<p>FOR IMMEDIATE RELEASE Ref MG4078
Increased Spending on Intrusion Detection (ID) Inevitable, Says META Group
Issue to Be Addressed at META Group Security Conference in San Diego, September 15-17, 2003</p>
<p>SYDNEY, Australia , (August 7, 2003) – META Group (Nasdaq: METG) a leading information technology (IT) research and consulting firm, today announced investment plans for security technology remain on target for Global 2000 organisations. An analysis of purchase intents by META Group analysts showed strong short-term interest in both network and host intrusion detection. Long-term plans showed an even stronger interest in various forms of intrusion detection, which is finally becoming widely accepted as a necessary part of well-secured environments. Other long-term plans also include centralised security information management consoles for many organisations.</p>
<p>“Organisations that have taken an intelligent approach to intrusion detection have had no problem establishing the value of the technologies,” said Chris King, senior program director for META Group’s Security & Risk Strategies team. “Those that have purchased a product without the benefit of an underlying policy and plan naturally feel like they have wasted their money, because they have. Technology alone does not improve security, and causing a false sense of security can actually harm the security effort.”
META Group believes that organisations failing to successfully deploy some level of intrusion detection capability could experience increased liability by not meeting a court standard of due care. Security officers have shown only minimal confusion as a result of the vendor transition from intrusion detection to intrusion prevention. META Group projects that the minimal difference between these two closely related approaches will disappear within two years.
Not all areas of security are maturing as rapidly as intrusion detection. Despite widespread recognition that information security requires separation from IT in order to meet generally accepted system security principles (GASSP), the vast majority of Global 2000 organisations still have information security reporting to the CIO, CTO, or equivalent.
“As security has now started showing some signs of maturation, we are seeing a gradual growth in understanding that technology risk needs to be managed in parallel with IT rather than within IT. But it is difficult to find an executive other than the CIO that is willing to take over an area like information security before it fully matures. Of course, even many CIOs are still resistant,” says Mark Bouchard, senior program director for META Group’s Security & Risk Strategies.</p>
<p>About the Security Conference
Security technology and security governance form the two major themes of META Group’s Information Security & Risk Management Conference. Attendees will learn how to meet the challenges of major regulatory requirements such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and the Sarbanes-Oxley Act. In addition to in-depth analysis of all areas of security technology and governance, the conference will provide an opportunity for attendees to meet one-on-one with any of the 14 META Group security specialists. The META Group Security Conference will be held at the
Manchester Grand Hyatt in San Diego, CA, September 15-17, 2003. For more information, visit metagroup.com</p>
<p>About META Group
META Group is a leading provider of information technology research, advisory services, and strategic consulting. Delivering objective and actionable guidance, META Group’s experienced analysts and consultants are trusted advisors to IT and business executives around the world. Our unique collaborative models and dedicated customer service help clients be more efficient, effective, and timely in their use of IT to achieve their business goals. Visit metagroup.com for more details on our high-value approach.</p>
Rob Stirling / Kirsten Davey
<p>Peter Carr, General Manager