Q&A: ISS exec on security threat prevention

Computerworld - Security architectures that are designed solely to react to threats instead of preventing them in the first place are doomed to fail in a world of fast-evolving and self-propagating threats, says Tom Noonan, CEO of Atlanta-based Internet Security Systems Inc.
What do you see as some of the big trends in the security market? This whole notion of reaction in terms of how our systems have been built is running out of steam. Preemption is going to be a very, very fundamental theme in the direction which security is taking. The concept of preemption basically addresses the question of why not avoid a threat or detect it and prevent it rather than react to it. If you look at the traditional security model, all of our technologies have been built as an ad hoc response to a new threat. Fifteen years ago, the only threat was floppy-transported viruses, so the solution was PC-based antivirus. When the threat became unauthorized access, we built firewalls; when it was spam, we built antispam; when it became spyware, we built antispyware tools; and when it is malicious content, we built content security tools. This entire industry has been built in an ad hoc, reactive manner. The technologies that lie underneath are all signature-based, and you cannot have a signature until you have an active threat. That was fine in a disconnected world.
When you mention "signature-based technologies," are you referring specifically to antivirus tools? I'm talking about a signature that uniquely identifies a threat by name. Most intrusion-detection systems, most antivirus products, spam, spyware and content-security systems effectively work this way.
So how does being preemptive help? Today, time and again, you see the devastating and pervasive impact of highly effective, self-propagating viruses and worms because the vast majority of businesses are dependent on multiple layers of reactive technology. Businesses are suffering daily from this reactive model. They have added every layer of protection they can, and they are still being compromised. The highly effective, self-propagating nature of Internet threats today forces companies into a reactive posture, and that is inefficient. The threat has scaled the control systems that are in place.
When you talk about being more proactive, it's not only technology we are talking about, right? We are talking about technology and also about architecture. We are already seeing a pretty dramatic shift in security architectures on the Net. We are talking about management, which is very, very different in a preemptive world. We are talking about a dramatically different economic model