Simon Heron is an Internet Security Analyst at Network Box, a managed security company, where he is responsible for developing the overall business strategy and growth. In this interview he discusses the current online security threats, the full disclosure of vulnerabilities as well as Network Box.
In your opinion, what are the biggest online security threats today?
In a recent survey by Network Box, 61 per cent of IT managers said that they thought the biggest threat to network security was from malware being downloaded from the Internet. That’s probably true – but another important threat is usually user-based, in other words, people not keeping their protection up to date, or clicking on bogus links, or even buying from spam.
I think there are two significant challenges we face. Firstly, how to combat spam. I saw a great quote by someone on Twitter, that said: “I cannot escape the feeling almost every email I get is spam. The annoying thing is much of it is spam I’ve signed up for”. This nicely sums up one of the biggest difficulties we face – you have to define spam in order to block it. The second challenge is the shift of the endpoint. More and more people work remotely; the lines between work and home are becoming more blurred, and this puts pressure on the security of a corporate network.
What do you see your clients most worried about?
Fraud seems the major concern. This ranges from ID fraud, to fraudulent websites, spoofed emails promising great profits and a myriad of other cons that are the daily fare of an end user’s experience. This is still being fed through spam but increasingly there are new ploys as criminals move to website infection of trusted sites to infect new victims. All this despite the fact that the returns for a phisher or even spammer is appearing to be ever thinner. This menace is threatening the success of e-commerce and we need an international effort in these grim times to fight this crime.
What’s your take on the full disclosure of vulnerabilities?
This is a painful but necessary process. It requires that immediate action is taken to address those vulnerabilities, alerting people to what has been exposed and addressing customers’ problems. It ensures customers can take corrective action, it forces a fast recovery programme and it helps others not to make the same mistake. None of this is popular with providers of the services that have been shown as vulnerable.
Based on the feedback you get from your clients, are there more internal or external security breaches?
I think there are more external threats, but probably more internal breaches. When McColo was taken down, we saw an immediately decrease in the volume of both spam and malware, which shows the impact these sorts of organised criminals can have. Not for long – it was back up and running pretty quickly. But there is still a significant threat from insiders – and not always intentionally: often people download malware without realising it. I imagine that with the number of layoffs we’re seeing, and everyone having to tighten their belts a bit, that there will be an increase in financial scams.
With the constant evolution of threats, what kind of technology challenges does Network Box face?
I think the challenge the whole industry faces is how to keep up with the scale of the problem. The sheer numbers of blacklisted sites, for example, or new malware produced, are staggering. We processed 2.7 million signature updates in 2008 alone. We operate PUSH technology, which means that we push out updates immediately to Network Boxes sited in client offices, which means that as soon as we have an update, our clients have it. This really helps us ensure our customers have the latest protection where traditional PULL technology requires the customer to ensure the update has been carried out and this frequently does not happen or happens slowly.
What are your future plans? Any exciting new projects?
We’re launching a new game-changing anti-spam product in the next couple of months, called eMail Relationship. It changes the way we look at spam, by not just analysing content and IP address (though it will also do that), but by applying learning from the behaviour of both the email sender and the recipient, to understand which emails the recipient wants, and which are spam. It will make it almost impossible for spammers to use their existing databases. It works by combining a number of approaches based around the reputation of the sender, and the behaviour of both sender and recipient, as well as traditional filters, to give a “trust’ score to each email based on the relationship between email users. We are very excited about its potential and really think it could change the way spam is handled.