable vulnerabilities that are not protected by typical implementations of virtual private networks, intrusion detection systems, or anti-virus software.

As such, Yankee Group expects the market for DoS software to exceed $160 million by 2006, and it is predicting the market for managed security offerings to grow from $45 million in 2001 to nearly $190 million by 2006.

Matthew Kovar, director of the Security Solutions & Services Planning team at Yankee Group, suggests enterprises should negotiate with their Internet service providers to require DoS protection as part of the carrier’s service-level agreement. He also believes enterprises should install DoS software on site to prevent attacks on their perimeter Internet connections.

From a managed security perspective, Kovar says enterprises need to employ continuous assessment of external and internal network and application infrastructure to mitigate vulnerabilities in a timely manner. To do this, he feels enterprises would be best served by contracting with managed security firm.

Says Kovar, “Companies must recognize that they are not security companies and do not possess the core competencies to implement a holistic approach to security assessments, and that they should remain in the business for which they were created.”