The chief executive of security firm Symantec has launched a stinging attack on Microsoft, claiming that the Redmond giant cannot handle enterprise IT security because it lacks the specialist skills and business practices.
Speaking at the RSA Conference in San Francisco, John Thompson warned that companies should not expect Microsoft to solve their security woes.
"Microsoft's security initiatives are not sufficient for large enterprises," he said. "That's why security companies are the ones to do it: we are focused and not distracted by things like computer games and a host of other computer-related stuff."
Thompson maintained that the Sasser worm was a wake up call for the industry, since the speed at which it spread demonstrated weaknesses in the current way of protecting networks.
Sasser infected 90 per cent of the world's unpatched PCs in just 10 minutes, and went on to cause over $1bn in cleanup costs.
But the worm exploited a patchable hole in Microsoft code for which a fix had been available six months previously. With hackers now reverse engineering patches within days or weeks, IT managers can no longer rely on the Microsoft model, according to Thompson.
"Security as traditionally defined is no longer enough," he stated. "We need prevention ahead of attacks, and to make the process of managing security less costly and complex."
Victor Wheatman, managing vice president at analyst firm Gartner, echoed Thompson's view. "Microsoft is probably not going to solve its security issues," he said.
"Its security initiative is helping and it will improve. But at the same time it could inadvertently introduce new problems with new software."
Thompson then detailed how Symantec is gearing up to meet evolving security threats by creating tools that marry network management, security and system administration. It was this focus behind its acquisition of Veritas and Powerquest.
In the future, Thompson predicted that the new role of chief risk officer would handle security issues. He quoted a Forrester study suggesting that by 2007 over 75 per cent of large enterprises will have a risk management office led by a chief risk officer.
Finally Thompson warned of continuing consolidation within the industry. As companies are acquired, the number of security products would fall but their effectiveness would increase, he said.
Post your comment
Send an email to the Computing editor at feedback@computing.co.uk
del.icio.us
digg this
reddit!
Onboard web service due to arrive in 2007 is behind schedule 21 Aug 2008
The British Computer Society will conduct an independent review of NHS IT policy 21 Aug 2008
Better public sector data sharing would provide all the necessary information, says think tank 21 Aug 2008
More news
Privacy fears over directive that will allow organisations to view emails, texts and web use 21 Aug 2008
Firms recognise need for IT – but staff must keep skills up to date 20 Aug 2008
Transport for London cuts its ties with the TranSys consortium and begins plans for its replacement 21 Aug 2008 More in depth
Advertising Marketplace
- Enterprise Accounting Solutions
- Business Intelligence Solutions
- Enterprise Content Management (ECM)
- Supply Chain Management
- Enterprise Resource Planning (ERP)
- Project Management Solutions
- Customer Relationship Management (CRM)
- Security Solutions
- Systems Management
- Networking and Communications Solutions
Featured jobs
More job opportunities