Gartner Debunks Over-Hyped Security Threats

TPIRman writes "At Gartner's recent IT Security Summit, the research company's analysts identified five over-hyped security concerns. Among the supposed FUD are mobile malware, unsafe VoIP, and cracker-friendly wireless hotspots. Gartner, which has made a name for itself tracking hype, claims that irrational anxiety is holding back technologies that offer benefits greater than their security risks. A Techworld columnist argues, though, that Gartner is sending mixed messages."

Re:Trust Gartner?

[AnonymousKev]

I have to agree, Mr. Pants. My previous employer paid the Gartner Group to research a particular subject. Their report indicated that our product was the best possible way of doing business. The next round of brochures had "Gartner Group reports indicate ..." in big bold letters. Six months and $26 million later, the company was sold for pennies on the dollar. Not just a miss, but a miss-by-a-mile.

Since then, anytime I see "Gartner Group" in print, my brain replaces it with "information prostitutes".

Six wireless myths debunked

[jc2it]

The blog referenced in the slashdot post, by George Ou was very insightful. I don't know how many times I have heard of people implementing the MAC address filtering scheme. I always thought it was a stupid method of securing a network, because it is so simple copy the MAC address. What I had not realized is that I could so easily find out what a specific MAC address is. I had not thought of using a sniffer for this. I always assumed physical security would need to be breached to determine the MAC address of a preffered client. It makes sense though, for the wireless client to access a wireless AP they must broadcast the MAC address.

Summary

[823723423]

[1]
Gartner analysts project that through 2007, the Internet will meet performance and security requirements for all business-to-consumer traffic, 70 percent of business-to-business traffic and more than half of corporate wide area network (WAN) traffic.

[2]
"Enterprises that diligently use security best practices to protect their IP telephony servers should not let these threats derail their plans," Mr. Orans said.

Re:Benefits of Technology?

[tgd]

Um, plows didn't reduce the time spent plowing, they created the time spent plowing. Without a plow, how are you plowing? You can't plow without a plow.

They reduced the time spent planting, and allowed planting of fields with harder soil.

Gartner is bad. Their security summit is worse

[GodBlessTexas]

Last year, the only security training my company's Infosec director and manager took was to Gartner's Security Conference, but only because they paid for everything including travel and hotel costs because attendance is always low. When my boss got back, and she's not exactly a security expert by any sense of the word, she said it was horrible. That says a lot coming from someone as ignorant of security as her. She said people would show up, the presentations would start, and over the next hour or so people would file out the doors and never return. She said the rooms ended up being less thant 10% full by the end of the talks because no one wanted to hear them.

This company, which I left recently, based all of their decisions on Gartner's Magic Quadrant. Of course, it was always funny doing the conference calls with their analysts to discuss technologies we were interested in, and they could never go beyond the script they had prepared for the call. When my boss wanted to buy some form of HIDS, they basically did a call on why we should purchase Symantec's new product over Symantec's older product. Nevermind that there were better products from their own literature. The guy couldn't answer any question about the product that wasn't on the literature he'd sent or was reading from. It was depressing, because his opinion mattered more to my management than the opinions of those who would be using and monitoring the software and knew what our requirements were.