Internal Threats Still Major Network Concern

As wireless technology gains popularity, network security issues continue to multiply. However, wireless connectivity isn’t the only major concern for IT managers; corporate workers pose heightened threats from within enterprise structures.

One of the most productive — and abused — communication tools in the workplace is instant messaging. IM applications pose new risks for unauthorized passage around firewalls. E-mail, too, is pushing safety concerns to the limit on medium and large corporate networks.

Extensive Security Review

According to Paul Brady, president and COO of security firm Mazu Networks, based on customer response, the No. 1 problem is worm intrusions. In the wake of these growing worm and insider attacks comes increasing government involvement in network security.

A recent extensive review of security posed by internal threats concludes that the majority of U.S.-based organizations is still at considerable risk of exploit.

Mazu teamed up with Enterprise Strategy Group to study the current state of affairs with network security. The report exposes numerous flaws in the approach to network security commonly used in corporate workplaces.

Mazu is a security company focused on securing internal network assets. The company’s technology is based inside the perimeter and analyzes network anomalies to identify suspicious behavioral patterns.

Enterprise Strategy Group, a leading industry analyst firm, focuses on storage and information management, information security and applications.

The Mazu report is based on the responses from 229 IT professionals responsible for evaluating, purchasing or managing information security products and services for their organizations. Respondents represented companies ranging in size from less than US$50 million to more than $5 billion in revenue. The participants came from 18 different industry segments.

Flawed Premise

To qualify for inclusion, respondents had to work for organizations with at least 1,000 employees.

Corporations typically design their network security around the belief that external networks present the most risk to an organization’s critical infrastructure. Thus, most organization’s security technologies concentrate on performing border patrol activities through firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS).

Such systems look closely at suspicious incoming network packets. The goal is to pass through so-called good traffic and to block any discovered malicious code.

“Security technology has evolved around fortifying the perimeter. But 90 percent of what people are trying to protect is internal,” Brady told TechNewsWorld.

Mazu Networks doesn’t operate solely around the perimeter. Instead, it takes a more proactive approach to identifying the threats, Robert Nazzal, director of product management for Mazu, said.

“People need to realign their perimeter defenses,” Nazzal said.

Almost half of all respondents indicted that their networks were struck by a worm attack in the last year. Thus, worm attacks remain a major threat to network assets.

About one-quarter of all respondents agreed that their networks had at least one internal security breach in 2004. Slightly more than that number of respondents did not know if their networks were compromised.

IT personnel do not share a solid confidence in the reliability of their firewall rules and access policies. Only 28 percent said they were very confident about this.

Government pressure is responsible for most movement by companies that tighten up their network security. Some 73 percent of the respondents stated that Sarbanes-Oxley Act of 2002 forced compliance efforts that led to an increase in security investment and/or resources.

Startling Concerns

Brady noted that the profile of network attackers has changed. Hacking into corporate networks is no longer a rite of passage. Instead, today’s hackers have political and financial goals in mind.

Networks that are filled with vulnerabilities are facing such new threats from hackers. In order to effectively protect their networks, IT managers need more powerful tools than firewalls — either hardware or software.

The Mazu study revealed the four most common types of vulnerabilities to corporate networks.

The No. 1 offender is the existence of active user accounts that belonged to ex-employees (46 percent). The second most common offender (44 percent) is misconfigured hosts or networking equipment.

Rogue wireless access points (31 percent) and network nodes with default passwords (26 percent) round out the most prevalent offenders to network security.

Prognosis for Better Security

The Mazu report concluded that without a viable solution, internal security breaches will continue to stymie business progress due to interruption and remediation of critical systems. These continued occurrences will lead to tighter government regulations around information security.

The need for better internal network security will force IT managers to become more proactive and impose stricter employee monitoring.

The Mazu report concludes that Internet worms have become a primary threat to system availability and potentially threaten their victim companies with billions of dollars in damages.

The real danger with worm intrusions lies in the fact that organizations still have not integrated adequate worm defenses. This worry is compounded by the fact that the largest networks are the most likely to have an internal breach, according to Mazu’s conclusions.

Organizations with no internal breaches overwhelmingly point to tightly managed user authentication and authorization, well defined security policies and procedures, and “effective network security technologies” as a key to their success

The report stressed that auditing is a key part of securing networks and that vulnerabilities and exploits are widespread.

Mazu’s Approach

Mazu has a two-product approach to protecting networks. The first solution, Profiler, protects internal networks against worms and insider threats. It leverages existing network infrastructure to detect and mitigate new and zero-day attacks. It hardens the internal network against future attacks and audits how sensitive assets are used and by whom.

The second solution, Enforcer, protects the network perimeter against denial of service attacks and worm storms. It detects, characterizes and filters static and dynamic attacks.

Both of these products are designed for enterprise network infrastructures. However, Nazzal said Mazu will enter the small-to-medium-sized business market by the end of the second quarter.

Brady said mission-critical protection for smaller companies is being driven by VoIP service.

“CIOs want people on the networks, not off them. But they have to protect the integrity of the data for the most low-cost way possible,” he said.

For enterprise users, Mazu’s security solution costs from around $75,000, depending on the product configuration and the options purchased.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Security

Technewsworld Channels