By Jonathan Cooper, Director, Partners and Channel EMEA, ArcSight
Cyber crime is on the rise and it's not just individuals and large corporations that are feeling the pain. According to a survey by the UK's Federation of Small Businesses (FSB) published in February 2009, more than half of smaller businesses polled in their recent survey said they were a victim of crime in one way or another over the last 12 months; 37 per cent reported problems with phishing emails, 15 per cent were affected by credit card fraud and another 15 per cent fell foul of security problems caused by viruses and hackers. The results of this survey are consistent with feedback we're getting from mid-size organisations and points to what I believe is a growing trend.
There are a number of potential reasons for this. As larger companies deploy more sophisticated security solutions both at their perimeter and in the case of some industries, in their core applications, cyber criminals are turning to smaller companies who they see as a soft touch. Here the focus is on operational systems with less importance placed on a holistic approach to security. As a result there is a good chance that patch levels are not updated as frequently and security mechanisms in network devices, databases and applications are not configured as rigorously. We're likely to find point solutions in place for network intrusion and virus detection to identify and quarantine known threats but no real defence for "zero day" attacks that exploit vulnerabilities in operating systems and applications that have not yet been discovered outside the hacker community. And with cyber crime increasingly being perpetrated by or with the help of people on the inside, smaller organisations often have no way of identifying suspicious/malicious behaviour from employees or contractors.
So how do mid-size organisations go about addressing security deficiencies within an acceptable resource and budget envelope? It all starts with visibility, knowing how all IT resources are being used, and this can only be done through the systematic capture and analysis of information coming from the various components that comprise an organisations' IT infrastructure. The good news is that this segment of the software/appliance market is developing at a swift pace and there are now affordable and highly effective solutions available for event and log capture, consolidation, and alerting. ArcSight is a leader in this area, working with skilled distributors and resellers to deliver cost effective security and compliance solutions to small and medium organisations.
Larger organisations often go beyond this level of security monitoring by correlating and analysing events from across the enterprise using sophisticated tools to look for the digital trails that expose more subtle threats or compliance breaches. They also establish specialist security teams, often referred to as Security Operation Centres (SOCs), who undertake forensic investigations and tackle these more complicated threats. Up until recently, this capability was beyond the reach of smaller organisations both in terms of people and tooling costs. Last year, we introduced a product called ArcSight Express that brings many of these advanced security capabilities to mid-sized organisations in an appliance form factor complete with pre-configured rules, dashboards and reports, and at a mid-market price. Feedback from channel partners and customers has been very extremely positive and highlights a latent requirement for tools such as this.
Looking forward, we can see that cyber threats will only increase in frequency and sophistication and our challenge as an industry will be to help organisations of all sizes keep pace while continuing to operate within their budget and resource constraints. As they say, it's a marathon, not a sprint. Luckily there are now cost-effective solutions available that help smaller organisations fight cyber threats like Britain's top marathon runner, Dan Robinson runs marathons.