Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gartner Debunks Over-Hyped Security Threats

Posted by Zonk on from the mythbusting dept.

TPIRman writes "At Gartner's recent IT Security Summit, the research company's analysts identified five over-hyped security concerns. Among the supposed FUD are mobile malware, unsafe VoIP, and cracker-friendly wireless hotspots. Gartner, which has made a name for itself tracking hype, claims that irrational anxiety is holding back technologies that offer benefits greater than their security risks. A Techworld columnist argues, though, that Gartner is sending mixed messages."

15 of 134 comments (clear)

  1. "cracker-friendly wireless hotspots" ?? by RobotRunAmok · · Score: 5, Funny

    And the hotspots less sympathetic to our racist neighbors south of the Mason-Dixon line? These are somehow more secure?

    I'm so confused...

  2. Gartner, debunk yourself by Gothmolly · · Score: 5, Insightful

    From the department of wishful thinking:
    Gartner, please debunk yourself as anything other than a PHB-opinion-bolstering old boys club. I battle the Powers That Be here constantly - any proposal is met with "well what does Gartner say about it?". Take your magic quadrant, and... well, you know.
    If everyone waits for everyone else's opinion before they can make a decision, no wonder we have organizations with forms to change forms, where Dilbert stories are all true, and employees read Slashdot all day instead of working (because 50% of their projects won't go anywhere, and the other 50% of their projects are pending some approval process or another).

    Gartner is just a multiplicity of Dvoraks, all groupthinking what the Next Big Thing is.

    --
    I want to delete my account but Slashdot doesn't allow it.
    1. Re:Gartner, debunk yourself by Qzukk · · Score: 3, Interesting

      It seems to me that Gartner gets paid to say stuff like this. Someone hands them a stack of studies and some cash, and tells them to "spin this and make us look good."

      The question here is whether in this case they were paid by the VoIP and mobile technology providers, to convince everyone that everything is alright and nobody needs to worry, or by the virus writers, to convince everyone that everything is alright and nobody needs to worry...

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  3. Warhol by MECC · · Score: 4, Funny


    A "Warhol Worm" is a worm that infects all
    vulnerable machines on the Internet within 15 minutes.

    Warhol must be a new spelling for Windows...

    --
    "We are all geniuses when we dream"
    - E.M. Cioran
    1. Re:Warhol by CardiganKiller · · Score: 3, Funny

      Probably, they're both overhyped. Their aesthetics are similar. You take a good look at both of them and ask yourself, "Should I be enjoying this or something?".

      Bring it on Warhol fans.

  4. Re:Trust Gartner? by AnonymousKev · · Score: 5, Informative
    I have to agree, Mr. Pants. My previous employer paid the Gartner Group to research a particular subject. Their report indicated that our product was the best possible way of doing business. The next round of brochures had "Gartner Group reports indicate ..." in big bold letters. Six months and $26 million later, the company was sold for pennies on the dollar. Not just a miss, but a miss-by-a-mile.

    Since then, anytime I see "Gartner Group" in print, my brain replaces it with "information prostitutes".

    --
    Anonymous Kev
    Proudly posting as AC since 1997
    (Finally got a dang account in 2004)
  5. Depends on what you have to protect by udderly · · Score: 4, Insightful

    I did not RTA, but it seems to me that your degree of paranoia should be relative to the importance of what you're protecting.

    For instance, I don't use wireless on my work network because I have a lot of confidential client information to protect. But at home I like the convenience of being able to roam the house and yard.

  6. Benefits of Technology? by ThosLives · · Score: 4, Interesting
    The summary and article talk about
    ...holding back technologies that offer benefits greater than their security risks...
    This leads to the question, "What do you mean by benefits of technology?"

    This is actually a good question, especially in light of the security risk question. I think the only way to evaluate benefits of technology is to look at how much a technology reduces the cost of living and/or how much it improves quality of living. For instance, a plow greatly reduced the cost of living for farmers - they now had to spend less time plowing for a given amount of production. The invention of air conditioning increased quality of living quite a bit. It's a little more difficult to measure just what having VOIP, for instance, gives us. VOIP doesn't really reduce the cost of living, and it really doesn't improve the quality of living compared to POTS. Perhaps it does slightly reduce the costs, if VOIP is less expensive than POTS, because that means VOIP users spend less of their "time" paying for communications.

