Feeds

Enterprises clueless about network usage: IBM

Social media, apps create security time-bombs

Reducing security risks from open source software

The average Australian business is in the dark when it comes to what is happening on its networks due to the rise of hand held devices, social media and apps crowding the enterprise environment, according to IBM security experts.

“Most organisations have no idea what is going on across their networks. No idea,” IBM Security Systems engineering manager for advanced threat protection Dr Paul Ashley told journalists recently at the company's Gold Coast security lab.

Dr Ashley warns that the new breed of cyber attacks are leaving enterprise networks more vulnerable to attack than ever before and in increasingly insidious ways.

“It is all about concentrated, protracted and targeted attacks, just picking those one or two individuals that have the key s and being persistent, low and slow ” he says.

Dr Ashley sites that Stuxnet attack as a classic example as it took place over a 6-12 month period with around 30 attackers involved.

The nature of these targeted and sophisticated attacks favoured by organised crime and hacktavists, allow them to quietly stay on the network for months until getting to the “crown jewels.”

The rise of these attacks led IBM’s XForce research team to dub 2011 the year of security incident. It is estimated that the Sony security incident cost the corporation $US200 million due to one SQL injection attack.

“The costs to organisations are very high. There is an emerging realisation that a lot of the technology they have is not adequate for these types of low and slow threats that are specific to users,” he said. Dr Ashley says that blanket malware and virus threats are now easily controlled what IBM’s security team is focussed on is defending against those advanced persistent threats.

Much of IBM’s Gold Coast security labs evolving work revolves around the convergence of identity and access management with normal threat management.

The Gold Coast facility, flanked by ocean vistas that feature migrating whales and awesome surf, has emits a siren’s call to Australia’s engineering elite. A cabal of the senior management at the facility hail from IBM’s former acquisitions, including security software company Dascom (which was founded by Australian entrepreneur Greg Clark and snapped up in 1999 to became the basis IBM’s Tivoli line).

Many of the dotcom Dascom executives had the pleasure of riding the boom and bust roller-coaster, heading over the US following the acquisition and watching the online industry come of age, the hard way, from the box seat. And in an antidote to the current tech exodus many have returned, including Dr Ashley.

The Gold Coast lab is also aggressive in its pursuit of innovation, working closely with local universities and filing patents weekly. “I think the world is changing it is not so much about the cost base now it’s about where the skills are, it is a skills based economy,” he notes.

Dr Ashley warns that despite the growing alarm over the evolving breed of attacks, it will probably be only after more damaging big security incidents take place that enterprises will wake up.

He says that what has changed fundamentally is that the use of user devices and apps has made the threat come from within. “Is the user providing a beach head for external attackers to do long and slow targeted attacked on the business? It’s not you getting hacked that is the issue, it is what you are bringing into the enterprise network environment,” he says.

“The big threat for networks is what are your users doing on the network? What sorts of bandwidth is being used , what type of web apps like Skype and Bitorrent or social apps like Twitter, Facebook and Linked In. Do you understand where your users are going and is it legitimate?”, he says.

Big Blue claims one of the largest URL categorisation databases in the world with 15 billion URLS.

It allows for development work for systems that can now identify the apps being used on the network via analysis of their network traffic and behaviour and significantly allowing the enterprise to then control that.

IBM’s QRadar Anomoly Detection appliance is one such platform allowing corporations to deploy security policies and police them easily ie no Facebook time for the sales team. The product is a spin off from the platforms developed by recent IBM acquisition Q1 Labs. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.