Seeking Tomorrow's Security Solutions Today, Part 2
Many security failures are not due to problems with the technology, said Francis Brown, managing partner at Stach & Liu. Focusing on new technologies and hoping for a new silver bullet that will "radically reshape" the state of information security is "a distraction," he said, "not a step in the direction of actually addressing existing issues."
07/28/11 5:00 AM PT
A widely held view in the security community is that currently available security technology just can't cope with the new types of attacks being launched on IT infrastructures.
Some security vendors, in fact, have acknowledged their inability to fight advanced persistent threats and are calling for new approaches to fighting hackers.
Already, a couple of new security technologies that could be significantly more effective are coming to light.
2 Security Solutions for Tomorrow
One new solution to the problem of securing the IT infrastructure is the PoliWall network security appliance from TechGuard Security.
This determines the categories to which all incoming packets of information belong, then allows or disallows those packets based on policies defined by users.
"PoliWall allows for a new paradigm in security that has not been available in the past -- what are the resources in your network, and who needs access to and from them," TechGuard CEO Suzanne Magee told TechNewsWorld.
"Instead of playing cat and mouse with attackers, take a proactive approach and redo your overall security policy by resource, and by tailoring access and evaluating egress needs -- who needs to go where," Magee suggested.
A second innovative approach comes from Damballa Labs, which has unveiled Damballa First Alert, a cyberthreat early warning system.
This system, which incorporates two new inventions -- Kopis and Notos -- can detect cyberthreats "many weeks" before the security community at large knows about them, the company claims.
Kopis is an early warning threat discovery system that monitors domain lookup behaviors on autonomous networks across the Internet hierarchy. The Kopis research paper will be presented at the August proceedings of the 20th USENIX Security Symposium.
Notos is a dynamic reputation system for DNS that automatically assigns DNS reputation scores to new, previously unseen domains.
FirstAlert can discover cyberthreats 30 days before the rest of the community, Stephen Newman, Damballa's vice president of product management, told TechNewsWorld.
"Security vendors are dependent on seeing malware samples before they can begin to create their detection techniques," he explained.
"Kopis can detect malicious domain abuse within any autonomous network at any level of the Internet/DNS hierarchy without ever needing to see the malware sample," Newman added.
Notos automatically classifies the maliciousness of a previously unseen domain or IP address based on historical DNS data sets of both known bad and good domains, and IP addresses using 32 statistical features. When a previously unseen domain and IP address pops up, it's classified based on its statistical similarities with other domain/IP address pairs in Notos's historical database.
Further, Damballa's products can identify and terminate communications initiated by malware lurking in the background on a system not previously known to be infected, Newman said.
I Fought the Flaw and the Flaw Won
Perhaps the problem is not that current security solutions are inadequate, but that they are not properly implemented.
IT security is not well understood and, therefore, is under-deployed, Steven Sprague, CEO of Wave Systems, told TechNewsWorld.
"We need to get down to basics and make sure the basics are done well," he said. "We need to follow guidance that already exists and test implementations."
Saying existing security technology has been proven inadequate because of the ease with which hackers trample all over the IT infrastructures they invade is "a bit like saying seat belts are a failed technology because they didn't save the life of someone in a car wreck that decided not to buckle their seat belt," Francis Brown, managing partner at Stach & Liu, told TechNewsWorld.
"The failure was not of the technology," he said.
In fact, focusing on new technologies and hoping for a new silver bullet that will "radically reshape" the state of information security is "a distraction, not a step in the direction of actually addressing existing issues," Brown remarked.
For example, the Sony PlayStation Network was hacked because Sony failed to put up a firewall to protect its servers and canned its network security staff a few weeks before the breach, he asserted.
Cash Won't Help Security Clunkers
Spending lavishly on IT security won't work, according to Brown.
Although intrusion detection and prevention systems are "valuable tools" for enterprise security, they are often improperly implemented, he pointed out.
Often, these tools have been tuned down to the point where they'll only notice the most blatant attacks, Brown said. "It's a bit like relying on a smoke alarm to save you from a house fire after you've removed the batteries from it because it was annoying you."
Companies should invest in setting up the processes and training staff to effectively use their IT security products, Brown recommended.
"Corporations will spend their limited resources -- time, budget and personnel -- on the latest and greatest mobile device security gizmo," he observed, "while they have servers with blank passwords, databases with default administrative passwords, unpatched software, intrusion-detection systems generating logs that nobody ever looks at, and other failures to sustain basic security functions."
Keep Things Simple
From the technology perspective, implementing stronger security in the operating system and Web browser is a cost-effective way to secure IT systems, Todd Feinman, CEO of Identity Finder, told TechNewsWorld.
"Block a virus at the operating system instead of training an employee to use new software," Feinman suggested. "Block phishing sites at the browser, so users don't load the next page purporting to need their password or bank account information."
Other simple things an enterprise can do include wiping "as much historic data containing sensitive information as possible," said Feinman, so that if a hacker gets through, "the most important assets of the company are not compromised."