Menu
Partners in crime prevention

Partners in crime prevention

Ever noticed how stressed network administrators are? If it wasn't enough to expect them to keep the company LAN running efficiently, they also have to keep an ever more diverse range of Web-based bugs, spies, viruses, phishes, key loggers, snoopers, spammers, hackers and general mayhem makers at bay.

And it's not just the company LANs that are suffering from the ever expanding and diversifying threats. Having purchased a new machine with antivirus software included, home users are dismayed to discover the fancy cursor they downloaded has inflicted their PC with malware like Cydoor or about:blank.

In July this year, security software vendor, McAfee, identified the top 10 threats impacting consumer and enterprise machines. While it found mass mailers continued to cause the most grief in the enterprise sector, spyware and adware had surpassed viruses in the consumer space, accounting for 60 per cent of the malicious threats tracked.

"Viruses are less of a problem than they used to be," Asia-Pacific marketing director for McAfee, Alan Bell, said. "We are seeing a more sophisticated use of vulnerabilities in terms of both the virus writers, and the creators of malware."

Not only are attacks becoming more technologically sophisticated, according to global chief strategy officer for security appliance vendor WatchGuard, Mark Stevens, there is also a significant change in terms of the way they approach their targets.

"We are seeing a change in the hacking arena, whereas hackers used to do it for notoriety, now they are leaning more towards hacking as a way to make money," Stevens said. "Now we are seeing phishing and spam, and attempts to get at intellectual property which might be contained on a corporate network."

Stevens said up to $US2.4 billion a year is lost to Internet-based fraud activities as money-driven attacks become increasingly successful.

"Rather than chase the big targets, we are seeing these attacks aim for the everyday Joe Blow," Stevens said. "They want to touch as many people as possible."

And it's not just external threats that are raising the stakes; companies are also having to take measures against potential enemies within.

"The threat of internal attacks on organisation, combined with the growing sophistication of external threats mean companies are looking for a holistic end-to-end approach to security," senior analyst for IT research group IDC, Phillip Allen, said. "Ease of management becomes important, because the overall environment is very complex, there is so much to be aware of it's a bit overwhelming."

Overwhelmed with Work

While the IT security industry abounds with spectacular horror stories of what happens when security fails, simply managing security on a weekly basis is scary enough for most network administrators.

Tick off the boxes: antivirus software installed with updates automatically forwarded to each machine on the network; staff all warned not to open email attachments they don't recognise; firewall up; operating system patches regularly downloaded; default settings on the server operating systems have been fully revised; a standard operating environment prevents IM and P2P software from being downloaded; there are regular sweeps for spyware and casual browsing is limited; passwords are changed weekly and spam is filtered in the mail server and Web-facing email addresses are masked.

Just as our stressed-out network administrator sits back to take a breath, and contemplates the pros and cons of enclosing the company network in a steel safe, the marketing department calls and insists that its customer base need to access their account information via the Web.

That is when they get on the phone to their local reseller and insist on affordable technology that provides the highest possible level of access and flexibility, coupled with water-tight security.

"At one end you are being asked to provide absolute functionality and at the other absolute security, 24 hours a day 7 days a week, antivirus, anti-spam, intrusion detection, the lot," CEO of managed security sevices provider Network Box, Keith Glennan, said. "And most of these things can be automated so that when you have new virus alerts you can have the updates downloaded within seconds, and so forth."

However, resellers don't necessarily have to become as stressed as the network administrators that become their customer base. One way to provide such an extensive service without investing heavily in staff training is to resell managed services. Initially only selling into high-level enterprise, such packages are becoming prevalent throughout the mid-tier corporate sector.

According to IDC's Allen this is due to dual trends.

"There is the recognition that IT security is com­plicated, involves more than just technology and within technology involves every element of technology," Allen said. "Our end-users surveys also suggest that it is a business priority as well as a concern for the tech department, that is to say IT security is seen as strat­egically important."

