STIENNON: I agree. There's some security from obscurity if you really have nothing worth stealing. The trouble is you can't conclude that. I'm starting to see people succumbing to attacks where they're just a channel to the real target, say a bank in Australia being attacked when the attackers are ultimately after the bank's mining resource clients. Adam mentioned Nadsdaq. So Nasdaq's Director's Desk website was injected with malware and Nasdaq wasn't the target. It was the users of the Director's Desk.
So that's the trouble with concluding that, "Hey, we don't have anything so we're not going to see this level of attack." And then the response is, there's no way a law office can afford to get the processes in place that a Lockheed or a major research lab should be building. But there will be service providers that will start offering that, and ultimately we're going to see tools that reach all the way down to the home office.
KERR: Going back to the question about the need to share information, I think we definitely need to be interconnected, and I think the cloud's a good place to share information. After all, we're all interconnected in one way or another. We share data with outside entities to process our purchase orders and they send us files and things, so if they get infected that's a back door into us. We've seen various entities have trust relationships between corporations, and that's a tunnel from one to another. One of the first things we did before we came back online was disable every single trust relationship we had with everybody, so 1) we didn't hurt them, because the last thing I want to do is to be blamed for infecting somebody else, and 2) I didn't want anybody else coming into me that I couldn't see through a trust relationship. So we need to be interconnected and share this information in the cloud. I think that's the way we need to be going.
O'DONNELL: We believe that data sharing among our products is essential and everything that we've been announcing with the FireAMP technology, as well as the IDS/IPS technology, is heavily leveraged to sharing data between those two products. Sharing outside of organizations and sharing across different technologies is something that will take many, many years because people are concerned that by identifying threats they've been exposed to, they may be giving additional information back to an attacker. So you need to have technologies that allow people to address a threat without sharing it, but still share the data if they choose to. Otherwise you'll hear the people saying, "Well, if I install this product and it mandates sharing, I can't use the product, because I can't actually tell the public what threat I'm experiencing, but I still need to have some mechanism of combating it."
Sign up for Computerworld eNewsletters.