Feeds

Enterprises clueless about network usage: IBM

Social media, apps create security time-bombs

Internet Security Threat Report 2014

The average Australian business is in the dark when it comes to what is happening on its networks due to the rise of hand held devices, social media and apps crowding the enterprise environment, according to IBM security experts.

“Most organisations have no idea what is going on across their networks. No idea,” IBM Security Systems engineering manager for advanced threat protection Dr Paul Ashley told journalists recently at the company's Gold Coast security lab.

Dr Ashley warns that the new breed of cyber attacks are leaving enterprise networks more vulnerable to attack than ever before and in increasingly insidious ways.

“It is all about concentrated, protracted and targeted attacks, just picking those one or two individuals that have the key s and being persistent, low and slow ” he says.

Dr Ashley sites that Stuxnet attack as a classic example as it took place over a 6-12 month period with around 30 attackers involved.

The nature of these targeted and sophisticated attacks favoured by organised crime and hacktavists, allow them to quietly stay on the network for months until getting to the “crown jewels.”

The rise of these attacks led IBM’s XForce research team to dub 2011 the year of security incident. It is estimated that the Sony security incident cost the corporation $US200 million due to one SQL injection attack.

“The costs to organisations are very high. There is an emerging realisation that a lot of the technology they have is not adequate for these types of low and slow threats that are specific to users,” he said. Dr Ashley says that blanket malware and virus threats are now easily controlled what IBM’s security team is focussed on is defending against those advanced persistent threats.

Much of IBM’s Gold Coast security labs evolving work revolves around the convergence of identity and access management with normal threat management.

The Gold Coast facility, flanked by ocean vistas that feature migrating whales and awesome surf, has emits a siren’s call to Australia’s engineering elite. A cabal of the senior management at the facility hail from IBM’s former acquisitions, including security software company Dascom (which was founded by Australian entrepreneur Greg Clark and snapped up in 1999 to became the basis IBM’s Tivoli line).

Many of the dotcom Dascom executives had the pleasure of riding the boom and bust roller-coaster, heading over the US following the acquisition and watching the online industry come of age, the hard way, from the box seat. And in an antidote to the current tech exodus many have returned, including Dr Ashley.

The Gold Coast lab is also aggressive in its pursuit of innovation, working closely with local universities and filing patents weekly. “I think the world is changing it is not so much about the cost base now it’s about where the skills are, it is a skills based economy,” he notes.

Dr Ashley warns that despite the growing alarm over the evolving breed of attacks, it will probably be only after more damaging big security incidents take place that enterprises will wake up.

He says that what has changed fundamentally is that the use of user devices and apps has made the threat come from within. “Is the user providing a beach head for external attackers to do long and slow targeted attacked on the business? It’s not you getting hacked that is the issue, it is what you are bringing into the enterprise network environment,” he says.

“The big threat for networks is what are your users doing on the network? What sorts of bandwidth is being used , what type of web apps like Skype and Bitorrent or social apps like Twitter, Facebook and Linked In. Do you understand where your users are going and is it legitimate?”, he says.

Big Blue claims one of the largest URL categorisation databases in the world with 15 billion URLS.

It allows for development work for systems that can now identify the apps being used on the network via analysis of their network traffic and behaviour and significantly allowing the enterprise to then control that.

IBM’s QRadar Anomoly Detection appliance is one such platform allowing corporations to deploy security policies and police them easily ie no Facebook time for the sales team. The product is a spin off from the platforms developed by recent IBM acquisition Q1 Labs. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.