Menu
TECHNOLOGY: Looking beyond firewalls for security

TECHNOLOGY: Looking beyond firewalls for security

Security, according to Helen Keller, is a superstition. It's found nowhere in nature, but we keep trying to achieve it, and there are many products on the market to help us. The most common - firewalls - are widely installed and continue to evolve with features and functionality.

But firewalls, posted at enterprise network portals to limit access from the Internet, are only part of a comprehensive security strategy. They don't provide protection from viruses that enter through e-mail servers, for example. Nor do they offer protection against individuals downloading or e-mailing content that could put a company at risk.

To address these security risks, one has to look at secure content management (SCM) devices, such as antivirus and content-filtering products.

According to IDC's recent assessment of the SCM market, worldwide revenue in this segment reached $U2 billion in 2001, representing a 22 per cent growth rate over 2000. That growth was a result of the increasingly sophisticated techniques that are being used to exploit security vulnerabilities. Forecasts for the market show it reaching $US4.8 billion in 2006.

Ease of use vs granularity and features

When organisations first started connecting their networks to the Internet, security had one purpose - to keep the bad guys out. Security was a cost of doing business, but there was little return on investment. It was like insurance, a requirement just in case. No longer just insurance, these days security is the foundation on which a business is built, as security coupled with new business processes allows for the creation of trusted business relationships, whether internally or externally.

The improvements in a number of security technologies have allowed companies to increasingly regard security as a positive infrastructure element. This infrastructure issue was driven by the need to expand trusted relationships with customers, partners, suppliers, and channels. Most companies' greatest asset is their content. The ability to use security technologies (authentication and authorisation, for example) to enable greater access to corporate content deepens and stabilises business relationships. These trusted relationships can yield numerous benefits, such as higher transaction rates with greater scalability, lower cost per transaction, transference of personnel from low-value interactions to high-value personalised service, and so on. Overall, enterprises increasingly use security products and services to help them dramatically scale revenue, transactions, and/or customers at high double-digit rates while confining cost increases to single or low double-digit rates. If implemented successfully, this practice ensures profitable growth.

For security to meet some of the business needs now attached to it requires layers of security. Different technologies and products will protect against different threats at different layers in the network and provide various benefits to the business. Generally, the security technologies are selected based on need and what is considered best of breed. The products that best meet the business (and security) needs can be implemented. The layering process of security means that there are a number of categories of products serving different purposes.

Currently, there are three clearly evident trends in the security software market: firstly, security vendors are starting to take the ease-of-use issue seriously. The downside to ease of use is a lack of scalability and granularity, a trend that has plagued security products for a while. The third trend is seeing many vendors incorporate multiple security functions, such as antivirus, content-filtering and intrusion-detection systems (IDS), into one system.

Antivirus

Antivirus software is migrating from a being a market in itself to becoming a feature in other products and services. IDC expects that in the future, antivirus will become an integral part of a modular architecture that embraces all content scanning and management (CSM). (IDC defines CSM as technologies that include antivirus, Web filtering/blocking, e-mail scanning, and malicious and mobile code.) One thing is clear, however: antivirus protection is a core business requirement.

Estimates of how many viruses are generated worldwide on a weekly basis vary widely - from hundreds to thousands. The truth is probably somewhere in between. But even a hundred new viruses per week is a lot to keep up with, and no antivirus product will catch every new virus that comes along.

Security experts disagree as to whether it's even necessary for antivirus products to offer protection against a large number of known viruses, especially if they're not widely dispersed. But all agree that it's more important to assess and quickly report those, such as the Klez virus, that are most likely to have more widespread dispersion or are particularly malicious. Klez specifically targets Microsoft mail products. It invades users' personal address books, mailing viruses to and from those on a personal mailing list, creating a chain reaction that spreads rapidly.

Some antivirus vendors recommend daily updates of virus signature databases. Others support more than one antivirus scanning engine, offering the ability to multiply the user's chance of catching viruses on one engine that could be missed on another. This allows users to change the order of the scan to take advantage of the efficiencies of one engine over another.

An alternative to choosing a product with multiple engines is to deploy antivirus products from different vendors at various places in the network, with, for example, one on client and server machines and another on an e-mail gateway. But the downside is no central management of antivirus resources. Doing this also could increase bandwidth usage as different products download multiple sets of virus signatures.