He said this had led to an increased willingness on the part of companies to spend more on security and, at the same time, out-of-the-box solutions had made managed service offerings more accessible.

"Cost effective solutions are more available, and at the same time a lot of concern is being given to prioritising investment in security," Allen said. "For a lot of companies security used to mean throwing antivirus software at the problem, but now they are talking about risk mitigation strategies."

In fact, IT security is increasingly being seen in terms of business continuity and thus an ongoing rather than a one-off expenditure. This is largely because connectivity has become crucial to business. Companies today are as dependant on their email as they are on their phone line, others depend on the Internet to receive inform­ation from suppliers and customers alike.

"Security is not just about being hacked, it's about how to keep on working when you have been hacked," chief security officer at specialist distributor Firewall Systems, John Labza, said.

However, Australian companies continue to lag behind their Asia-Pacific counterparts when it comes to actually planning for security expenditure, according to the director of information security for IT security vendor and integrator Vectra, Jo Stewart-Rattray.

"While they recognise the increase in threats, Australian companies still tend to see security as a necessary evil, whereas in places like Singapore the attitude is 'we must have security, therefore we must budget for it'," Stewart-Rattray said.

Senior analyst for technology research company Meta Group, Michael Warrilow, said turning this attitude around was an opportunity as much as it was a challenge for the channel.

"The journey we're on is one where security is viewed as an inhibitor, to one where security is viewed as an enabler," he said.

What technologies are on offer?

Not only are market forces pushing the reseller channel into new areas and approaches, they are also leading to technological evolution. At the consumer end, antivirus vendors are increasingly integrating anti-malware sweeps into their software. Annoying at best, the spyware and adware such sweeps look for can become debilitating, as some have the capacity to hijack Internet Explorer and flood the screen with pop-ups.

Add to this concern about spam and identity theft, and you have a significant push for antivirus software vendors to make their products more flexible and feature-rich.

McAfee's Internet Security Suite 6.0 offers protection against viruses, hackers, spam and identity thieves, but has yet to scan for spyware and adware. Sophos Anti-Virus protects against viruses, Trojans, worms and spyware.

Symantec's Norton AntiVirus 2005 claims to remove viruses, worms, and Trojan horses, and detect, but not remove spyware. Meanwhile, Trend Micro's PC-cillin Internet Security guards against viruses, hackers, spam, inappropriate web content, and spyware.

And while the antivirus software vendors are enthusiastically throwing their hats in the anti-malware ring, when it comes to removing tenacious malware, for the most part specific software is still required.

PC Tools' managing director, Simon Clausen, said the anti-malware attachments made to traditional anti-virus suites scans for roughly 100 potential threats, whereas spyware specific software will scan for up to 1500.

"Some of these programs actually detect when you are trying to remove them, and reinstall elsewhere on the machine," Clausen said.

"You have to really know what you are looking for and how to remove it."

While they are of major concern to the average home user, malware has not had the same impact on the SME or enterprise market. However, just as antivirus vendors are integrating more features and searches into their software, corporate firewalls are also becoming increasingly features rich.

"The firewall is transforming into a multi-level security product," WatchGuard's Stevens said.

"We're seeing intrusion prevention, antivirus features, support and control over instant messenger software all integrated into the firewall."

Not only were firewalls limiting what came into the network, but also paying more attention to what went out of the network, and what went on inside the network, he said.

Meta Group's Warrilow pointed out that enterprise level companies were even using firewalls internally, to prevent worms and mass mailers from spreading throughout the company intranet.

"It's a bit like the Titanic," he said.

"In principal each of the groups within the organisation can be separated, so that even if the outer security is breached it doesn't effect the whole company network. But like the Titanic where water spilled from containment area to containment area as the ship went down, unless internal separations are implemented properly, they are virtually useless."

As the technology becomes more complex, resellers need to ensure they fully understand the capacities and limitations of what they are working with.

What's more, providing a secure company network is not limited to understanding security technologies.

In recent times, worms such as Blaster have taken advantage of known but un-patched vulnerabilities.

