We're Watching You

[InfoSec News <isn () c4i org>]

http://www.washingtonpost.com/wp-dyn/articles/A42202-2002Apr24.html

Joseph C. Anselmo
Washington Techway
Thursday, April 25, 2002; 10:45 AM 

The security chief at a big name brokerage firm in New York had a
problem. Proprietary information was being leaked from the trading
floor to a competitor and he didn't know how.

Enter SilentRunner, a Linthicum-based startup that has developed
software to enhance network security.

"We took a look at the 400 [Internet] addresses on the trading floor,"  
says Jeff Waxman, SilentRunner's president and CEO. "Just before the
trading shut down at 4 o'clock we watched an e-mail go from one of his
traders to a competitor with all of their internal information." The
offender was escorted out in handcuffs and SilentRunner had won
another customer.

Protecting corporate computer networks from outside intruders has
become a big business these days. But information technology security
experts say it's also crucial to know what's going on inside the
firewall.

"Every survey that's ever been done says that two-thirds or
three-quarters of security [breaches] involve insiders," says Paul
Connelly, who runs PricewaterhouseCoopers' Technology Security
Practice for the southeast region. "What an insider can do is much
more damaging because they know your network and what's critical to
your network."

The SilentRunner software was released in June 2000 by defense
electronics giant Raytheon Co., which spun it off as a wholly owned
subsidiary last November. The idea for the commercial software came
from Raytheon's work on top-secret signals intelligence programs,
which sift through massive amounts of communications to intercept
conversations from targets such as al Qaeda terrorists. For workers
goofing off on the job - or worse - the software is downright scary.  
Loaded onto a laptop, it runs undetected. Twenty five algorithms map
out how a network is being used - from keeping tabs on intellectual
property down to every e-mail, every Web site visited and the location
and make of computers logged on remotely. The software translates huge
amounts of data into simple illustrations to help network
administrators spot trouble.

"This technology will let you determine if [a breach] has happened and
reverse engineer what's happened with the date, time and sequence so
that you can see exactly what took place," says Waxman, a veteran
Silicon Valley software executive. "It also lets you look at your
network from a high level and say, 'Are there any security issues that
I need to fix before something happens?'"

But it doesn't come cheap. A SilentRunner license retails for $65,000;  
an optional maintenance and support package runs another $13,000 per
year. Larger customers may need multiple licenses.

And while SilentRunner enhances security, it does not replace
firewalls, which can cost $20,000 or more to install. SilentRunner
doesn't disclose revenue, but says it has sold 240 licenses. Business
is equally split between government and commercial customers.

Waxman says the company is "strongly profitable" and executives are
eyeing an initial public offering after sales ramp up. It's a
promising market. While security efforts still account for less than 1
percent of overall IT spending, International Data projects global
spending on IT security will reach $46 billion by 2005, up from $14
billion in 2000.

Michael Rasmussen, director of research and information security at
the Giga Information Group in Chicago, says SilentRunner's two closest
competitors are Niksun of Monmouth, N.J., and Sandstorm Enterprises of
Cambridge, Mass. "In my opinion, SilentRunner leads the field," he
says.

Some IT security veterans caution that software alone cannot do the
job. "Having a product without having it monitored 24 hours a day,
seven days a week radically reduces the effectiveness of that
product," says Elad Yoran, founder of Riptech, which manages IT
security for hundreds of clients from an operations center in
Alexandria.

And then there are employees who grouse about privacy. Waxman waves
off such concerns, noting that companies have a right to monitor
equipment they own.

"Some employers don't want their people going to 'SpankMe.com,' some
employers don't want jokes sent out," he says. "This is simply a
technology that allows the employer to enforce whatever they choose."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.