Incessantly buoyed by the likes of Chernobyl and Melissa and with its annual growth measured in billions of dollars, the security market is swelling to astronomical proportions. But in the time-critical world of data protection, the importance of technology needs to be balanced with management issues and the need for timely information. Is a shoulder to cry on a reseller's main weapon in the security game?
Rebecca Munro takes an in-depth look and Tamara Plakalo reviews the latest product offerings.
It used to be that one could protect one's castle from hostile intent and the occasional act of God with a simple moat, furnished with appropriately hostile animals, a couple of strapping archers and a well-constructed gate. Virgins remained virgins and the crown secrets remained securely locked away.
However, in the age of technology things require a little more effort and a lot more paranoia. Computers offer new and irresistible routes into the secret heart of any business reliant on technology. A gun no longer has any power and the precious bounty is information, not treasure.
Just when the intangibles of this concept were being grasped and managers were realising that a lock and a key were relatively useless, the entire premise of security - keeping people out - was redefined as businesses started to actively ask people in.
The age of e-commerce is upon us and you can still hear the groans as hackers are asked in for tea and the walls lie dismantled around the castle.
Statistics indicate that security is becoming much more of an issue; a third of all companies have experienced an attack in the last 12 months, according to a Deloitte Touche Tohmatsu survey. It estimated that the majority of information theft or damage is caused internally, with 83 per cent of respondents reporting they were aware of an internal attack, and 58 per cent experiencing an external invasion. "After software upgrades for Y2K and on-time project completion, GartnerGroup found security is the third most important issue to CIOs," said Terry Fogarty, director of sales and marketing at Centura Software in Sydney. However, whether internal breaches are accidental or the result of malicious intent, having to secure a network from two fronts and still remain operational can be difficult.
The security industry is constantly plagued by eruptions of viruses, out-of-date encryption codes, fallible firewalls, malicious Trojans and numerous all-sorts out to cause harm and havoc. The bad guys are not static; they are constantly designing new threats the security industry must shoot down. Mark Dent, managing director of New Wave Technology, explains that "the Internet is growing at an alarming pace and the number of hackers is growing just as fast. They are now a bigger threat because of the free hacker tools that are out on the Net. It doesn't take a systems expert to hack into a system. Now there are scripts anyone can run."
However, the security market has not solely been propelled by malicious intent made easier through the Internet. Security is not just about threats, it is about productivity and the emergence of new technology and business models. Kenny Liao, country manager Australia/New Zealand of Trend Micro Systems, believes that e-commerce will change network operations and thus security. "In the beginning, there was a Web site which just provided information and you had a separate network to run it on. You could keep your mission-critical stuff away from the Net. With e-commerce you have to combine the two networks. You need something good enough to do transactions on but something not too open," claims Liao.
Historically, the concept of security was easy to enforce. Access was universally denied for things worth protecting. However, with information now sporting an incredible value tag yet still integral to the everyday operations of business, simple denial is no longer appropriate. Restricted access threatens businesses dependent on the exchange, provision and transaction of information and money.
The firewall, the first product to catapult the security market out of obscurity, was initially reliant on the concept of refusal. It shuts out unauthorised personnel. Yet the traditional firewall has lost its potency and perhaps more importantly, once past a firewall a hacker is home free. "Products change because of emerging threats," claims Rick Hancock, national sales and marketing manager of WatchGuard distributor 1World Systems. "In the '90s it was host-based firewalls, in '98 it was authentication and encryption firewalls. Now people need to be constantly updated with software and security products. It's a war out there."
New Wave Technology's Dent agrees, stipulating that "five years ago network security meant building a firewall. Firewalls were meant to stop external threats. Recent studies show the majority of attacks come from inside the company."
Michael Wynd, managing director of Norman Data Defence Systems, suggests security is now concerned "not so much with access but with full encryption so if someone gets hold of data they can't get any information from it. At the desktop there is not full encryption. Instead you lock down a computer at certain levels."
