Feeds

Enterprises clueless about network usage: IBM

Social media, apps create security time-bombs

The Power of One eBook: Top reasons to choose HP BladeSystem

The average Australian business is in the dark when it comes to what is happening on its networks due to the rise of hand held devices, social media and apps crowding the enterprise environment, according to IBM security experts.

“Most organisations have no idea what is going on across their networks. No idea,” IBM Security Systems engineering manager for advanced threat protection Dr Paul Ashley told journalists recently at the company's Gold Coast security lab.

Dr Ashley warns that the new breed of cyber attacks are leaving enterprise networks more vulnerable to attack than ever before and in increasingly insidious ways.

“It is all about concentrated, protracted and targeted attacks, just picking those one or two individuals that have the key s and being persistent, low and slow ” he says.

Dr Ashley sites that Stuxnet attack as a classic example as it took place over a 6-12 month period with around 30 attackers involved.

The nature of these targeted and sophisticated attacks favoured by organised crime and hacktavists, allow them to quietly stay on the network for months until getting to the “crown jewels.”

The rise of these attacks led IBM’s XForce research team to dub 2011 the year of security incident. It is estimated that the Sony security incident cost the corporation $US200 million due to one SQL injection attack.

“The costs to organisations are very high. There is an emerging realisation that a lot of the technology they have is not adequate for these types of low and slow threats that are specific to users,” he said. Dr Ashley says that blanket malware and virus threats are now easily controlled what IBM’s security team is focussed on is defending against those advanced persistent threats.

Much of IBM’s Gold Coast security labs evolving work revolves around the convergence of identity and access management with normal threat management.

The Gold Coast facility, flanked by ocean vistas that feature migrating whales and awesome surf, has emits a siren’s call to Australia’s engineering elite. A cabal of the senior management at the facility hail from IBM’s former acquisitions, including security software company Dascom (which was founded by Australian entrepreneur Greg Clark and snapped up in 1999 to became the basis IBM’s Tivoli line).

Many of the dotcom Dascom executives had the pleasure of riding the boom and bust roller-coaster, heading over the US following the acquisition and watching the online industry come of age, the hard way, from the box seat. And in an antidote to the current tech exodus many have returned, including Dr Ashley.

The Gold Coast lab is also aggressive in its pursuit of innovation, working closely with local universities and filing patents weekly. “I think the world is changing it is not so much about the cost base now it’s about where the skills are, it is a skills based economy,” he notes.

Dr Ashley warns that despite the growing alarm over the evolving breed of attacks, it will probably be only after more damaging big security incidents take place that enterprises will wake up.

He says that what has changed fundamentally is that the use of user devices and apps has made the threat come from within. “Is the user providing a beach head for external attackers to do long and slow targeted attacked on the business? It’s not you getting hacked that is the issue, it is what you are bringing into the enterprise network environment,” he says.

“The big threat for networks is what are your users doing on the network? What sorts of bandwidth is being used , what type of web apps like Skype and Bitorrent or social apps like Twitter, Facebook and Linked In. Do you understand where your users are going and is it legitimate?”, he says.

Big Blue claims one of the largest URL categorisation databases in the world with 15 billion URLS.

It allows for development work for systems that can now identify the apps being used on the network via analysis of their network traffic and behaviour and significantly allowing the enterprise to then control that.

IBM’s QRadar Anomoly Detection appliance is one such platform allowing corporations to deploy security policies and police them easily ie no Facebook time for the sales team. The product is a spin off from the platforms developed by recent IBM acquisition Q1 Labs. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.