Resellers have a role in guiding businesses through the evolving security scene says Andy Philpott, Secure Computing, vice president EMEA
The recent extradition hearing of a British man accused of hacking into US military computers from his own computer in London was yet another reminder of the vulnerability of some technologies when an individual is intent on wreaking mischief.
However, the mans reason for his adventures sounded oddly naive he was looking for information on UFOs. It reminded me how, over the past years, most challenges to internet security have become far more sophisticated and organised.
This incident was a throwback to the days when hackers were more intent on proving a point or being daring. Now, cyber-criminals work from all over the world, but especially from countries where it is difficult to find and catch them. And most of them are intent on one thing, financial gain.
For the channel it means an even further emphasis on security. This is why the analyst firm IDC estimates that the worldwide revenue for all security appliances will reach $4.7 billion by 2007.
It also represents an opportunity for resellers to help their customers keep abreast of the times and be aware of the latest threats; not by frightening them (never the best way to do business) but to show them that it makes good sense to make sure critical assets are protected.
For example, it may be worth remembering that analysts have estimated that a combination of spam and phishing could cost global business $50 billion this year.
Spyware too is a serious drain on IT resources. Spyware applications can slow down workstation computers and drain bandwidth, forcing staff to spend time fixing infected systems. Apparently 20 per cent of Dell support calls are about spyware.
Although the thought of a sad anorak alone in his bedsit accessing matters of global security is alarming, IT managers are more likely to stay awake at night worrying what happens if a virus wipes out half a day of business. In other words, by all means educate customers to be alert on to potential threats, but these need to be translated on a day-to-day level too. Otherwise they may see them just as a sales tactic.
The current situation opens up opportunities to work with customers in a consultative capacity to carry out thorough risk assessments to define and understand the threat to a companys infrastructure. There is also an opening to work with their different departments on a comprehensive security policy.
For example, customers should also be encouraged to consider the level of protection needed. Even those who have already installed security appliances need to reconsider the type of defences they have at their perimeter. Firewalls that were considered adequate only a few years ago, now offer an easy access point into networks and the applications they host.
The latest threats have been crafted to attack specific versions of critical software applications and to slip directly through older versions of firewalls purchased and deployed a number of years ago. Companies under threat must consider an application level firewall that allows no traffic to stream inside the network until it has been thoroughly examined for any malicious application attacks, viruses and worms.
Customers will also need guidance on new developments such as the current trend for united threat management (UTM) appliances. According to IDC, by 2007, 80 per cent of all security solutions will be delivered via a dedicated security appliance.
This may surprise some early attempts at multi-function security sites failed because they were poorly integrated, poorly marketed and weakly supported. Instead, businesses took a best-of-breed approach, deploying disparate products for firewall, intrusion detection, anti-virus blocking, vulnerability analysis and other network-centric security functions.
But this has led to gaps in protection and a high cost of ownership because of the need for multiple management consoles and a lack of integration. New solutions on the market are multi-functional, offering an application-level firewall plus anti-virus and anti-spam and integrating them on a single hardware platform.
And from a resellers point of view, this single vendor, modular approach can work well for cross-selling. What we are seeing at Secure Computing is that customers of our UTM appliance Sidewinder G2 will place their initial order for Sidewinder with anti-spam or anti-virus or with none of our separately-priced products, but add to them as time goes on.
One area that is currently creating interest in the US - and is likely to do so in the UK - is security reporting. This has come increasingly under the spotlight as US-based companies are being asked to comply with regulations such Sarbanes-Oxley - and commentators suggest that Europe will soon follow with its own requirements.
In general, the actual process requirements of regulations such as Sarbanes-Oxley are vague. For example Sarbox generally states that it requires a process to be in place and that this is shown to be effective by management, but does not define the process itself.
However, as part of the requirements, it can be assumed that a security management process must exist in order to protect against attempted or successful unauthorised access, use, disclosure, modification or interference with system operations. In other words, being able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive financial information.
Breaking this requirement down further, an organisation should be able to assess following types of security events.
- Failed system level login attempts
- Failed application level login attempts
- Exploitation of a system by unauthorised individuals (ie hacking)
- Failed access attempts to files or application data
- Correlating multiple system events to illicit data access
Compliance with regulations continues to be a grey area, particularly this side of the Atlantic. However, there is one thing for certain, the issue is not likely to fade away. Customers and the channel alike need to be aware that that most regulations require that procedures are in place to guarantee the integrity of, and access to, information and that there are processes to audit these policies.
But, how ever firm the need for compliance, the argument that brings the most clout will be the one that focuses on business benefits. As the internet threat matrix becomes larger, more complex and more dangerous, businesses need both a top-level view of the security situation on their networks, as well as real-time alerts of significant security events.
In short, resellers need to act as trusted guides in shifting sands of threats and regulation. And must offer the most reliable products on the market.
Andy Philpott, is vice president EMEA, Secure Computing. Secure Computing has been securing the connections between people and information for more than 20 years, specialising in delivery solutions that secure these connections to more than 11,000 global customers.