ES: As pedestrian as it may sound, we need better patch deployment and management. Most of these worm attacks come down to just unpatched systems. If there’s only one thing you do to fight off worms, make sure you just patch your system every other week. You’ll be in far better shape!
TB: What area of information security do you see growing the most over the next 5 years?
ES: We need security-savvy system administrators. The security groups of most organizations are overwhelmed with tasks, and need to rely on system administrators to help secure the enterprise. System administrators are really on the front-lines, and they need to be well-equipped to deal with attacks. Reflecting this, I think we’ll see a big increase in the security skills needed in system administrator roles. The most valuable system administrators (and the best paid) will be those who can help maintain _and_ secure their systems.
TB: The timeframe from vulnerability alert to full-blown worm seems to be decreasing- do you think we’ll see more zero-day (or 1 to 2 day) exploits as time goes on?
ES: Yes. Certainly. There are huge numbers of vulnerabilities out there, and some rather unscrupulous people disclosing them to the whole world. I expect to see this problem worsen over time.
TB: With vulnerabilities coming as fast and furious as they do it is becoming a full-time drain on resources to implement and manage patching. Is there anything you think companies can do differently or instead that might help them stay one step ahead of the latest malicious code?
ES: Hardening the configuration of boxes in advance certainly helps. Shutting off unneeded services is absolutely crucial. Educate system administrators so that they know their responsibilities and how to apply patches. Remind system administrators that it is their responsibility to keep their machines updated.