Security at the barricades

The bad news is that no organization with an Internet connection can ever be truly secure. The good news: The tools and the law enforcement are getting better.

As long as bad guys want to steal our data, infect us with malware, or choke us with spam, we’ll always be in a state of siege. Obsessing over the whole range of threats isn’t good for anyone’s health. But if you work in IT, you can’t ignore those perils either, and you’ll welcome any cost-effective technology that keeps them a little further at bay.

As InfoWorld senior writer Matt Hines reveals in his exclusive story, “Google eyes security services,” help is on the way from an unexpected quarter. You may be aware that Google bought the anti-spam service Postini in July — and even, perhaps, that it acquired security software vendor Green Border a couple of months before that. But as Matt reports, Google’s ambitions go much further.

Basically, the company intends to turn Postini into a complete hosted security platform — not just for blocking spam, but to deploy a whole range of services. Already, the latest Postini version included with Google Apps Premier Edition protects against zero day threats and flags possible outgoing data leaks, such as social security or credit card numbers. According to Matt, that’s only the beginning; Google’s ultimate ambition is to provide comprehensive, enterprise-class security as a service.

We’ll have to wait and see if large organizations, which tend to prefer absolute control over their own security, will be willing to cede some of that to Google. Meanwhile, our review of the new Mu-4000 security appliance clearly indicates that the industry hasn’t run out of innovative products that can help you sleep a little easier.

This new version of Mu’s Security Analyzer identifies vulnerabilities by hitting the network with “fuzzed” permutations of normal packets and commands across 50 different protocols. And considering the complexity of what it does, the InfoWorld Test Center found it amazingly easy to configure. Reviewer Roger Grimes sees the Mu-4000 as a highly useful weapon in the battle to stave off malware threats.

But wait a minute … who are the bad guys who want to wreak all this havoc anyway? Contributor Andy Brandt gives us a glimpse of what the perpetrators of IT mayhem are like in “True crime: The botnet barons.” Late last month the feds announced the indictment or conviction of eight perpetrators, all of whom used botnets to achieve their nefarious ends. Andy’s story examines what they did and even a little about why they did it.

The scary part is that these perps were relatively small fry. According to most security experts, the real kingpins operate outside the U.S. on a much larger scale. No need to worry about that threat 24/7, friends. On the other hand, keep your guard up.