Feeds

Enterprises clueless about network usage: IBM

Social media, apps create security time-bombs

The Essential Guide to IT Transformation

The average Australian business is in the dark when it comes to what is happening on its networks due to the rise of hand held devices, social media and apps crowding the enterprise environment, according to IBM security experts.

“Most organisations have no idea what is going on across their networks. No idea,” IBM Security Systems engineering manager for advanced threat protection Dr Paul Ashley told journalists recently at the company's Gold Coast security lab.

Dr Ashley warns that the new breed of cyber attacks are leaving enterprise networks more vulnerable to attack than ever before and in increasingly insidious ways.

“It is all about concentrated, protracted and targeted attacks, just picking those one or two individuals that have the key s and being persistent, low and slow ” he says.

Dr Ashley sites that Stuxnet attack as a classic example as it took place over a 6-12 month period with around 30 attackers involved.

The nature of these targeted and sophisticated attacks favoured by organised crime and hacktavists, allow them to quietly stay on the network for months until getting to the “crown jewels.”

The rise of these attacks led IBM’s XForce research team to dub 2011 the year of security incident. It is estimated that the Sony security incident cost the corporation $US200 million due to one SQL injection attack.

“The costs to organisations are very high. There is an emerging realisation that a lot of the technology they have is not adequate for these types of low and slow threats that are specific to users,” he said. Dr Ashley says that blanket malware and virus threats are now easily controlled what IBM’s security team is focussed on is defending against those advanced persistent threats.

Much of IBM’s Gold Coast security labs evolving work revolves around the convergence of identity and access management with normal threat management.

The Gold Coast facility, flanked by ocean vistas that feature migrating whales and awesome surf, has emits a siren’s call to Australia’s engineering elite. A cabal of the senior management at the facility hail from IBM’s former acquisitions, including security software company Dascom (which was founded by Australian entrepreneur Greg Clark and snapped up in 1999 to became the basis IBM’s Tivoli line).

Many of the dotcom Dascom executives had the pleasure of riding the boom and bust roller-coaster, heading over the US following the acquisition and watching the online industry come of age, the hard way, from the box seat. And in an antidote to the current tech exodus many have returned, including Dr Ashley.

The Gold Coast lab is also aggressive in its pursuit of innovation, working closely with local universities and filing patents weekly. “I think the world is changing it is not so much about the cost base now it’s about where the skills are, it is a skills based economy,” he notes.

Dr Ashley warns that despite the growing alarm over the evolving breed of attacks, it will probably be only after more damaging big security incidents take place that enterprises will wake up.

He says that what has changed fundamentally is that the use of user devices and apps has made the threat come from within. “Is the user providing a beach head for external attackers to do long and slow targeted attacked on the business? It’s not you getting hacked that is the issue, it is what you are bringing into the enterprise network environment,” he says.

“The big threat for networks is what are your users doing on the network? What sorts of bandwidth is being used , what type of web apps like Skype and Bitorrent or social apps like Twitter, Facebook and Linked In. Do you understand where your users are going and is it legitimate?”, he says.

Big Blue claims one of the largest URL categorisation databases in the world with 15 billion URLS.

It allows for development work for systems that can now identify the apps being used on the network via analysis of their network traffic and behaviour and significantly allowing the enterprise to then control that.

IBM’s QRadar Anomoly Detection appliance is one such platform allowing corporations to deploy security policies and police them easily ie no Facebook time for the sales team. The product is a spin off from the platforms developed by recent IBM acquisition Q1 Labs. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.