Feeds

Enterprises clueless about network usage: IBM

Social media, apps create security time-bombs

Protecting against web application threats using SSL

The average Australian business is in the dark when it comes to what is happening on its networks due to the rise of hand held devices, social media and apps crowding the enterprise environment, according to IBM security experts.

“Most organisations have no idea what is going on across their networks. No idea,” IBM Security Systems engineering manager for advanced threat protection Dr Paul Ashley told journalists recently at the company's Gold Coast security lab.

Dr Ashley warns that the new breed of cyber attacks are leaving enterprise networks more vulnerable to attack than ever before and in increasingly insidious ways.

“It is all about concentrated, protracted and targeted attacks, just picking those one or two individuals that have the key s and being persistent, low and slow ” he says.

Dr Ashley sites that Stuxnet attack as a classic example as it took place over a 6-12 month period with around 30 attackers involved.

The nature of these targeted and sophisticated attacks favoured by organised crime and hacktavists, allow them to quietly stay on the network for months until getting to the “crown jewels.”

The rise of these attacks led IBM’s XForce research team to dub 2011 the year of security incident. It is estimated that the Sony security incident cost the corporation $US200 million due to one SQL injection attack.

“The costs to organisations are very high. There is an emerging realisation that a lot of the technology they have is not adequate for these types of low and slow threats that are specific to users,” he said. Dr Ashley says that blanket malware and virus threats are now easily controlled what IBM’s security team is focussed on is defending against those advanced persistent threats.

Much of IBM’s Gold Coast security labs evolving work revolves around the convergence of identity and access management with normal threat management.

The Gold Coast facility, flanked by ocean vistas that feature migrating whales and awesome surf, has emits a siren’s call to Australia’s engineering elite. A cabal of the senior management at the facility hail from IBM’s former acquisitions, including security software company Dascom (which was founded by Australian entrepreneur Greg Clark and snapped up in 1999 to became the basis IBM’s Tivoli line).

Many of the dotcom Dascom executives had the pleasure of riding the boom and bust roller-coaster, heading over the US following the acquisition and watching the online industry come of age, the hard way, from the box seat. And in an antidote to the current tech exodus many have returned, including Dr Ashley.

The Gold Coast lab is also aggressive in its pursuit of innovation, working closely with local universities and filing patents weekly. “I think the world is changing it is not so much about the cost base now it’s about where the skills are, it is a skills based economy,” he notes.

Dr Ashley warns that despite the growing alarm over the evolving breed of attacks, it will probably be only after more damaging big security incidents take place that enterprises will wake up.

He says that what has changed fundamentally is that the use of user devices and apps has made the threat come from within. “Is the user providing a beach head for external attackers to do long and slow targeted attacked on the business? It’s not you getting hacked that is the issue, it is what you are bringing into the enterprise network environment,” he says.

“The big threat for networks is what are your users doing on the network? What sorts of bandwidth is being used , what type of web apps like Skype and Bitorrent or social apps like Twitter, Facebook and Linked In. Do you understand where your users are going and is it legitimate?”, he says.

Big Blue claims one of the largest URL categorisation databases in the world with 15 billion URLS.

It allows for development work for systems that can now identify the apps being used on the network via analysis of their network traffic and behaviour and significantly allowing the enterprise to then control that.

IBM’s QRadar Anomoly Detection appliance is one such platform allowing corporations to deploy security policies and police them easily ie no Facebook time for the sales team. The product is a spin off from the platforms developed by recent IBM acquisition Q1 Labs. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.