Nefarious new characters will relentlessly knock at network doors this year, and locking the openings won’t keep them at bay.
Welcome to the world of blended security threats. For this year, in addition to a host of worms, viruses, targeted hacks and other cyberspace nasties, industry experts
expect spammers and virus writers will merge their considerable skills to create new ways of causing mayhem.
The latest, the mass mailing e-mail virus MyDoom, wreaked havoc on computer networks around the globe last month at an unprecedented rate.
“”Worms and viruses are increasingly using spam techniques — not just the exploitation of unprotected mail relays to maximize spread, but also the use of social engineering to trick victims into opening malicious files,”” says a report by IDC. The research firm also believes attackers could derive revenue from the illegal proliferation of a spam server.
James Young, president of Ottawa’s Nemx Software Corp., sees two top spamming trends plaguing computer networks this year: highly aggressive Web beacons and major exploitation of relay hosts.
Young says Web beacons (invisible images placed in e-mail and on Web pages to monitor the behaviour of users) will be used more aggressively by spammers to gather information.
The use of open relays to send spam will also intensify as spammers start exploiting non-delivery report information and common authentication techniques, he says. These weaknesses will be exacerbated by the shortcomings in Microsoft’s Exchange Server, he adds, and by holes created by proxy-based anti-spam products.
Other nasties to watch for this year include zero-day exploits, threats that are launched against a vulnerability on the same day the vulnerability is discovered, added Kevin Krempulec, Symantec Corp.’s Canadian channel sales manager.
Here’s how big these security problems have become: IDC estimates spam represented 32 per cent of all external and internal e-mail sent on an average day in North America in 2003, up from 24 per cent in 2002. Worldwide, IDC estimates 20 billion spam messages will be sent daily by 2006.
It’s big enough that Bill Gates recently vowed to kill spam in the next two years. Microsoft has unveiled anti-spam software technology, dubbed SmartScreen, set up a reward program for the capture of virus writers and promised its upcoming Windows XP Service Pack 2 will tighten security on the desktop.
Still, Tristan Goguen, president of Internet Light and Power (ILAP), a Toronto-based Internet service provider, says only about 30 per cent of Canadian companies employ anti-spam technology.
Big opportunity
For resellers, this lack of end-user awareness means a big selling opportunity. IDC estimates the worldwide anti-virus software market will reach US$4.4 billion in 2007 (up from US$2.2 billion in 2002). Revenue from worldwide firewall/VPN security appliances is expected to grow from US$1.263 billion in 2001 to US$3.768 billion in 2006.
“”The market is huge and now that we are seeing IT budget dollars loosening up, spam and anti-virus will be one of the biggest plays for 2004,”” says Rosaleen Citron, CEO of WhiteHat Inc., a Toronto network security VAR. “”These issues caused everyone grief last year but the budgets weren’t there to support the purchases.””
And while Krempulec says there remains a shortage of qualified security VARs, this represents an opportunity for partners to offer customers certified security expertise.
How they will do it ranges widely. “”We anticipate that by the end of 2005 most of the large operating system companies will include content filtering and anti-virus systems as part of the operating system,”” says Citron. “”In the meantime, the smaller gateway products and the monthly e-mail defence services appear to the most attractive”” for cost-conscious companies, she adds.
Nemx’s Young, whose company specializes in Exchange protection, believes resellers must provide customers with solutions that offer multiple lines of defence. They include reputable or multiple real-time blackhole lists; content filtering; friendly domains; and solutions that empower end-users and administrators.
ILAP’s Goguen adds that as some anti-spam solutions become ineffective, companies will migrate to a stricter system like a white-list or closed contact system that is less prone to spam.
Krempulec recommends resellers integrate multiple security technologies into one solution. “”No single technology can adequately protect against the complex threats we are beginning to see.””
Organizations need a “”holistic security strategy,”” he says, one that includes an alert system that provides early warning against new and emerging threats; technologies across all tiers of the systems architecture to protect critical application data and devices; a plan to respond when the inevitable attack does occur; and a comprehensive system to manage the ongoing process of securing their infrastructure.
Focus on the gateway, application server and client levels rather than choosing a firewall or an intrusion sensor or an antivirus product, he says. “”By doing so, we can create a defence-in-depth solution that allows us to manage the total environment, not the individual security applications.””
Dan Sibille, director of channel operations for the Americas at Internet Security Systems (ISS), agrees that simply installing a firewall won’t do. “”Today’s firewalls failed to protect against the last four most widespread worms — CodeRed, Nimda, SQL Slammer and MSBalster — because of their inadequate ability to detect malicious traffic payloads. Simply put, they cannot stop what they cannot see.””
Custom solutions
In addition to peddling gear, resellers can also help organizations secure the fort by providing a comprehensive assessment of the company’s security environment, and then build custom solutions that address their specific needs, adds ILAP’s Goguen.
What’s needed is an authentication system, he said, similar to call display on the telephone. “”Another tool we are developing is to identify who the sender is based on the IP address on the mail system the sender is using. This is critical for banks, retail organizations and marketing organizations.””
Ottawa-based reseller Technology Management Corp. pitches a packaged solution, which is more cost-effective, said project manager Derek Major, and will be an area in IT that matures.
“”Every company has different security requirements. With the currently available solutions, there is not one piece of software or an appliance we can implement cost effectively that addresses all security needs. Therefore, a blended strategy is a must,”” he said, adding that vendors are moving towards a single, centralized package that encompasses all security needs in one place.
ISS’s Sibille agrees, saying resellers can make money offering an integrated product that performs multiple security functions, including firewall, VPN, anti-virus, intrusion detection and prevention, content-filtering and anti-spam.
IDC recommends combining solutions such as desktop anti-virus, server and gateway anti-virus and content filtering, along with proactive techniques such as behaviour analysis and heuristics.
WhiteHat, for its part, advocates a layered security approach that includes firewalls, anti-virus, intrusion detection systems, content filtering and authentication.
Citron says the best way to combat the problem is to deploy updated anti-virus products on the mail server and on the desktop. Firewalls with the anti-virus built in such as personal firewalls are becoming very popular with the large enterprise clients.
“”It’s a lot like having an alarm system, a guard dog, and an armed guard to protect your home,”” she says.
“”The
