Paul Zimski, CISSP, is the product strategy manager for Harris Corporation’s STAT computer security unit, which provides network security solutions backed by decades of expertise in information security.
As product strategy manager, Paul is responsible for driving the requirements for STAT products and ensuring that STAT stays ahead of emerging security threats.
Harris has extensive expertise when it comes to Homeland Security. In your opinion, has there been an increase of security awareness in the government during the past 12 months? What has been done?
Certainly there has been an acute increase in security awareness during the past 12 months as national security has become a critical priority. We have seen many long-standing government organizations develop new security initiatives that address security holistically.
There has been a trend of increased available funding for mission-critical security initiatives and a more competitive security arena with many new players entering the market.
What do you see as the major computer security problems today?
One of the biggest impediments to achieving computer security today is the fact that new vulnerabilities are discovered hourly. Once a system is stood-up in a production environment, its “security” begins to decay with each passing minute.
Constant vulnerability assessment, configuration management and remediation is necessary to offset the ever increasing ways to attack systems. Even “preventative” security applications themselves need to be assessed and updated to avoid being used as attack vectors, as demonstrated in last month’s Witty worm.
Until organizations can effectively implement vulnerability management programs, even their best security efforts will be usurped by known vulnerabilities.
What are the main benefits of using the STAT Scanner comparing to the competition?
The STAT solution was designed from the ground up to be non-intrusive and non-destructive. STAT methodology provides fast, robust, and accurate results without running the risk of crashing targets or crippling networks through excessive bandwidth consumption.
As a result, our clients are free to perform in-depth scans on mission critical systems without risking the disruption of services in their production environment.
What do you see your clients most worried about when it comes to security?
Probably securing mission-critical data communications, whether it’s strategic military information, classified homeland security intelligence, or even internal corporate data.
What is, in your opinion, the biggest challenge in protecting information at the enterprise level?
The biggest challenge in protecting information at the enterprise level is making the leap from a well devised security policy to well implemented security procedures. All too often, terrific security policies fail to be carried out do to lack of management “buy-in”, excessive politics, funding issues and ineffective technologies to carry out initiatives.
What are your future plans? Any exciting new projects?
We’re continuously developing new capabilities to expand our product offering. We recently announced a distributed framework for our STAT Scanner engine that provides a centrally managed, truly enterprise-scalable vulnerability management solution, so you’ll be hearing more about that in the months ahead.