Network Security : Growing Malaise

VoicenData Bureau
New Update

The surfacing of high bandwidth wireless devices has made a firm impression

in the market but has also lead to security becoming more complex.


In 2008, security attacks online were rampant despite Web filtering services

by leading security vendors. As per a Websense report, fraudsters have been

constantly improving their underground ecosystems and adopting different attack

strategies to target unsuspecting users.

From the fraudsters' perspective, the attack goes beyond registering fake

accounts or email addresses, sending mass emails over the Internet, infecting

thousands of user machines, or stealing information. It also involves switching

things with a combination of different tactics and a goal to target others users

over different areas of the Internet.

The problem is further supplemented by the fact that people are getting more

mobile. The security landscape is being affected by rapid changes in the way

people work and collaborate. The attacks are small and sophisticated and include

service-level and application-targeted attacks, DNS poisoning, and route

hijacking. The proliferation of botnets and the damage they can inflict on the

network infrastructure will continue to be common.


In the future data-centric mobile devices could become a major target for

virus writers and hackers, as well as pose enormous amount of risk to data

confidentiality. Lost or stolen devices can jeopardize confidential business

data, compliance efforts and reputation. Moreover, as per industry analysis,

businesses suffer from the costs of downtime, leaked data, infections, lost

employee productivity, and cleanup.

It's in the Air

In the recent years, the shift from wireline to wireless networks has sharpened
the way enterprises approach their end goals. And with this growth information

is going to be more and more susceptible to attacks. Earlier, telecom networks

were more service centric, closed and had a propitiatory architecture approach.

However, with the emergence of networks such as 3G and WiMax, it is going to be

more open with more external exposure and customer control.


The growth of remote workforce is resulting in the progression of VPN and

wireless based networks. According to experts, there are several infrastructure

issues related to such networks and the demand from enterprises is revolving

around them. Also, data speeds while using data cards is not up to the mark and

there are various security challenges associated with networks based on 3G and


An annual survey by Arbor Networks indicates a 67% increase in scale of

attacks over the last year. The largest sustained DDoS attack in 2008 was 40

Gbps, or 2.5x the size of the largest attack reported last year and 100-fold

increase versus 2001.

As per industry forecast, 2009 could see dramatic increase in the volumes of

spam, phishing and malware attacks targeted at companies.


As much as 90% of all infected Web pages are from legitimate sites. This

trend creates several challenges for enterprises. Network admission control (NAC)

and application security are two significant areas in network security that need

to be considered.

As per an analysis of nearly 430 mn email messages in 2008 by Trust Layer

Mail, the clean mail managed service from Panda Security, only 8.4% of emails

that reach companies are legitimate. Some 89.9% of messages are spam, while

1.11% was infected with some malware.

In terms of new solutions UTM (unified threat management) can be considered

as the most recent trend in this space. Some organizations are also using

biometrics, including fingerprints and iris scans, to authenticate users. In

addition, the future of networking security will be governed by binding user

identity with security because the individual user has emerged as the weakest

link in the security chain

Experts panel

Amuleek Bijral, country manager, India & SAARC, RSA, Security

Division, EMC

Amit Nath
, country manager, India & SAARC, Trend Micro

Animesh K Sahay
, head, telecom business, India and SAARC, Juniper


Chris Fedde
, president and COO, Safenet

Joe Wang, CEO, WatchGuard Technologies

Hemal Patel
, CEO, Elitecore Technologies, Cyberoam

Kang Eu Ween, regional enterprise solutions director, Juniper

Matthew Young
, vice president, Sales, Asia Pacific, Blue Coat Systems

Mikko Hypponen
, chief research officer, F-Secure

Murtaza Bhatia
, national manager, Professional Services Securities and

iBoss, Datacraft

Prosenjeet Banerjee, head, global security services, HCL Comnet

Pranesh Babu, senior VP, network and services engineering, Sify

Rajiv Chadha
, vice president, sales, VeriSign India

Sajan Paul
, head, technology & consulting, enterprise solutions, Nortel

Sameer Karmarkar
, head, identity management practice, Persistent Systems

Sanjay Vig
, CEO, Orange Business Services

Santhosh Koratt
, head, consulting & compliance, SecureSynergy

Tata Rao, senior vice president, system engineering, Cisco India &

Vishal Dhupar, managing director, Symantec India

Vishak Raman
, regional director, India & SAARC, Fortinet

Harvinder Singh, country manager, India , F5 Networks

John Cunninghum
, director, RFID & Wireless, Enterprise Mobility

Business, Asia Pacific, Motorola

Sandeep Gupta
, CTO, ipolicy Networks, security products division, Tech

Mahindra Ltd.

John Karabin
, Regional vice president, security solutions, Asia Pacific,

Verizon Business

Growing Concerns

Security concerns have risen to a new level altogether. It is no longer about
handling malware threats. Many organizations report financial losses due to

security breaches resulting in business losses, making security a top concern.

Despite being a security blind spot for many organizations, network devices are

at risk too. It is a requisite for organizations to not only upgrade their

networks once a year but also to set security policies which protect all

important assets, and make their implementation automated and straightforward.

It is imperative for a CTO to analyze if security can be one of the core

competences within the organization. This means looking at IT staffing issues

for security management. Further, a CTO/CIO should equate the related investment

and operating expenses to the internal management in comparison to outsourcing

their security.


It is also mandatory that both the staff and team of experts have an

understanding of various threats and counter measures along with a fair

knowledge of the efficacy and limitations of different tools available in the

market to deal with them. Consensus from the top management and participation of

users at each level is very important in implementing effective security.

Buzzing Trends

and Challenges
  • Enterprises are in the process of either establishing or reinforcing

    their network security architecture
  • Phishing attacks are the biggest threat and they are steadily on the

  • Integration of physical and IT security is one more challenge that

    needs to be addressed by the CIO
  • Security challenges posed by Web 2.0 technologies are another emerging

    challenge that the CIO/CTO needs to look into
  • The key drivers leading to market growth would continue to be the need

    for enterprise asset protection, regulatory compliance and information

    security governance

The Need to Change

While it is always expected from the vendor community to bring new and
innovative solutions to safeguard the interests of enterprises, the onus also

lies on the organizations to change the way they look into their security needs.

It is also very crucial for the government to implement policies that help

enterprises to achieve meaningful security measures rather than mere regulatory


In addition, the realization and increasing awareness of security will

definitely create a demand and shall consequently be the driving force for this

industry. It must however be remembered that growth can only be sustained if

these issues are addressed and security has to be part of the way we conduct


Jatinder Singh