So.. I’ve been working in IT for a long time and Information Security for about 10 years or so. I’ve seen a lot of things change and a lot of things just get recycled. What about the truly new innovations? I have a couple of ideas if any security vendor is listening. If you want to give me credit – I’ll take it
- Smart IDS
- How about an Intrusion Detection System that is truly smart? What if it knew a machine was vulnerable or not and gave you alerts or suppressed information based on a vulnerability scanner. Wouldn’t that be easy enough to integrate? Case in point, do I really need to see a bunch of SQL Slammer attack attempts if all my systems are patched for SQL Slammer? Vulnerability scan information could be fed into the IDS so it only shows you what is relevant. A truly smart system. You could even have a check/uncheck box on whether or not to suppress certain alerts based on vulnerability data – just in case you really want to see all those irrelevant attacks
- Advanced DLP
- Data Loss Prevention systems have come a long way toward helping protect company secrets. The problem is, especially if you aren’t blocking (as is difficult in most companies), what do you do once the data gets out? Sure you have a record of it but what if 5 people send it out and you find it posted online? What is the one that leaked it to that site? I think what is really missing from today’s DLP solutions is a watermarking feature. For example, a person send out a secret document and the DLP system notices. It allowed it through but stamps a watermark on the document and voila – you can trace it back to the exact leak. The system would have to function inline but it would be a great way to track important documents as opposed to two systems.
Those are just a couple of ideas for now anyway. Next time maybe I’ll keep them to myself a start a company