Technology Section, <i>Boardwatch Magazine</i>, December 2002

	Sign In Sign-Up

Technology

Active Content Threats Require Active Protection Processes

For network administrators, the best security protection strategies have involved intrusion detection systems (IDSes), such as firewalls and anti-virus software. However, new active Internet content threats will demand more complete strategies says the report Active eIRM - New Realities in Security for Managing Electronic Infrastructure Risks, by Boston-based Aberdeen Group Inc. (www.aberdeen.com), which provides IT market intelligence, positioning and market acceleration services.

IDSes have one major flaw; they rely solely on pattern recognition and are only as good as their last signature files. Recent Aberdeen research found the following security risk data:

On average, more than 50 percent of deployed routers are configured incorrectly, and that 10 percent to 20 percent of network routers provide inappropriate access to the enterprise network.
The number of open and covert enterprise and network channels range from 5 percent to as many as 25 percent of end-points.
There are approximately 435 newly detected viruses per month, and more than 67,000 viruses are expected to be in the wild before the end of 2002.

The most dangerous code is now active Internet content, which includes malicious code, software microbes, Trojan horses, worms, backdoor traps, password stealers, e-mail handle grabbers, and port snatchers.

IT managers and network administrators say that the heart of any reliable security plan is being able to detect actual risk, and then establish and implement measurement systems, the Aberdeen report says.

According to Aberdeen, the most comprehensive new strategy to combat active Internet content is active electronic infrastructure risk management (Active eIRM), which is a combination of security policy, security applications, risk analytics, notification systems, and software agents. Active eIRM includes:

In state, application-level blocking;
Internet network packet content analysis;
Empirical detection of security events and covert channels;
Empirical measurement of security events occurring in real time; and
Analytical applications that decode, correlate and notify IT in real time.

The overall theme of Active eIRM is automation and comprehensive data collection, analysis and policy building. By combining security policy and risk analytic applications for use with existing security point products and the new class of distributable policy enforcement agents, network administrators can more fully automate security processes. Three components - policy, monitors, and event logs - should be present in every repeatable and testable security deployment.

The Aberdeen report profiles the following companies that are developing new and effective security products that fit well into the Active eIRM scheme:

San Diego-based Akonix Systems Inc. (www.akonix.com). A privately held supplier of security software products that eliminate rogue Internet protocols. The company’s branded product, Akonix L7, is deployed as a network security gateway.
Rockledge, Fla.-based e-Security Inc. (www.esecurityinc.com). Also privately held, e-Security is a supplier of software solutions that manage security events in real time.
Redwood City, Calif.-based Gilian Technologies Inc. (www.gilian.com). A supplier of security solutions that ensures the integrity of content and transactions on corporate Web sites.
Somerset, N.J.-based Lumeta Corp. (www.lumeta.com) provides the Lumeta Discovery Suite (LDS) and the Lumeta Firewall Analyzer (LFA) for large organizations.
Cambridge, Mass.-based Mazu Networks Inc. (www.mazunetworks.com). A supplier of network-traffic security software that enables Web sites, data centers and service providers to sustain business operations in the face of Internet-borne attacks.
Paderborn, Germany-based Webwasher.com AG’s (www.webwasher.com). Offers an integrated anti-virus, malicious code, e-mail management, Web access control, and content filtering and reporting system.

While no security system is impregnable, by combining data collection and analysis with advanced protection applications, network administrators should be better prepared for tomorrow’s security threats.