Advertisment

Network Security : Growing Malaise

author-image
Voice&Data Bureau
New Update

The surfacing of high bandwidth wireless devices has made a firm impression
in the market but has also lead to security becoming more complex.

Advertisment

In 2008, security attacks online were rampant despite Web filtering services
by leading security vendors. As per a Websense report, fraudsters have been
constantly improving their underground ecosystems and adopting different attack
strategies to target unsuspecting users.

From the fraudsters' perspective, the attack goes beyond registering fake
accounts or email addresses, sending mass emails over the Internet, infecting
thousands of user machines, or stealing information. It also involves switching
things with a combination of different tactics and a goal to target others users
over different areas of the Internet.

The problem is further supplemented by the fact that people are getting more
mobile. The security landscape is being affected by rapid changes in the way
people work and collaborate. The attacks are small and sophisticated and include
service-level and application-targeted attacks, DNS poisoning, and route
hijacking. The proliferation of botnets and the damage they can inflict on the
network infrastructure will continue to be common.

Advertisment

In the future data-centric mobile devices could become a major target for
virus writers and hackers, as well as pose enormous amount of risk to data
confidentiality. Lost or stolen devices can jeopardize confidential business
data, compliance efforts and reputation. Moreover, as per industry analysis,
businesses suffer from the costs of downtime, leaked data, infections, lost
employee productivity, and cleanup.

It's in the Air

In the recent years, the shift from wireline to wireless networks has sharpened
the way enterprises approach their end goals. And with this growth information
is going to be more and more susceptible to attacks. Earlier, telecom networks
were more service centric, closed and had a propitiatory architecture approach.
However, with the emergence of networks such as 3G and WiMax, it is going to be
more open with more external exposure and customer control.

Advertisment

The growth of remote workforce is resulting in the progression of VPN and
wireless based networks. According to experts, there are several infrastructure
issues related to such networks and the demand from enterprises is revolving
around them. Also, data speeds while using data cards is not up to the mark and
there are various security challenges associated with networks based on 3G and
WiMax.

An annual survey by Arbor Networks indicates a 67% increase in scale of
attacks over the last year. The largest sustained DDoS attack in 2008 was 40
Gbps, or 2.5x the size of the largest attack reported last year and 100-fold
increase versus 2001.

As per industry forecast, 2009 could see dramatic increase in the volumes of
spam, phishing and malware attacks targeted at companies.

Advertisment

As much as 90% of all infected Web pages are from legitimate sites. This
trend creates several challenges for enterprises. Network admission control (NAC)
and application security are two significant areas in network security that need
to be considered.

As per an analysis of nearly 430 mn email messages in 2008 by Trust Layer
Mail, the clean mail managed service from Panda Security, only 8.4% of emails
that reach companies are legitimate. Some 89.9% of messages are spam, while
1.11% was infected with some malware.

In terms of new solutions UTM (unified threat management) can be considered
as the most recent trend in this space. Some organizations are also using
biometrics, including fingerprints and iris scans, to authenticate users. In
addition, the future of networking security will be governed by binding user
identity with security because the individual user has emerged as the weakest
link in the security chain

Advertisment
Experts panel

Amuleek Bijral, country manager, India & SAARC, RSA, Security
Division, EMC

Amit Nath
, country manager, India & SAARC, Trend Micro

Animesh K Sahay
, head, telecom business, India and SAARC, Juniper
Networks

Chris Fedde
, president and COO, Safenet

Joe Wang, CEO, WatchGuard Technologies

Hemal Patel
, CEO, Elitecore Technologies, Cyberoam

Kang Eu Ween, regional enterprise solutions director, Juniper
Networks

Matthew Young
, vice president, Sales, Asia Pacific, Blue Coat Systems

Mikko Hypponen
, chief research officer, F-Secure

Murtaza Bhatia
, national manager, Professional Services Securities and
iBoss, Datacraft

Prosenjeet Banerjee, head, global security services, HCL Comnet

Pranesh Babu, senior VP, network and services engineering, Sify
Technologies

Rajiv Chadha
, vice president, sales, VeriSign India

Sajan Paul
, head, technology & consulting, enterprise solutions, Nortel

Sameer Karmarkar
, head, identity management practice, Persistent Systems

Sanjay Vig
, CEO, Orange Business Services

Santhosh Koratt
, head, consulting & compliance, SecureSynergy

Tata Rao, senior vice president, system engineering, Cisco India &
SAARC

Vishal Dhupar, managing director, Symantec India

Vishak Raman
, regional director, India & SAARC, Fortinet

Harvinder Singh, country manager, India , F5 Networks

John Cunninghum
, director, RFID & Wireless, Enterprise Mobility
Business, Asia Pacific, Motorola

Sandeep Gupta
, CTO, ipolicy Networks, security products division, Tech
Mahindra Ltd.

John Karabin
, Regional vice president, security solutions, Asia Pacific,
Verizon Business

Growing Concerns

Security concerns have risen to a new level altogether. It is no longer about
handling malware threats. Many organizations report financial losses due to
security breaches resulting in business losses, making security a top concern.
Despite being a security blind spot for many organizations, network devices are
at risk too. It is a requisite for organizations to not only upgrade their
networks once a year but also to set security policies which protect all
important assets, and make their implementation automated and straightforward.

It is imperative for a CTO to analyze if security can be one of the core
competences within the organization. This means looking at IT staffing issues
for security management. Further, a CTO/CIO should equate the related investment
and operating expenses to the internal management in comparison to outsourcing
their security.

Advertisment

It is also mandatory that both the staff and team of experts have an
understanding of various threats and counter measures along with a fair
knowledge of the efficacy and limitations of different tools available in the
market to deal with them. Consensus from the top management and participation of
users at each level is very important in implementing effective security.

Buzzing Trends
and Challenges
  • Enterprises are in the process of either establishing or reinforcing
    their network security architecture
  • Phishing attacks are the biggest threat and they are steadily on the
    rise
  • Integration of physical and IT security is one more challenge that
    needs to be addressed by the CIO
  • Security challenges posed by Web 2.0 technologies are another emerging
    challenge that the CIO/CTO needs to look into
  • The key drivers leading to market growth would continue to be the need
    for enterprise asset protection, regulatory compliance and information
    security governance

The Need to Change

While it is always expected from the vendor community to bring new and
innovative solutions to safeguard the interests of enterprises, the onus also
lies on the organizations to change the way they look into their security needs.
It is also very crucial for the government to implement policies that help
enterprises to achieve meaningful security measures rather than mere regulatory
compliance.

Advertisment

In addition, the realization and increasing awareness of security will
definitely create a demand and shall consequently be the driving force for this
industry. It must however be remembered that growth can only be sustained if
these issues are addressed and security has to be part of the way we conduct
business.

Jatinder Singh

jatinders@cybermedia.co.in

Advertisment