Security Battle Lines for 2003

Spam, mothballing early IDS tools, and more intrusions top Aberdeen’s list of predictions

This year, as security incidents meet last year's level, e-mail administrators will finally fight back against spam and companies will kiss their first-generation intrusion detection systems (IDS) goodbye. Those are just a few of the trends in Boston-based analyst firm Aberdeen Group's security predictions for 2003.

This year, “the actual number of incidents is going to be almost 16 million,” says Eric Hemmendinger, research director of information security for Aberdeen. That’s right, 16 million. “I've had a lot of people say to me, 'Why so high?' I look at them and I say, 'Well if you work for a public company, do you disclose [intrusions]? No, because it would be embarrassing for the company—it might impact stock price [or] scare customers. That's the way the world is.'” Yet the number of security incidents this year isn’t radically higher than in previous years. “We think the delta between what's happened and what's reported really isn’t changing. Only a small percentage is actually reported,” says Hemmendinger.

In a bid to save their sanity after dealing with all of those break-ins, this year security managers will also dump any first-generation IDS still in play. The first IDS tools were created in 1996 or 1997. What’s broken is that they were originally envisioned akin to anti-virus software and used signature, or pattern, matching to scope out malicious code, says Hemmendinger. “What we're saying here is that [the] original notion of IDS has just fallen over at this point”

The problem is that an IDS that flags anything possibly malicious simply produces too many alerts, says the analyst. “If you're dealing with more alerts than you can interpret, it doesn't do you any good.” So companies today opt for more than just alerts. “Increasingly, we'll see them not just looking for IDS, but intrusion prevention,” he says. Of course not everything can be prevented, but more automation at least frees security managers from just responding to alerts all day.

Another interesting prediction is that this is the year e-mail administrators will take back the network. “Last year, about 25% of what went through corporate gateways was spam,” says Hemmendinger. “We think it doubles this year, and that's because the spam artists are sufficiently creative that they've been able to stay ahead of the bulk of the tools that are in the marketplace.”

Spam is no longer just a nuisance; it takes up too many cycles on the e-mail server, adding to an already out-of-control dearth of enterprise bandwidth and storage. In addition, “there’s a lot of nasty stuff coming in as part of the spam, and you don’t know what it’s doing,” says Hemmendinger, mentioning everything from viruses to self-executing code that mysteriously communicates with something outside the corporate gateway.

On a lighter note, what won’t change this year is the term “spam” itself. The analyst notes that Hormel Foods Corp., maker of the popular lunchmeat SPAM, renounced any legal necessity to regulate use of the word, since it’s tied to a Monty Python skit. As IT managers struggle to control spam, at least they’ll know what to keep calling it.

For Aberdeen's full list of security predictions, see

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.