Terry Dickson is the CEO and Co-Founder Avinti. After 23 years in the industry, Terry Dickson has extensive IT and high-technology industry experience — including six years with Intel Corporation. In addition to growing revenue from $15 million to over $100 million in the formative years of the Intel software operation, Dickson also served as the director of Intel’s Wired for Management initiative and the chairman of DMTF (Distributed Management Task Force).
Recently Avinti issued a security alert regarding a newly discovered targeted destination e-mail attack. Can you give us some details?
Targeted destination attacks are fairly academic and we’ve known they exist for some time but preventing and dealing with them has become a critical security issue. Companies faced with the infiltration of their networks are finding that the attacks are much more savvy and difficult to find and by the time they are found, they could have been plundering the network for days.
Clearly, the developers of malicious software are intelligent and well-trained. As such, they find innovative ways to bypass existing mechanisms for security. One such method was discovered as a recent virus distribution methodology was discovered to have by-passed to existing routing structure for e-mail in the internet. A recent variant was designed to bypass any hosted security solution, by going direct to a harvested IP address of the outward-facing gateway. This was not a chance occurrence. The malware AND distribution were a custom designed targeted attack for one specific customer.
During targeted destination attacks, all of this activity bypasses pattern-based security measures so the network can be under attack for a long period of time without the possibility of a new pattern being generated. Obviously this can cause a loss of proprietary assets and damage to the company network.
What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level?
Probably the single biggest challenge in protecting sensitive information comes from underestimating how good the hacker community has become, and just how valuable personal and private data has become. A recent security report noted that the online theft of assets was Africa’s biggest “industry”. Digital identities, credit card numbers and intellectual property are worth a lot of money to criminals. It’s an epidemic global issue and it continues to increase. On the black market, targeted destination attacks have become the preferred tool of the cyber criminal as it bypasses the most widely-deployed protection-the pattern-based AV solution.
There are a number of factors involved in keeping sensitive information safe, but a company interested in protecting its assets will be thorough in its security assessment and ongoing auditing; the IT group will constantly evolve enterprise defenses, utilizing a number of security tools and solutions to protect every known entry point in the organization whether that be firewalls, intrusion detection, authentication, anti-spam, anti-spyware, anti-virus, etc.
A problem arises when a company puts too much faith into one product or solution when the reality is that no one product is capable of adequately protecting every level of an organization. A unified framework of solutions that also anticipates what may be of value to an attacker is what will at least keep a company a few steps ahead of the game.
What do you see your clients most worried about?
I think for the most part, our customers are worried about business grinding to a halt because communications systems are incapable of performing as they should. I believe clients are worried about providing a secure means of communication. By keeping their communication network secure, they’re able to avoid being taken offline by a virus or some other type of malicious attack. People who already have excellent AV solutions in place are concerned about the number of attacks finding a way into their network and they’re aware of how quickly the window of vulnerability is being taken advantage of by hackers. They don’t want to wait for their vendors to provide patches or devise complex workarounds, they want to know that they’re being protected from every possible angle. In-essence, our clients have a valid business need to use e-mail and the internet, but are finding that they need to restrict access for purposes of security, and THAT impacts business.
The real enlightening thing for our customers is that regardless of what email security gateway or AV solution they have in place, we can go into their organization and within hours show them what’s getting through. We’re catching zero-day attacks, even though many companies have policies to mitigate and manage outbreaks in a reactive and expensive manner. Our solution is catching the things that make it through their existing defenses and REDUCING the time required for cleanup and restoration
Based on the feedback you get from your clients, are there more internal or external security breaches?
I would say that there are valid reasons for concern for BOTH internal and external protection. Most companies still have a higher level of trust for internal security. Unfortunately, a small number of individuals have betrayed that trust, generating the need for increased attention on internal security breaches. However, the majority of attempts from malicious entities are based OUTSIDE of the organization. Wise IT administrators will pay close attention to BOTH internal and external layers of protection.
What challenges do you face in the marketplace? What do you see as your advantages?
Complacency is a big issue that we face. We constantly battle IT apathy, the belief that today’s email defenses are “the best available in the industry,” even if some malware or attacks get through. The problem is that most senior executives, especially in IT, believe that they’ve got their e-mail security issues handled. Even with a well-documented rise in sophisticated attacks and loss of data as reported in Symantec’s semi-annual security report and a CSI/FBI Computer Crime Survey, you have a level of denial that’s a bit surprising. At the June 2005 CSO Interchange in Chicago, Illinois, nearly 100% of participating CSOs said that they felt they were well-prepared to handle spam, viruses, DDoS and hacker attacks. Ironically the statistics on attacks prove otherwise.
Email is not only a conduit of information flow – it can be the life’s blood of business operations. Companies have an obligation to employees, shareholders and customers to protect that flow of business by whatever means necessary. Our solutions augment the existing communication defense arsenal by providing email outbreak protection against both known and unknown email based viruses. This added layer of security closes the window of vulnerability that stems from threats with no existing signature or patch. Avinti removes the opportunity that exists between the time an exploit is revealed and patched, and the time a hacker attacks the network. It protects against targeted attacks for which there may never be a pattern for protection. We’re able to say that the Avinti iSolation Server is truly the first enterprise email security solution using virtual machine technology to test potentially threat-bearing messages in a monitored virtual replica of the target user’s desktop prior to delivery.
Avinti employs the ability to stop something at the first instance and that’s truly unique. Reports can be run, proof can be seen, management can be shown what’s getting through and what it was trying to do within the virtual environment in a very detailed manner so you can breakdown the behavioral trace and it underscores the value of a layered security model because it can visually be identified.
What are Avinti’s future plans? Any exciting new projects?
It is always dangerous to discuss future plans. The virtualization of this network edge component demonstrates a viable new architecture in security deployment. As the e-mail edge becomes more difficult to penetrate, based upon the deployment of this virtual-machine based security-criminals will turn to other avenues for penetration. As-such, it makes sense to anticipate the upcoming trends of attack, and ensure that appropriate protection is developed and deployed. The concept of virtual security will continue to grow and evolve, providing a new wave of protection previously unavailable.