/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
/vnd/media/media_files/2025/09/26/vnd-banner-2025-09-26-11-20-57.jpg)
Threats to networks are simply getting faster and perhaps a bit
smarter, galvanizing vendors to produce solutions that are smart and fast
There was
a time when there were many similarities between writing graffiti and cyber
hacking. Both required creativity, innovation, and even a bit of genius. And
though they had potential for serious damage, all the effort in both these
activities was geared for a bit of elusive fame-in the name of a pseudonym
whose real identity would perhaps never be known.
Security threats have become malicious. They are still
designed to create serious damage, but the object now is primarily monetary
profit. But worse, it is the new playground of the underworld. The hacking
industry has become more profitable than the illegal drug industry.
RANSOMWARE-WHAT'S YOUR PRICE?
A new word was coined-Ransomware. In this type of attack, the hacker (and
that has become a really dirty word) installs a code on server or a PC, locking
out certain files. Then a ransom demand is made, to deliver the unlocking codes.
Very few of these attacks have been reported so far, and the one that has been
accepted publicly had the files unencrypted without paying the ransom of $200.
Although this attempt seems childish, it reminds of the extortion threats that
organizations had received in the previous years for paying up or be subjected
to DoS or DDoS attacks.
It is suspected that many more organizations would have
received such ransom demands, but not many are acknowledging them. However, what
is sure is that such attacks would get more refined, cracking the codes will be
more difficult, and modes of payment will be more refined. A bank account is
surely not a safe means of receiving ransom money.
Ransomware is the most recent and another clear indication
that security of networks and network resources needs to be taken more seriously/vnd/media/post_attachments/5b1c921212e51e4776dec55f71da406c3da532bcdd6996348e72cb0860b7b7d3.jpg)
/vnd/media/post_attachments/ac2998fed6e8b1cdb29c4b8b59ee759813eaa15593c845b520339ac2ae37e840.jpg) | EXPERTS PANEL |
Adrian Amelse, senior |
COLLABORATION
For a start, various security vendors-even ardent competitors are
now collaborating. Layered security for high networth assets like data centers
and head offices is still a popular option, and despite integrated solutions
being available, best of breed is still being opted for in these special cases.
The collaboration leading to interoperability of devices has been in evidence
now for quite some time. What is increasingly happening is that whole framework
such as the network and mission control frameworks (which have several protocols
associated with them, and which also have the algorithm required to process
those protocols) are becoming a part of these collaborative efforts. Not just
various vendors of IT equipment (including security vendors), but even various
service providers are collaborating with the vendors to qualify their services
before they are launched. That is a much larger collaborative exercise, and
collaboration at that level is happening a lot more. Standard bodies such as the
IEEE and the IETF are of course driving these exercises, but they are being
helped by various vendors coming together to create working platforms, and then
presenting these platforms to the standards body for ratification.
COST
The investment of time, skill, and money required for managing the
traditional security infrastructure is getting higher. The increase in
complexity is coming from the proliferation of attacks, which are being fuelled
by the hacking industry getting smarter and discovering many new revenue models.
So, the trend is increasingly towards automated security
deployments like IPS (intrusion prevention systems). They have been around for a
while now, and of course level of deployments don't match the levels of
firewall deployments. But they are increasingly becoming more popular. And
vendors are saying that most of the new RFPs (requests for proposals) now ask
for IDS/IPS. They add that over the course of this year, new deployments of IPS
will cross the new deployments of IDS. Even if that does not happen this year,
the IPS is likely to become increasingly attractive with their relative freedom
from patch management, and the requirement for fewer personnel as most of its
processes are automated. Also, with cost becoming a major issue, point solutions
would continue to give way to integrated solutions.
Organizations are likely to go for unified threat
management solution in most scenarios, except the datacenter or head office kind
of scenarios. And here too, proactive technologies are likely to increase their
share. These proactive technologies work by identifying the behavior of malware
rather than its unique signature.
SECURITY IS MONEY
The other very clear trend is that management of security will continue to
become more complicated and more costly. With the underworld looking at it as a
serious new avenue, the network is unlikely ever to be completely safe. The
related trend that seems to be picking up is that security is becoming an
application in itself.
Not just the vendors, but even service providers are
increasingly putting it up as a value added service. While routers have already
incorporated many security features, today the telcos are offering and charging
a premium for secured services. Telecom Italia is one that is charging a premium
for providing a host of secured GPRS services.
/vnd/media/post_attachments/cb085413c4ac8747fe7ae6ae5a180c8937b456c8cc143ae29f1baeba48dc5a66.jpg)
VIRUSES BECOME DEMOCRATIC
No longer will delinquent geniuses have to write inspired software/malware.
Instead, every time a network or an OS vulnerability is discovered and
published, all that the criminal hacker has to do is target the existing malware
to that vulnerability, recompress it into one of the many compression formats,
and let it loose to find unprotected points of entry. The changing demographics
of the hacker may well explain the rather obscene and crass covering notes that
the new-age malware carries. And there is, like always, free software available
for doing most of this work. The Zotob virus that hit last year had variants
running into the 'x' and 'y' alphabets.
| Organizations are opting for box solutions for their remote offices. The idea being-to save on cost of managing roomful of equipment. |
REMOTE MANAGEMENT
That is one trend, which has been waiting to happen for some time now,
especially with remote management of infrastructure taking off. Currently, it is
not a major trend. However, with the SMBs coming into this market this business
is likely to pick up, as these organizations may not have the required manpower
and skill to combat the ever-growing threats out there. Many large organizations
are also likely to contribute to this business and many integrators are
reporting that certain banks have also starting showing a preference this
outsourcing of security management. The only enterprises that are likely to stay
away from this trend are the IT and ITeS.
AUTOMATED CONFIGURATION
Organizations are opting for box solutions for their remote offices. The
idea being-to save on cost of managing roomful of equipment. While saving on
the cost of manpower is the major driver for these solutions in the West, the
vendors of these solutions are confident that these services have a place in
India despite the labor arbitrage. The key drivers here could be lack of trained
manpower. With automated configuration, the box would be sent to the remote
office with a minimum configuration. The rest of the configuration will be
pushed to it once it is plugged in. While these devices have been available for
remote offices for a while now, the trend of the future is that the SMBs may now
be their new clients. These will also be useful where the user's level of
technological awareness is not very high, for example, when networking the
petrol pumps in remote areas, or even banks with networked branches in rural
areas.
There was a time when the smart hackers found ingenious
ways to do their deed and organizations had to move fast to protect themselves.
Today, it is the hacker who is moving faster and faster, and the guardians of
network security are attempting to become smarter. For all the changing trends
in the network security business, it seems the smart will always beat the fast.
Alok SinghÂ
aloks@cybermedia.co.in