In the same way virus attacks used to exploit the end-user's naivety when it came to attachments and executable files, now worms are exploiting their inattentiveness when it comes to downloading and updating patches.

Essentially security is working its way into business continuity issues and everyday operations, rather than one-off software implementations.

Scheduling manager for whitebox systems manufacturer ASI Solutions, Craig Smithers, points out that a complete security solution should integrate physical security.

"The critical issues are how the PC is kept up to date, and how the physical security is managed," Smithers said.

"Not only do the systems have to be protected from technological attacks, sometimes they actually have to be bolted down."

Looking for the opportunities

The rule of thumb would indicate resellers be well versed in all the technologies they are selling. However, the increased complexity associated with the security market would require many to specialise themselves out of other markets in order to gain the necessary skills-base.

Network Box's Glennan said resellers were stuck in a difficult bind. On the one hand they wanted to be able to fully service their customer's security needs, but didn't want to risk losing them by referring them to third party security experts.

"A lot of resellers have been burned by trying to configure network security without the necessary knowledge," Glennan said. "We can sit down with the reseller and find out what they feel comfortable doing, and where we fit in, so they have the flexibility to control as little or as much as they want."

In fact, most managed security services enable resellers to effectively re-badge their service, and because the service is ongoing resellers have access to annual income from service renewal fees.

"Rather than putting clients with complex security clients in the too hard basket, resellers can offer them a complete security service," Glennan said.

However, managed security offerings aren't the only way resellers can punch above their weight in the business sector.

About three years ago, distributor Firewall Systems saw potential in the security market and ditched the rest of its product line in order to narrow its focus.

"You have to understand the threats and provide technologies that mitigate those threats," Labza said. "You need to know what a firewall does stop, and more importantly you need to know what it doesn't stop."

Specialisation at the distribution level also provides resellers with access to a range of skills and product knowledge that would be difficult to develop in-house.

"We provide resellers with the opportunity to offer free configuration as well as before and after vulner­ability assessments so that they can provide their customer base with a follow up service showing how they are being protected," Labza said.

WatchGuard's Stevens said one of the challenges, for resellers and distributors alike, lay in providing security as a service rather than a series of products.

"Security does require more value-add than many other areas," Stevens said.

"Which is why we are seeing focused distributors moving away from shipping tin. We're seeing bundles emerge where they are taking our products and wrapping services such as vulnerability assessments. The resellers in turn can take advantage of the expertise from these types of distributors."

While IDC's Allen said partnering to move services enabled resellers to move up the value chain, he urged caution.

"There can be channel conflict between the partners especially when it comes to account ownership and delivery expectations," he said.

This is because partnering in services provision brings with it a whole range of new challenges. At the same time as customers expect seamless delivery, they also require clear accountability when things go wrong. Add to this a need for clarity in terms of customer ownership, and you have a complex and potentially conflictive basis for product rollout and service provision.

Learning from experience

Meta Group's Warrilow emphasised the issues of accountability and responsibility.

"Not only does the channel have to consider the technology, they also have to take vendor viability into account," Warrilow said. "It is important to design back-to-back agreements, ensuring you have all liabilities and accountabilities outlined in the contract."

He suggested the channel learnt from experiences in terms of multi-partner outsourcing, and subcontract­ural relationships generally.

"When laptop's containing sensitive information are stolen from the Department of Customs at Sydney airport essentially EDS is responsible for the flaw in security, but Customs is accountable to the public at large," Warrilow said.

Turning the tables, ASI Solutions' Smithers is interested in how the contractual relationship determines who owns the customer.

Ultimately, he thought that while vendors and distributors might provide technical skills, resellers should focus on their relationship with their customers, and make sure the value of that relationship was recognised contractually.

"At the end of the day the resellers have aligned relationships with their own customer base. That is what they bring to us, even when we are involved in the delivery," Smithers said. "That relationship with the customer is the key, and that has to belong to the reseller."


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments