What do you see as the biggest online security threats today? What are your clients most worried about?
The key threats to deal with today are the so-called ‘blended threat’ that combines multiple characteristics such as worm, virus, spam, or intrusion and is agent- or content-based; that is, once it penetrates the edge of the network and embeds itself onto one client system, it replicates and propagates very rapidly to unleash any range of dastardly deeds.
Many of our clients are concerned about the amount of time it takes to lockdown all their systems, interms of both the productivity cost as well as an ever-widening window of vulnerability from updating conventional point solutions running out of context. Many solutions take up to 24 hours to distribute new protection files. Speed to closing the windows of vulnerability is key. For example, MyDoom itself had several different variants within a 24-hour period, which means if you don’t have real time response then your response time to the changing makeup of a virus gets truncated. Integrated platforms with auto update capability, like ServGate’s EdgeForce, caught myDoom within 3 hours of its release, or an 800% faster rate of time-to-protection. This severely limits the potential damage of an attack an contain further internal outbreaks.
Spam is probably the fastest growing problem today. Some label it as just a nuisance while others see it as a threat. What’s your take on the spam problem?
Spam is a huge drain on business performance by siphoning off large amounts of bandwidth and causing companies to over-invest in bandwidth capacity, in addition to the costs associated with lost worker productivity and the inherent downtime risk from a spam-spawned worm agent. Blocking spam on a separate server at the email gateway is a better strategy than waiting until messages arrive in individual Inboxes. The greatest intrusion is a worm wrapped inside a virus deeply embedded in a spam attack.
The best prevention strategy is a multi-threat management system that closes the gaps between the network layer and the application layer. Spam does cause damage: it is a major ‘carrier’ of viruses, worms, intrusions and spyware, or so-called ‘blended’ threats. Scanning email traffic out of the context of spam and viral attacks is unthinkable.
What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level?
There are many issues involved in protecting business critical data including better authentication and other so-called “AAA” security matters that others focus on. In terms of the kind of automated, integrated security ServGate offers, there are two strategies we can aid in implementing:
1) Defend against external, agent-based threats: A favourite trick of the hackers is to use a virus, worm, Trojan Horse or combination malicious content embedded in a spam attack or URL Web page as a carrier for an agent-based attack, for example an executable file, that once inside the network trolls around sniffing for sensitive data to report back to a remote server. Prevent your computer systems from becoming zombies that these agent attacks hijack to steal and malign confidential data: deploy an integrated security system that looks at all of these attacks in their full context and in real time to prevent the exploit from ever entering the many exposed edges of the network.
2) Many enterprises have invested in conventional firewall technology, blind to blended threats, or antivirus software in the host or client environment, but the multiple edge of today’s modern distributed enterprise generally have not been secured adequately against the blended threat. Establishing ‘trusted zones’ between edge connections, such as email servers and remote access servers, is a more progressive, comprehensive defence strategy. This is an effective way of dealing with threats that originate internally so as to stem further outbreaks and also to nullify external threats that bounce from edge point to edge point probing for vulnerabilities.
Based on the feedback you get from your clients, are there more internal or external security breaches?
As outline above, the nature of the modern threat is such that it’s really difficult to distinguish between external and internal threats; an external threat can quickly become an internal threat if the multiple edges and access points to business critical data are not ‘redoubted’ or protected by multiple layers, and internal threats can quickly become external liabilities if your network becomes vulnerable to an agent attack that uses a FTP engine to export internal documents and data, as with the Sasser attack, or uses it’s own SMTP engine to harvest internal Outlook accounts and broadcast email spam attacks to the outside world, effectively diminishing your corporate reputation and brand equity. A full context security solution that scans the complete cross-section of internal and external threats is the best way to redoubt network connections.
What do you expect from the future? Is it likely for a “cyberterrorism” event to take place in the next 12 months or do you see it as media hype?
Companies and organisations are victims of a form of cyberterrorism everyday; professional hackers who invade corporate networks to slow down business performance or outright disrupt business continuity are stealing money and damaging reputations. In worse cases, the hackers cause billions of dollars of damage to computer systems or steal sensitive business or customer data. The criminal nature of the blended threat attack is evidenced by the recent arrest of the Sasser attack author.
Cyberterrorism for geopolitical reasons is still and always will be a national security threat that Homeland Security and others rightfully devote major resources to defending against. But organisations and companies of all sizes that are vulnerable to the everyday cyberterrorist’s indiscriminate attacks need to take appropriate measures too to shore up their networks and seal off the threat of malicious attacks.