E-commerce issues cannot be isolated from the general proliferation of the PC into non-secure and small-business environments in the development of the security industry. The ever-increasing portability of technology and the numerous media through which data is sent and received adds another element to the equation. Not only do mobile computers require protection from physical theft, their embedded databases need to be protected from unauthorised access and data alteration, a sensitive point with even mobile phones now able to hold data.
In addition, security has been fuelled by the lack of expertise in the IT industry, which the security sector is experiencing most acutely. Companies, especially small businesses with little awareness of secu-rity issues, are consequently finding it difficult to ensure they are integrating and using security products properly. "A lot of companies just don't have the budget and resources to build up security in their own company," claims Chris Klaus, IT director and founder of ISS. "People think they are secure when they buy infrastructure where security is built into it. Routers have access control and encryption. But what we want to do is manage all your security systems.
We can bring it all together in our Security Control Centre and assess what is vulnerable and where the attacks are coming from. We have the resources because we are doing it for a lot of clients," explains Klaus. And properly managed security will alleviate a lot of stress, especially for small businesses who tend to either ignore the necessity to update equipment or attempt to fix it themselves.
So security is being pulled from all sides. Information is becoming more dispersed, migrating from traditionally secure areas, yet security management is having to become more central. Internal threats are predominant but e-commerce is opening up new realms of possibilities for catastrophe and other business adventures from the wider world. No wonder IDC is touting extraordinary figures for the growth of the security market.
It grew from $US2 billion in 1997 to an estimated $US3.1 billion last year. Compounded annual growth rates for revenue will be 30 per cent between now and 2002. The firewall segment of the market will grow the fastest, reaching a rate of 40 per cent by 2002. But the antivirus software section of the market will be the largest, with revenues expected to be $US3 billion by 2002.
However, to cash in on the paranoia, the security industry must recognise that security is no longer simply about products but about management, risk assessment and prioritising. "The model is going to become outsourced security detection managed services," claims Klaus. "We'll put sensors on your network and any alerts will go through to our Network Operations Centre (NOC) where we will deal with it," he says.
Security is not just a matter of buying some antivirus software, whacking up a firewall and then sitting by the fire with a cognac feeling smug. Security vendors are now recommending software updates every couple of weeks and real-time network management on a constant basis. A virtual private network should not be automati-cally assumed secure just because it is encrypted. It must also be recognised that any system, file or network can never be absolutely secure. "A lot of people don't understand that there is no such thing as an infallible security system. People break into things because it is a challenge," explains Wynd of Norman Data Defence Systems.
This has led to the development of such groups as ISS' Xforce and code crackers whose sole job is to enter the underworld in order to design counter products. Security vendors must now offer update services and become more proactive in the detection and generation of secure solutions if they are to remain credible.
Yet best-of-breed demands from understandably paranoid executives (who wouldn't be a gibbering mess with the Cult of the Dead Cow out to get you?) have forced each vendor into limited avenues of development. "You will always need best-of-breed products when it comes to secu-rity," claims Trend Micro's Liao. "It cannot be compromised for anything, including the convenience of a one-stop shop." Fine for the vendor and probably good for quality, but it makes the integration and management of any security incredibly difficult for the customer. And with the onset of complex networks these issue becomes even more pertinent. Thus the security industry has begun to mould itself around the principle of partnerships and the emergence of security management solutions has become a trend. "Symantec has partnered with IBM to provide Digital Immune Technology," explains John Donovan, general manager of Symantec. "It can track down, and quarantine, any virus or virus-like behaviour and then deploy the findings to Symantec's virus centre where a definition file can be written for it within four hours. Within 24 hours the solution can be sent to all our customers."
