????一年一度匯聚美國頂尖信息安全公司高管的信息安全大會（RSA Conference）今年引起了不小的爭議（路透社報道稱，信息安全大會與美國國家安全局合作，在加密產(chǎn)品中留下“后門”，以方便政府更容易地竊取用戶信息。這一消息引起許多專家對大會的抵制——譯注）。不過無論規(guī)模大小，大多數(shù)公司來到這里，只是為了展示他們在防范網(wǎng)絡(luò)犯罪方面最新、最好的技術(shù)。

????這些公司很幸運，因為如今引人矚目的網(wǎng)絡(luò)攻擊越來越多，使得各企業(yè)在安全工具上的花費越來越高。根據(jù)研究公司高德納（Gartner）的數(shù)據(jù)，信息安全市場的規(guī)模將會從去年的約6,700萬美元增長至2017年的9,500萬美元。不過防火墻——對，就算是下一代防火墻——和殺毒軟件已經(jīng)不夠用了。這也是為什么思科（Cisco）、瞻博網(wǎng)絡(luò)（Juniper Networks）這樣的服務(wù)提供商，還有帕洛阿爾托網(wǎng)絡(luò)公司（Palo Alto Networks）這樣的后起之秀都已經(jīng)開始拓展業(yè)務(wù)范圍。

????為了更深入地了解不斷變化的客戶購買模式，探索更開放的新一代“威脅智能感知數(shù)據(jù)”的收集和共享方式，《財富》采訪了阿姆農(nóng)?巴勒夫。他是信息安全業(yè)居于領(lǐng)先地位的以色列供應(yīng)商、Check Point軟件技術(shù)公司（Check Point Software Technologies）的總裁。

????《財富》：顧客希望你們做些什么？你在信息安全大會上聽到了什么？

????巴勒夫：這個行業(yè)現(xiàn)在有兩大趨勢。其中之一是從單純的防火墻（依靠防火墻的保護措施）轉(zhuǎn)變?yōu)楦嗟刈钃跬{。當(dāng)今世界上所有的防火墻提供商都擁有了下一代防火墻，它已經(jīng)變成了商品。但是大家已經(jīng)意識到，光有防火墻還不夠。所以他們在其中加入了越來越多的技術(shù)——反木馬程序、各種阻擋威脅的工具、威脅模擬功能，當(dāng)然還有入侵防御系統(tǒng)（intrusion prevention system）。

????第二個趨勢是明顯的功能整合。我相信人們曾經(jīng)有過許多單功能產(chǎn)品，他們認為把它們組合起來使用是最好的防護方法。不過現(xiàn)在已經(jīng)不同了。我們有著市場上最好的入侵防御系統(tǒng)，而且它不僅是個專用工具，還整合了其他防護功能。我們認為它不應(yīng)該是個功能單一的軟件。我們預(yù)計在功能整合方面，這個行業(yè)還有大量的發(fā)展空間。人們在尋求更多的保護，他們的安全感還不夠。

????哪個行業(yè)最害怕遭到攻擊？

????我不知道他們有沒有害怕，但顯然，金融業(yè)在應(yīng)對安全問題上可能是最先進的一個行業(yè)。他們在尋找和采用新型安全措施和技術(shù)上都走在最前面。排名第二的可能是電信公司。這些公司擁有兩個不同的網(wǎng)絡(luò)，運營網(wǎng)絡(luò)和信息技術(shù)網(wǎng)絡(luò)。他們的信息技術(shù)網(wǎng)絡(luò)與其他的企業(yè)一樣，不過非常先進。而運營網(wǎng)絡(luò)的保護措施嚴密得多，不過它一旦遭遇攻擊癱瘓，就會變成非常嚴重的問題。

????不過，基于IP地址的長期演進技術(shù)（LTE，第四代無線技術(shù)）的問世給信息安全領(lǐng)域帶來了巨大變化。如此一來，信息安全公司就得保護基站，還有各基站之間的連接，現(xiàn)在他們開始采取越來越嚴密的安全措施。不過，我們總共有超過10萬的客戶，分布在你能想到的任何行業(yè)。

????在人們購買的各種各樣的產(chǎn)品中，哪些是你們沒有、而且想要擁有的？

????我認為我們擁有大多數(shù)種類的產(chǎn)品。有一種產(chǎn)品叫做網(wǎng)絡(luò)應(yīng)用防火墻，我們還沒有在這個領(lǐng)域施展拳腳。我們正在研發(fā)許多東西，比如更好地保護移動產(chǎn)品。

