Battling the breeding ground
- 21 November, 2001 10:42
The real problems started with the whole 24x7x365 thing. Globalisation happened, customers became more demanding and quite suddenly business couldn't afford to shutdown - ever. The issue was compounded by the development of file-transfer methods: adding to the good old floppy disk were a plethora of formats, from zip drives, CDs, and DVDs, to e-mail and the Internet. Then, to top it all off, a scattering of clever chaps (ranging from bored adolescents to vengeful anti-capitalists) unleashed a variety of three-pronged malicious codes that could invade a network via e-mail, disk/CD or simply by surfing a Web page.
With approximately 1000 viruses generated each month, Paul Ducklin, head of global support at security vendor Sophos, says people are more aware than ever of the importance of security.
"These days the security industry is working harder as well as smarter because the threats are more subtle and in many ways more dangerous," Ducklin says. "Nimda didn't come through the regular channels. Code Red tapped into the vulnerabilities of the hardware. What's more, they attached themselves to the company letterhead before propagating or made subtle adjustments to official Web sites or documents, which might have escaped attention. This type of hack creates enormous embarrassment for an organisation, especially a public company where the share price can be affected."
The right backing
While antivirus is generally acknowledged as the first step in a security solution, the sophisticated nature of recent attacks has made it glaringly obvious that no single technology will solve all the problems. The product is only half the solution.
"The failure to recognise and address this is where some of the less-focused vendors increase risk," says Ducklin. "Antivirus and firewalls aren't fit and forget'. The key is vigilance and the only way to maintain this is with 24x7 support behind the product."
Andrew Gordon, managed service architect for Trend Micro Australia, agrees, adding that service providers would be crazy in this day and age to partner with a vendor that didn't offer round-the-clock service and support.
On the other hand, Antony Steele, network and application engineer at Open Systems, the local distributor for F-Secure antivirus software, says this support doesn't have to be provided on-shore. For example, F-secure runs hourly updates, which are sourced from the vendor's headquarters in Finland while Open Systems acts as a local technical support centre for resellers. "Updates are critical," says Steele. "You could compare the best and worst AV [antivirus] products in the world and if the worst has its updates and the best doesn't, than the worst is still offering a better level of protection."
According to Steele, equally important to a contingency plan is ensuring that the lines of communication between vendors, distributors and resellers are open so that resellers have an answer when customers come calling.
"AV is like insurance. You may not call on it every year, but when you do it will be because of big trouble and you want to make sure you're covered," Steele says.
Other factors reduce the effectiveness of AV systems, such as the ability of viruses to exploit network vulnerabilities. The penetration of Microsoft's ISS Web server by Code Red and Nimda are examples - the holes can't be closed until the Microsoft patch is applied.
"We encourage our customers to add AV procedures to their backup procedures to make sure that something hasn't uninstalled their security that week without them realising it," says Steele.
Outsourcing AV protection
The significance of correct AV installation, minimising periods of vulnerability, and having a comprehensive understanding of where attacks are coming from and which systems they are targeting has built a strong case for outsourcing security to specialists.
Companies like Zento and eDoctor have been providing dedicated security services for some time to mission-critical organisations that can't afford the risk of hourly updates but need constant system scans.
"Typically, organisations don't have the resources to provide dedicated 24x7 protection," says Alex Nemeth, managing director of Zento. "They achieve a competitive advantage by outsourcing non-core elements."
The increased complexity of PC and network protection has raised the value factor of channel companies that can negotiate the security quagmire. The more complete the solution, the higher the value factor.
John Donovan, the local managing director of security vendor Symantec, says most internal IT departments have an appreciation of network architecture and a knowledge of firewalls. "The channel's strength is in filling the security skills shortage," he says.
Meanwhile, Trend Micro is one of many vendors moving to a proactive model, establishing a managed security offering in conjunction with Telstra. The service, based within Telstra's 24x7 operation centre and currently in soft-launch mode, will operate on a subscription basis and will be cushioned by the telco's integration arm, Advantra.
"The goal is to clean the water upstream rather than at the tap," says Trend Micro's Gordon. "We get access to the networks, look for outbreaks and are able to remotely update that."
According to Gordon, it is unlikely that this style of offering will compete with existing channel partners because it is not everyone's cup of tea. "We've been performing this function [for our high-end customers] anyway, expect that to date it usually involved me getting a red alert call at 4am."
Gordon also says that unlike ASP (application service provision) and SSP (storage service provision), managed security is not restricted to high-end players like EDS, CSC and the telcos. It is a role that can be assumed by systems integrators like Netstar and Guardian, both partners of Network Associates, or by pure-play AV antivirus solution providers such as Virus Defence Bureau.
The advantage of the outsourced, or MSSP (managed SSP), model is that it removes the problem of people not bothering to upgrade their antivirus systems. Otherwise, the software's necessarily discreet nature often leads people to think it is not imperative. "You're AV is only as good as your last update," says Gordon.
The advantage for the channel is that this service provision can be moulded to a series of business models.
Open Systems provides F-Secure to the customers of a small Melbourne-based ISP, Friendly Giant, which allows customers to subscribe to the product for $154 a year (half price for the second year) after sampling a 30-day free trial. Steele says the offering has generated a surprisingly good response among home users, despite its seemingly high cost.
Gartner is also encouraging Australian businesses to require their ISPs and data centres provide virus protection as part of service-level agreements. However, Frances Ludgate, business manager for security solutions at Computer Associates, argues that few people, especially in business, will rely solely on their ISP for AV protection.
The long-term goal for TrendMicro's Telstra AV service is to position itself for the impending challenge of securing wireless networks. While wireless technology is by no means sprinting out of the starting gate, having been hindered by wider broadband issues, when it does take off there will be an enormous increase in the amount of bandwidth travelling through mobile phones, including Internet downloads and e-mails.
Gordon admits that guarding data that is travelling in mid air is a tricky (and some would say impossible) business - there is little to stop an adequately equipped and determined individual from plucking the data out of the air en route. However, Gordon says the quality of the data that reaches the phone can be ensured, by protecting the major access points on which the transmission is sent. Many telcos, Nokia included, have invested considerable funds in preparing for this era.