评论
打印
There aren’t many markets where, when the old products have failed, customers flock back for more.
一旦旧产品不再好用,客户会蜂拥回来,寻求更多产品,这样的市场为数不多。
That could explain why the leading lights of computer security – who have converged on San Francisco this week for their industry’s biggest gathering – have been struggling to strike the right tone.
这可以解释,为什么计算机安全行业的领先巨擘一直竭力发出正确的声音。近日,这些安全厂商齐聚旧金山,召开业界规模最大的会议。
Something between humility, schadenfreude and a wary self-confidence seems to be the order of the day. A Queen cover band may have launched the event with a blasting rendition of We are the Champions but the triumphalism was otherwise in short supply.
议程似乎混合着谦逊、幸灾乐祸以及审慎自信的味道。一只模仿皇后乐队(Queen)的翻唱乐队表演一曲高亢的《We are the Champions》,拉开了会议帷幕,但除此以外,会上再找不到多少胜利色彩。
Recent headlines suggest that even the best-defended computer networks resemble Swiss cheese. But, if the old approaches to security have been discredited, there is no shortage of new companies springing up with promises of better ways to plug the gaps – or at least make a lot of money trying.
最近的头条新闻表明,即便是防御最严密的计算机网络也一样漏洞百出。不过,每当旧有的安全策略失去人们的信任,总会马上冒出一批新公司,承诺拿出更好的办法填补漏洞——或者至少在尝试做到这一点的过程中大赚一笔。
The IT security market, worth some $65bn this year, is set to grow at 9 per cent annually for the foreseeable future, according to Gartner – which is a lot faster than the IT industry as a whole. Since large parts of the security market are barely growing, that leaves plenty of opportunity to cash in on new approaches.
高德纳(Gartner)指出,IT安全市场今年规模达650亿美元左右,在可预见的未来,年增长率将达9%,这比整个IT行业的增长快多了。由于安全市场的大部分都增长乏力,因此从开发新安全策略中获利的空间巨大。
The dirty secret that the security professionals can no longer keep to themselves is that their old defences – which were aimed at protecting PCs and other devices that comprise the endpoints of computer networks – no longer work.
安全专业人士无法继续秘而不宣的秘密是,他们传统的防御策略不再奏效。这种策略旨在保护构成计算机网络终端的PC以及其他设备的安全。
Anti-virus software has proved ineffective against the most sophisticated attacks – and therefore the ones likely to cost most in terms of damage inflicted or intellectual property lost.
事实证明,在复杂的攻击面前,反病毒软件效果不佳。因此面对可能造成最严重破坏、或者导致知识产权损失的攻击,它们也将无效。
Hopes for a fightback are now pinned on two very different approaches.
反击的希望寄托在两种截然不同的方式上。
One involves spotting so-called malware long before it reaches its intended targets. Companies such as Palo Alto Networks, one of last year’s hottest tech initial public offerings, and FireEye, tipped to follow it, specialise in appliances that sit at the gateway to corporate or government networks, looking out for such threats.
其一是在所谓的恶意软件到达攻击目标之前,就将其辨认出来。去年上市的最热门科技公司之一Palo Alto Networks,以及紧随其后的FireEye,专门生产这样的防御软件,软件把守企业或者政府网络的网关,监视此类威胁。
Pulling suspicious-looking email attachments and testing them in ringfenced “sandboxes” before allowing them to be delivered offers the promise of filtering out many of these malware threats, almost in real time, according to Asheem Chandna, a former security industry executive and now venture capital investor at Greylock.
安全行业前高管、现为Greylock风险投资家的阿西姆?钱德纳(Asheem Chandna)表示,在邮件投递之前,分离可疑的邮件附件,放在隔离的“沙盒”中测试,有望过滤掉大量此类恶意软件的威胁,而且几乎是实时的。
This may sound like a natural market for networking companies such as Cisco and Juniper. But, as so often in technology, start-ups have set the pace so far. With Palo Alto trading at 10 times revenues, some high-priced acquisitions seem likely as the industry giants add to their arsenal of defences.
这可能听起来就是思科(Cisco)或瞻博网络(Juniper)等网络设备企业的天然市场。然而,在科技行业,初创企业往往先行一步,引领趋势。Palo Alto的市销率已达10倍,随着业界巨头增添其安全领域的军火库,未来可能发生一些高价收购交易。
The second approach begins with an acceptance that even the best-secured networks will be penetrated. If the attackers are assumed to be already on the inside, then the focus shifts to identifying their tracks as they move around – while making sure a company’s most important digital assets are harder for the intruders to locate and extract.
第二种方法认为,即便是防卫最周密的网络也会被渗透。如果假设攻击者已经进入网络内部,那么重点就转移到在攻击者四处作乱之前找出他们的行踪轨迹,同时保证企业最重要的数字资产更加难以被入侵者锁定、窃取。
Latching on to another of the tech industry’s big promises, the security purveyors have discovered big data. Pattern recognition – using reams of data to identify normal types of behaviour on a network, in order to spot the anomalies – is becoming the order of the day.
科技行业还有一个宏大的承诺——大数据,深谙这一点的安全企业已开始对之加以利用。模式识别正在提上议程。模式识别是指使用大量数据甄别出一个网络中的正常行为模式,从而发现异常行为。
The result is what Francis deSouza, president of products and services at Symantec, calls “big intelligence” – in which a stronger situational awareness and a better sense of behavioural norms are the main lines of defence.
赛门铁克(Symantec)产品与服务总裁弗朗西斯?德苏扎(Francis deSouza)称这种方法为“大情报”,即以对网络情况和正常行为模式的更强把握构成主要防御阵线。
Yet the big data promise can only go so far. The extent of the architectural shift in computing, as the client-server age gives way to the cloud, raises profound challenges to the old methods of securing data. The number and variety of computing endpoints is multiplying almost exponentially as mobile devices and, increasingly, machine-to-machine communications proliferate. A tide of data are starting to flow out of corporate networks to tap services that live in the cloud, turning the old defensive barriers into virtual Maginot Lines.
然而,大数据带来的也就这么多了。随着客户端-服务器时代让位于云端平台,计算架构的大规模转移对保证数据安全的传统方式提出了巨大挑战。随着移动设备以及越来越多的机器与机器之间通信量的激增,计算终端数量和类型几乎呈几何级数增长。潮水般的数据正开始从企业网络流出,转而利用云端服务,使传统的防御壁垒成了虚拟世界的马其诺防线。
At least the security industry, accused alternately of alarmism and complacency, now has a more realistic way to talk to its customers. The big data promise is that, although the enemy is wily and will find ways to break in, the defenders have smarts of their own. They may sometimes lose this cat-and-mouse game, but at least there is a chance of minimising the damage. And, besides the improved rhetoric, there is another benefit to these new approaches: some of them might even work.
至少,总被指责耸人听闻、自鸣得意的安全行业,现在能够更加实事求是地同客户交谈。在大数据的承诺下,即使敌人诡计多端,总能找到破门而入之道,防护者也有自己的应对技巧。防护者有时可能会输掉这场猫捉老鼠的博弈,但至少有机会把损失降至最低。这些新的策略不光听起来更美好,还有另外的优点:其中有些还是有可能起作用的。