????你是因為聽說這方面（移動產(chǎn)品安全防護）存在很大的需求嗎？

????我不知道我有沒有提到“需求”，但肯定提到了“議論聲”。因為沒有人能有簡單直接的辦法解決這個問題?，F(xiàn)在的大多數(shù)產(chǎn)品都太容易被入侵了。

????總的來說，安全領(lǐng)域并不是個公司投資的好選擇，因為他們看不到回報，也不知道應(yīng)當(dāng)如何評估安全領(lǐng)域的回報。這就像軍隊一樣——一支軍隊應(yīng)當(dāng)葆有多少架戰(zhàn)斗機？不知道。你得自己去設(shè)想。安全領(lǐng)域也是一樣。它取決于有多少預(yù)算，然后把它們花掉。

????另一個角度來看，人們想做他們能做的任何事，而有時候安全性和功能性不可兼得。最大的挑戰(zhàn)之一就是，確保安全防護能起到促進作用，而不是阻礙作用。（財富中文網(wǎng)）

????譯者：嚴匡正

????

????This year's RSA Conference, an annual gathering of the nation's top information security executives, has already had its share of controversy. But most of the companies in attendance -- both big and small -- are there simply to show off their latest and greatest cybercrime-fighting technologies.

????Lucky for them, the growing number of high-profile cyber-attacks have led corporations to spend more and more on security tools. According to research firm Gartner, the information security market will grow from an estimated $67 billion last year to $95 billion by 2017. But firewalls -- yes, even next-generation firewalls -- and anti-virus software are no longer enough. That's why vendors like Cisco (CSCO), Juniper Networks (JNPR) and newer players like Palo Alto Networks (PANW) are branching out.

????To find out more about customers' changing buying patterns and the rise of new, more open approaches to gather and share threat-intelligence data, Fortune caught up with Amnon Bar-Lev, the president of Israel-based Check Point Software Technologies (CHKP), one of the IT security industry's leading providers.

????Fortune: What are customers asking you for? What are you hearing here at RSA?

????Bar-Lev: There are a couple of trends happening in this industry. One is the move from purely firewall [-based protection] to more threat prevention. All of the firewall vendors in the world today have next-generation firewalls; it really became a commodity. But people understand that firewall is not enough. So they are adding more and more technology into that space -- anti-bots, different threat prevention activities, threat emulation, and IPS ["intrusion prevention system" --Ed.] for sure.

????The second trend is clearly consolidation. I think people used to have a lot of point products because they felt that's the best-of-breed approach. But this has changed. We have the best IPS in the market and it's integrated, not a dedicated box. We don't think it should be a dedicated box. There's a significant amount of growth that we're seeing coming from consolidation. People are looking for more protection, they don't feel secure enough.

????Which industries are most freaked out?

????I don't know if they're freaked out, but clearly the finance industry is probably the most advanced industry regarding security. They're quite advanced in looking for new solutions and technologies and implementing them. Second is probably telcos. They have two different networks, their operation part and their IT part. The IT part is like any other enterprise, but they're quite advanced. Operations are much more conservative, but down time is a very big issue.

????But there was a major change in the industry when LTE [the fourth-generation wireless technology --Ed.] came out, which is all IP-based. So they have to protect base stations and the connection between base stations and now they started implementing more and more security. But we have over 100,000 customers in any vertical you can think of.

????What piece of all of these various products people are buying today do you not have and want to have?

????I think we have most of it. There's something called a web application firewall and we don't really play in this space. There are a lot of things under development now, like to better secure mobile devices.

????Are you hearing a lot of demand for that [mobile device security solutions]?

????I don't know if I'd say "demand," but definitely "buzz." Because nobody has a very simple, straightforward solution to solve this. Most of the things are too much of an intrusion now.

????Overall, security is not a great thing for a business to invest in because they don't see a return and they don't know how to measure a return on security. It's like armies -- how many fighter jets should an army have? You don't know. You build your own assumption. It's the same thing here about security. It depends on how much budget they have and then they spend it.

????From the other side, people want to do everything that they can. and sometimes security and functionality doesn't go together. One of the biggest challenges is to make sure security is an enabler and not a disabler.