Another issue with antivirus products is deciding where to deploy them. Using antivirus software on e-mail servers prevents viruses from getting to server and client machines. This reduces the number of alarms an IT team has to deal with because the viruses are blocked at the e-mail gateway.

But e-mail-based antivirus products won't prevent someone from introducing viruses into a client machine through an infected diskette. Securing an e-mail gateway also won't protect against Web-borne viruses.

Content filtering

Driven by privacy laws, liability concerns and commercial confidentiality, content filtering blocks access and network distribution of undesirable or otherwise sensitive Internet or e-mail content. It's main goal, according to a Baltimore White Paper on content security written by Chris Heslop, is not so much to protect the integrity of the corporate network - such as e-mail-related viruses - as it is to "address threats to the integrity of the corporate business brought about by an organisation's use of the Internet".

Breaches of confidentiality, exposure to legal liability, employees' privacy rights and employers' rights of access, spam attacks, misuse of Internet to access offensive material, dangers of exposure to malicious code, and Internet-borne or e-mail-attached virus infection are all affecting organisations' ability to protect information, maximise operational effectiveness, minimise corporate liability and protect their image. Content security is central to all of them.

According to CSIRO's Effectiveness of Internet Filtering Software Products report, there are three approaches to filtering content: inclusion filtering or allowing through ‘good' content; exclusion filtering or blocking known ‘bad' content; and examining content and blocking it when it fails to acceptability tests.

While the first two are based on compiling lists of acceptable and unacceptable content respectively, content filtering examines the content retrieved using key words before allowing it through to the user.

The main function of a content filter is to assess the top sites accessed within the network and block access to Web sites that a company determines objectionable (such as pornography, hate organisations and gambling) or time-wasting (shopping sites, sports and entertainment).

How and why an organisation decides to use content-filtering products shouldn't be taken lightly. Issues involving the rights of the individual compared to the rights of the company, along with other legal liabilities, surround their use. Companies should clearly define why, where, when and how they use content filters across their networks.

A differentiating factor among content filters is their ability to filter based not only on a word but also on the context in which a word is used. This prevents blocking, for example, a page containing references to "sex education" or "breast cancer".

While we typically think of content filtering in the context of blocking access to Web sites, it is also applicable to content leaving and entering a corporate network via e-mail.

An opportunity for service providers

According to research conducted by security specialist Baltimore, service providers are still reluctant to take responsibility for the security of their customers' e-mails and see themselves purely as facilitators of information transmission.

However, content security services can provide a valuable source of revenue, while protecting service providers against the risk of legal liability. This is particularly important in a market as competitive as service provision as it identifies an important form of value-add, which is the key to survival in this rapidly consolidating space.

Services such as gateway virus protection, blocking access and attachments with undesirable content or potentially dangerous files such as executables, documents, images and videos, monitoring inappropriate language, libellous/defamatory comments and breaches of confidentiality, controlling spam and spoofing, unauthorised encryption and oversized e-mail messages, are all part of the value-add package service providers can offer in addition to defining their customers' security policies.

Finding the right content security solution that offers easy installation and a plethora of functions to address the above issues can be the key to opening up an additional revenue stream for service providers, allowing them to graduate from bandwidth movers to true value-added resellers.

Encryption

From a customer and developer perspective, the importance of building well-implemented software using only the strongest, best-established encryption software obtainable cannot be over-emphasised. Because encryption is becoming more recognised as the DNA of the security world, there is a resurgence in growth. The growth in encryption is closely related to the growth of other security technologies that rely on encryption, such as public key infrastructure (PKI), VPN, and Web site encryption with Secure Sockets Layer (SSL). The trend toward embedded encryption functionality will increase as a driver of e-commerce.

Encryption is also playing an increased role in privacy products and services, with strong commercial growth in applications such as secure e-mail and secure file transfer. Encryption is going to play a large role in securing customer information, preventing unauthorised access of one customer's information by another, and securing the transmission and storage of that information.

The encryption software market has two primary layers. The first and most basic layer consists of the sale of cryptographic algorithms and their complementary developer kits. With these toolkits, application developers embed encryption into the functions of whatever product the developer is building.

Securing content and developing related policies is still one of the fastest-growing business opportunities for resellers. As Internet and network technologies and their integration into business processes continue to evolve, so do the challenges to organisations in terms of maximising technological potential while maintaining the security of information being transmitted in this way. For resellers working in this space, it is a perfect opportunity to look at reinventing the notion of value-add and securing the future of their own business, as well as that of their clients looking to protect their information capital.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments