Large organizations are increasingly looking inwards to secure enterprise applications as threats from external virus attacks diminish, according to a top executive of a data centre technology provider. A few years ago, “companies [sought] to protect the perimeter of their networks. Today the need is to secure assets connected to the network from threats [coming] from the inside,” according to Jayshree Ullal, senior vice-president, data centre, switching and security technology group, Cisco Systems Inc. Ullal noted that large-scale virus attacks that do significant damage have not been witnessed in the recent past.
“The last time we heard of a critical virus attack was when Zotob struck in 2005. But everyday we read about vital and private data being lost or leaked out from organizations.”
In the past, Ullal said, much of enterprise security investment focused on building firewalls to prevent unauthorized access.
One industry insider dubs such initiatives as the “hard shell” approach .
It focuses entirely on protecting the network perimeter, and may not be the best strategy to adopt these days when ubiquitous computing is becoming the norm, according to noted David Fuller, senior vice-president, solutions and products with Telus Business Solutions. Instead, he suggests IT departments develop their application layer assuming people are going to get inside their network. “Once they’re inside, make it difficult for them to actually gain access to applications.”
Fuller called this the “sticky pudding approach” and said it helps enterprises to effectively resolve the “security versus open access” conundrum.
Ullal said recalls the notion of “implicit trust” that held sway some years ago.
The underlying assumption was “if you had the right IP address, and the right MAC (media access control) address, you were a secure user and you were let into the network.”
She said Cisco’s products are based on the “explicit trust” model, which requires a higher degree of authentication before a user or incoming data is granted access to the network and its attached assets. The company’s Network Admission Control (NAC) software not only screens a user’s credentials, but also “verifies the posture of the user or incoming data to determine if entry into the network should be granted,” Ullal said. A user may be a “good guy” but could unknowingly bring in harmful data — spam or data from an untrusted domain.”
Such messages could carry viruses that infect applications in the network and result hundreds of thousands of dollars in damage, she said.
To beef-up its Self-Defending Network offering, Cisco recently bought IronPort Systems Inc. a San Bruno, Calif-based e-mail and Web security appliance maker.
IronPort offers e-mail security gateway appliances that vet inbound messages, discarding up to 80 per cent of spam connections based on the reputation of the sender.
The company also has Web-traffic inspection and data encryption products.
The trend towards protecting networks from inside threats is triggered by numerous high-profile insider security breaches, according to Darin Stahl, research lead, server industry, Info-Tech Research Group Inc.
The London, Ont-based research firm calls the approach “adaptive security.” “Companies are looking for software and appliances that can lock out unwanted visitors, monitor network traffic, red flag inconsistencies and quarantine suspected messages or users,” he said. Stahl pointed to the growing need for “adaptive security” products that can manage log-in identification and changing access permissions.
Info-Tech also sees a move towards centralizing security.
“Security monitoring will increasingly be filtered through a single analytics tool,” said Stahl. He said vendors playing in this space include Symantec Corp., Hewlett-Packard Development Corp., Cisco and Check Point Software Technologies Ltd. “Almost everybody is working towards adaptive security, but no one is there yet. No one has hit the home run,” said Stahl. He foresees adoption of adaptive security systems coming in “bits and pieces within the next five years.” “Right now, no single vendor is going to be able to deliver all the needed products,” said Stahl. His advice to users looking to implement “inside out”, “sticky pudding” or “adaptive security” technologies is to check out the vendor’s vision of the future. “Find out if the company has a vision or is just playing catch-up. You want a vendor that can support you three of five years down the road when technology changes,” Stahl said.