The emergence of new and involved threats means effective security is now reliant on a conglomerate of products and procedures that must integrate with a network's infrastructure, applications and other security products. Liao explains that security is now a matter of "centralised management", where the vendor is responsible for the automatic update of signature files and the real-time management of a security system. "Remote management is the trend," claims Liao. "Trend Virus Control System manages multiple products and if you purchase more than two products you get it free. Updates are automatically deployed and your system is monitored. We are also moving onto an e-Doctor service which is concerned with the evaluation, installation and service of security for an office.
You simply subscribe on a per-month per-user basis and we can remotely resolve any problems, or if necessary go on site."
However, security is never going to be achieved through a single vendor - systems integrators and value-added resellers are often the glue that binds the systems together. "No one vendor can satisfy corporate demands," claims Symantec's Donovan. "Instead it is a combination of vendors and resellers who provide a multi-vendor approach to customers' needs. They can recommend security systems, and integrate and deploy various security measures."
Norman Data Defence Systems' Wynd reiterates the importance of the reseller in the security equation. "This is a time-critical industry. Customers need support and answers now! This means that the reseller can offer the best-practice after-sales support, as long as they know about the issues of the industry and the technical aspect of the products. There are a lot of resellers out there that already act as independent shops, they can recommend products and different combinations so that customer demand is met."
Liao views the channel's role as one complementary to his vision of remote network management. "There are a lot of systems integrators and VARs that have existing arrangements with corporations to manage their firewalls and networks. The integration of other security products into this model means that their responsibilities have expanded. We like to have key partners that we work with in this and we provide training and a Solution Bank, which is an intelligent database that lists previous support cases. It helps VARs learn what to look out for and how to support clients."
One of the biggest hurdles a reseller must face in the market is the public awareness of security. It has always been a bane of contention. Just why don't the majority of consumers out there understand that they need security? It seems such a simple observation. Yet only recently have security companies begun to settle into mainstream acceptability rather than remain in relative obscurity until the inevitable disaster makes them corporate saviours.
Most vendors see reactionary security as less than desirable. Klause believes that a business "saves more up-front from locking a system down at the beginning and adding business applications on top of it rather than running the risk of trying to lock it down once someone breaks into it. It is then hard to get rid of them because of Trojans and back doors and then security just becomes more of an issue." And the cost of a network out of commission due to sabotage is now more easily determined. "Businesses can now measure the cost of their server being down because they know how much business they are losing if they rely on e-commerce. That's why in the US the insurance companies are pushing the security industry, because they are having to insure companies against lost revenue due to a hacker attack," claims Klause.
Because of the security industry's anonymity, trying to make the public proactive in their approach to security is difficult. Firewalls were the first to gain any respectability and now possess an element of necessity, and present an easy sale for a reseller. The Melissa and Chernobyl outbreaks have pushed the virus panic button as well; antivirus software is riding high at the moment at the expense of a lot of unprotected businesses. "The Melissa virus bought the concept of e-mail secu-rity to the forefront," claims Symantec's Donovan. "But there is still a lot of naivete in the market. People are planning ahead more because of Y2K issues and SMEs are getting better too because outside analysts are advising them. But there is still a lot of room to grow." According to ISS' Klaus, the channel is beginning to package security with servers automatically to both add value and increase the awareness of the need for security. "Security is an easy differentiator," Klause claims, adding that VARs should be naturally interested in the industry if only to protect their clients and establish a goodwill bond.
What's new from . . . Bind View DevelopmentBindView EMSNasdaq-listed developer of systems management software Bind View offers a security assessment and configuration analysis system, BindView EMS, which reduces the time needed for tasks such as security assessment, user/server administration, system documentation and disk space management.
BindView EMS reports on the permissions granted or denied for any files or directories in an enterprise, and locates any NT machine in any domain that is configured for an automatic log-on, stopping the security exposure related to this sort of configuration. It also allows the administrator to see exactly what system privileges each user or group on the network has.
This is a product that incorporates a point-and-click Query Builder that cuts through information overload and cuts through extraneous information to deliver reports that are relevant to a query.