    The risks need to be weighed against the benefit though. For instance, there's a greater risk of getting injured by a plow than by digging things by hand, but the benefit is huge. The way I think things should be examined is what is the added risk for added benefit?

    My personal assessment is that VOIP or wireless hotspots, or whatever, are not going to improve my life quality over what it is now, nor will they reduce my cost of living significantly. So, if there is *any* added security risk, it's not even in my consideration.

    --
    "There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
    1. Re:Benefits of Technology? by tgd · · Score: 3, Informative

      Um, plows didn't reduce the time spent plowing, they created the time spent plowing. Without a plow, how are you plowing? You can't plow without a plow.

      They reduced the time spent planting, and allowed planting of fields with harder soil.

  7. The Pot Calling The Kettle Black by Old+VMS+Junkie · · Score: 4, Insightful

    Over-hyped? Garntner makes their living on hype generation. This is just another attempt at getting more people to subscribe to Gartner reports.

  8. Overhyped == "Hasn't happened to me Yet" by GGardner · · Score: 4, Insightful

    I guess this is the definition of overhyped?

  9. There is much truth... by Anonymous Coward · · Score: 3, Insightful

    to what Gartner is saying. I have worked in the IT security arena now for almost 5 years and I have noticed this very thing. Security companies, almost without exception, hype the threats to sell their wares. They sell wolf tickets at extremely high prices when 98% of all threats can be mitigated by using good processes and common sense. Remember what Bruce Schneier keeps harping on is true: SECURITY IS A PROCESS, NOT A PRODUCT. Until people get this mantra embedded in their thick skulls, they will continue to be duped by security vendors and their own fears.
    Common sense is, unfortunately, not that common. Defense in depth security measures can be achived without spending a lot of money. BUT... your best security is useless if the people behind it are lacking in common sense.

  10. Six wireless myths debunked by jc2it · · Score: 3, Informative

    The blog referenced in the slashdot post, by George Ou was very insightful. I don't know how many times I have heard of people implementing the MAC address filtering scheme. I always thought it was a stupid method of securing a network, because it is so simple copy the MAC address. What I had not realized is that I could so easily find out what a specific MAC address is. I had not thought of using a sniffer for this. I always assumed physical security would need to be breached to determine the MAC address of a preffered client. It makes sense though, for the wireless client to access a wireless AP they must broadcast the MAC address.

    --
    jc2it "Humor is mankind's greatest blessing." -Mark Twain
  11. Source please? by PIPBoy3000 · · Score: 3, Interesting

    I've been Googling for the last fifteen minutes and couldn't find any reference about the Gartner Group downplaying AIDS.

  12. Gartner is bad. Their security summit is worse by GodBlessTexas · · Score: 4, Informative

    Last year, the only security training my company's Infosec director and manager took was to Gartner's Security Conference, but only because they paid for everything including travel and hotel costs because attendance is always low. When my boss got back, and she's not exactly a security expert by any sense of the word, she said it was horrible. That says a lot coming from someone as ignorant of security as her. She said people would show up, the presentations would start, and over the next hour or so people would file out the doors and never return. She said the rooms ended up being less thant 10% full by the end of the talks because no one wanted to hear them.

    This company, which I left recently, based all of their decisions on Gartner's Magic Quadrant. Of course, it was always funny doing the conference calls with their analysts to discuss technologies we were interested in, and they could never go beyond the script they had prepared for the call. When my boss wanted to buy some form of HIDS, they basically did a call on why we should purchase Symantec's new product over Symantec's older product. Nevermind that there were better products from their own literature. The guy couldn't answer any question about the product that wasn't on the literature he'd sent or was reading from. It was depressing, because his opinion mattered more to my management than the opinions of those who would be using and monitoring the software and knew what our requirements were.

    --
    Remember the Alamo, and God Bless Texas...