Information Security News mailing list archives
Besieged and busy
From: InfoSec News <isn () C4I ORG>
Date: Tue, 16 Jan 2001 01:25:22 -0600
http://www.ljworld.com/section/livinglead/story/39508 By Carlene Hempel, Raleigh News & Observer Monday, January 15, 2001 Worried about hackers, companies flock to computer security firms to lock out dangers. If it's not a group of tech-savvy malcontents cracking into Internet powerhouses like Amazon and eBay, it's a smart-aleck Filipino kid scripting an e-mail virus, just because he can. Or it's something worse. The World Wide Web has been assigned the nickname Wild Wild West for good reason: The air of lawlessness that pervades it. And though the number of computer crime busters seems to be growing, the market is begging for more. "It's just a booming market. But what was that old Virginia Slims commercial? 'You ain't seen nothing yet,'"says Randall Bennett, president of Secure Enterprise Computing in Durham, N.C. His client list has quadrupled between this year and last, and his staff has grown from three to 17. "Our phones are ringing off the hook," says Tom Kucmierz of GFI, a computer security software company based in Europe with North American sales office headquarters in Cary, N.C. "Who's calling? It's any company that has a connection to the Internet, small to huge, anybody. We have a lot of Air Force bases calling in, a lot of high schools, colleges, Fortune 500 companies right down to the small mom-and-pop shops. They're all getting hammered." What security companies once considered their target market industries such as banking, telecommunications, aerospace and defense has grown into a marketplace bustling with anyone who has a commercial stake in the Internet. Their clients have a variety of complaints But most complaints involve fears of trade secret theft by corporate competitors, employee fraud and international espionage. And these fears are not groundless. In March, the Gartner Group issued a report that said by 2003, 50 percent of all small to mid-sized businesses connected to the Internet and managing their own security systems will experience a computer-based attack. The Computer Security Institute, in partnership with the Federal Bureau of Investigation, said in a report issued this month that 70 percent of large corporations reported some form of cyber attack in the past year, almost double the number reporting attacks just two years ago. Total cost in damages for 1999: $265,589,940. "The findings of the 2000 Computer Crime and Security Survey confirm that the threat from computer crime and other information security breaches continues unabated and that the financial toll is mounting," the report warned. Mounting, but not ignored. "A company like ours, we can't even breathe right now," says Bennett. "We're so busy, and next year is supposed to be even busier." Crime-ridden neighborhood The banks, the biotech and all the research and development going on in the Research Triangle Park area of North Carolina make it a hotbed for attempted computer attacks. The FBI saw enough of a threat to North Carolina that it established one of its first eight computer crime labs in the state last year. And the bad news is, business is booming. "We've had a 300 percent increase in our case load in the last four months," says special agent Chris Swecker, who heads North Carolina's computer crime unit. There are eight agents working for him, two in Raleigh. He's hiring two more for the Triangle because, he says, it's the hottest zone in the state. "Six months ago, we were working a lot of low-level computer vandalism. Now we're involved in cases where there are multi-million intrusions and damages," Swecker says. "A good percentage of our caseload centers around a lot of the high-tech companies." The problem he and his crew still face, though, is that companies continue to keep attacks quiet, and the FBI has trouble identifying trends or computer crime rings when they don't have all the facts. Which is precisely the trouble, says Bart Bielawski, chief executive officer of the 4-year-old security company Celotek. Companies don't want outsiders to know there are holes in the system. "We are very vulnerable," he says. "It's costing us a lot of money. And I know most organizations underreport by far what's happening to them for a very obvious reason. They don't want to be seen as vulnerable. How will you feel about your bank if it's caught with its you-know-what around its ankles?" Adapting to the situation Not all the current group of network security companies emerged with the new e-business model. Many have simply adapted the mainframe security work that they used to do for large companies such as IBM and Digital Equipment Company. What's happened, though, is that their clients are no longer restricted to the big boys. Thus, there are many more of them. "The large companies have, for years, been seeking help," Bennett says. "But now the middle market companies are saying, 'This is too much. Our IS (information services) staff is overworked and we have to go outside and find professionals who understand this.'" That is exactly the strategy the Gartner Group recommends. "An issue for small and mid-size enterprises is that they usually cannot afford, or do not attract, experienced security personnel," analyst Jeff Pescatore writes in the report. And that makes them most in peril. "Most of these companies are flying by the skin of their teeth," says Kucmierz. "I go into see their IT departments, and they're just running around, just trying to keep the people's computers up, never mind worrying about security." Firewalls, fiber bumps Of course, not every answer has to be a prohibitively expensive one. There are numerous companies that install firewalls, which is a system that stands between a company's local area network, or LAN, and the Internet. The firewall can prevent someone on the outside from accessing the internal network, and in turn can prevent people on the inside from getting out. Firewalls can be programmed to chart how much time employees are spending online, where they're going and whether they are doing their surfing during work hours. And they can detect when an employee is up to something fishy. GFI doesn't install firewalls, but has two security software products. Mail Essentials is a filter that blocks e-mail viruses and monitors content while allowing encryption. LANguard is an Internet access control program that monitors what's going in and out of the system, and issues reports on it. Then, there are companies like Bennett's, which start their client relationship by trying to crack into the network from the outside. Once security holes are identified, they're patched and a full-service plan is developed and supported by the security company. Another option Celotek, a spin-off company from MCNC in Research Triangle Park, takes a different approach. One of its products is hardware-based and provides high-speed security services to customers using asynchronous transfer mode, or ATM, networks. These systems are capable of incredibly fast speeds thousands of times faster than the fastest modem and are often used to support the data traffic for large corporations and institutions, such as banks, insurance companies, government agencies. Celotek supplies the box that's inserted at the perimeter of those networks. It's like a security guard that monitors the data and verifies its authenticity. "Because they are high-speed networks, they operate over fibers. We're the bump in the fiber," Bielawski says. "As the fiber enters a building or a campus, on that perimeter, we place one of our systems and it will encrypt and provide other security functions. It's basically unbreakable stuff." But Celotek is thinking even broader these days it's thinking Next Generation Internet and it's working on a plan with networking companies such as Cisco, Lucent and Nortel so that the security system would be built right into the router; if that happened, every packet of data traveling the Internet could be authenticated and encrypted. "The leading approach to dealing with this much larger mess for everyone is called 'IP sec,'" Bielawski says, or Internet Protocol security. "It's a subset of the Internet Protocols, which run the Internet." The idea is, build the security into the infrastructure itself. That way, anyone could benefit, not just those who could afford to buy and support an individual security system. The product should be on the market in a year. "I think one of the things we have seen as the globalization of information happens is, you really don't know where your data is," says Mel Snyder, vice president of operations at Celotek. "You may be secure and understand in your building how controlling you are, and you know whether your employees are coming and going, but once your data leaves the building, you don't really know where it's going. That's the big thing we're seeing." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Besieged and busy InfoSec News (Jan 16)