The system includes Enterprise Console, NOSadmin for Windows NT, NOSadmin for NetWare 4, NOSadmin for NetWare 3 and NETInventory, which can perform year 2000 assessments, track hardware and software inventory, enforce corporate standards and prevent and detect theft.
Distributed by New Wave Technology
Tel (02) 9816 5098
What's new from . . . Network AssociatesTotal Network Security (TNS)In its Total Network Security (TNS) line, enterprise security and management solutions vendor Network Associates offers an integrated suite of desktop, server and network solutions that protect a company's digital assets through encryption, security scanning, authentication, virtual private network and firewall technologies and intrusion protection.
As a scalable solution with centralised management and policy-based administration, TNS is a security product line that Network Associates recommends for both small and large companies. The latest products in the range include:
Gauntlet Firewall 5.0. The latest version of Gauntlet Firewall for Unix and Windows NT incorporates Gauntlet's Adaptive Proxy technology, eliminating the trade-off between security and network performance. The firewall is Active Security-enabled and has the ability to communicate with other security and management products on the network.
CyberCop. This family of intrusion protection products includes CyberCop Sting with a "decoy" server that traces hackers who attempt to break in and gathers critical audit information on their activities; and a new CyberCop Scanner 5.0 that scans networks for vulnerabilities and offers advanced reporting capabilities. CyberCop Monitor is another product in the range. It is an agent-based detection product that monitors desktops, servers and network communications for signs of intrusion.
PGP VPN Client. The new PGP VPN client integrates with PGP e-mail, file and disk encryption to support any standards-compliant VPN server or firewall or as part of the end-to-end PGP VPN suite.
Tel (02) 9437 5866 Tel (03) 9526 3600
What's new from . . . Norman Data Defense SystemsInternational security specialist Norman Data Defense Systems specialises in data security solutions such as access control, virus control and firewalls, as well as general data security analysis and consultancy.
Norman Disk Armor. Requiring less than 5MB of hard disk space, Norman Disk Armor for Windows NT workstations stops all unauthorised users from gaining access to any data on any part of a hard disk. It allows users to encrypt all data on their hard disk, provide a controlled and secure boot sequence and create an emergency recovery disk (ERD) to access and recover hard disk data if there is a problem. All of Norman Disk Armor's features can be accessed from the NAC Control Center located in the Windows NT Control Panel.
Norman Access Control (NAC). This data security management product prevents unauthorised workstation access and damage and stops unauthorised users from disclosing sensitive information stored in a workstation. Through its two key functions, Access Controls and Global Controls, the NAC restricts which applications a user can cut from and paste to and provides a way to control general workstation security by monitoring passwords and memory and auditing user and system activity. The NAC NT features are accessed from Norman Control Center located in the Control Panel.
Norman Data Defense Systems
Tel (03) 9562 7655
What's new from . . . Watchguard TechnologiesThe WatchGuard Security System by US company WatchGuard Technologies offers an integrated suite of security software tools that include the plug-and-play network appliance WatchGuard firebox, firewall, user authentication, VPN and security management software.
Firebox. The WatchGuard firebox is a stand-alone security appliance that can be managed from any Windows 95 PC or Windows NT workstation. It is simply plugged in between the router and the corporate network and enables the separation of Internet, public and private corporate networks.
Firewall. This component of the WatchGuard Security System automatically blocks TCP/IP services that are not specifically permitted through the firewall. It enables access control, network address translation, logging and notification of incoming and outgoing traffic and detection and blocking of port scanning tools to deny information to hostile outsiders.
Authentication. The WatchGuard System offers integrated support for user authentication, supporting NT Primary Domain Controllers, RADIUS- compliant authentication servers and the WatchGuard built-in authentication server for small environments.
Security Management Software (SMS). The SMS acts as acontrol centre for the WatchGuard Security System by configuring, implementing firewall protection and allowing the status of network services to be viewed through the so-called "Services Arena" GUI.
Distributed by 1 World Systems
Tel (02) 9878 8576 Tel (03) 9626 2425