By Julian Pletts
NME asks some experts to round up the main security developments over the year, to find out what is yet to be done in this region and what dangers and developments we can expect from IT security in 2010.
NME asks some experts to round up the main security developments over the year, to find out what is yet to be done in this region and what dangers and developments we can expect from IT security in 2010.This year has been an interesting, yet perhaps very worrying year, for those that are charged with protecting sensitive corporate and customer information.
The financial crisis has seen the so called underground economy, the ever growing group of criminals and online mercenaries around the globe that are trying to make money by exploiting networks and network information, up their efforts and, to a certain extent, gain ground on those fighting them. Also, with people being dismissed from their jobs at a rate not remembered in recent times, a new plague has reared its ugly head – data leakage and theft from disgruntled employees.
CIOs and IT managers have been challenged this year as never before. Not only are they having to upgrade, maintain and boost the protection of their networks, but they have also been asked to do so at fraction of the cost that they were doing before. So NME decided it would be a good idea, as we prepare for the new year and whole new round of new challenges, to ask spokespersons from the market to take a look back at the state of security over the past twelve months in the Middle East, highlight the lessons that can be learned and then to lay before us a path to secure networking over the coming year. Here is what they had to say:
What do you think have been the major threats to surface and potentially affect enterprises in the Middle East region over 2009?Costin Raiu (senior anti-virus expert and head of EEMEA Virus Lab, Kaspersky Lab):During 2009, we’ve been monitoring two worrisome trends that could potentially affect enterprises in more serious ways. The first trend is the wide adoption of mobile computing environments without considering the security implications. This includes smartphones such as those based on the Blackberry platform, but can also include netbooks, low power laptops which are cheap and are generally regarded as expendable. The second worrisome trend is the increased prevalence of malware that is spreading through Windows’ AutoRun feature, in practice, through the use of memory sticks. Judhi Prasetyo (regional channel manager, Fortinet Middle East):According to our FortiGuard research team, which is specialised in identifying and countering Internet threats, Conficker was definitely the threat of the year. This computer worm, targeting the Microsoft Windows operating system, perform dictionary attacks (brute-force) on passwords of network-shares to propagate and potential cripple the complete network of the enterprise. Over 10 million PCs and hundreds of thousands of enterprises have been infected so far across the world. 2009 also saw the explosion of scareware across the cyberspace, with threats such as the Bredolab botnet, a Trojan downloader linked to rogue security software. This is a great example of the growing trend in broad distribution of fraudulent software through fake mailing campaigns titled from DHL, UPS, Facebook, etc. If opened, the machines are then recruited into a network of zombies. At last, the most sophisticated threat of the year would be Asprox. Asprox is a botnet, which leverages Google to identify vulnerable web servers and attack their databases, so that it can grow by in turn infecting the PCs of the users of those websites. With millions of attacks coming from hundreds of thousands of zombie computers, and the hacking of major websites such as MTV or the national Defense of Canada, Asprox remains the most aggressive threat of the year. What have been the most significant vendor and manufacturer developments and milestones this year in fighting cybercrime and threats to enterprise networks?
Guru Prasad (general manager, networking, FVC):Significant advances in solutions addressing Intrusion Prevention, DPI, DLP, PKI, NBA, Compliance and Configuration management have made key impacts on simplifying the task of security management in enterprises. Products have been more innovative and pre-emptive in their approach of handing stealth and for-profit attacks on corporate networks which are inherently more complex to detect and thwart. Zero day is another significant initiative from some vendors that has been quite successful in blocking upcoming and new threats successfully.
JP:I won’t comment for other vendors but I would say that, at Fortinet, the most important development has been the new release of our operating system: FortiOS 4.0. This major firmware upgrade integrates hundreds of new features to help customers secure their network by removing the malicious traffic that is reducing available bandwidth and, at the same time, accelerate the clean traffic for optimal network performance.
When it comes to IT security what areas or dangers has the Middle East market yet to properly address with its provisioning?
CR:There are of course many areas where a lot of work still needs to be done in the ME, but I’d like to mention online banking in particular as a very important segment. Compared to other regions, online banking in the ME is behind in terms of technologies and this creates a window of opportunity for cybercriminals. This will probably become more and more exploited in the future, through phishing and then later, through dedicated malware.
Wayne Hull (general manager, Cisco UAE):This environment has driven the need for true security solutions on a global scale. For some time, ‘products’ have been called solutions, often misrepresenting the term as products alone are not solutions. If a worm was the threat you were concerned about, you might deploy an intrusion prevention system to stop the propagation of the worm, the single product (or solution as it may have been called) may successfully address this problem. The security challenges faced today require a solution not just a product. For instance to meet compliance requirements, or in this case PCI, there are 12 specific requirements that must be addressed, requiring a system or solution and not a single product. For the increasing problem of data loss, information may leave the enterprise through many different points — user PC storage media, email, backup media and malware.
A system or solution is needed to address data leakage and the many aspects of how and where leakagmay occur. The same holds true for malware. Malware is often shared or propagated through a multi-step process, email used to deliver an initial attempt to begin malware installation, followed by links it efforts to drive traffic to a malware hosting site, and subsequent activities across the network or on an endpoint that may carry out the attack, such as connecting systems to a botnet, loading trojans on endpoints for key logging or data capture, or sending intellectual property or critical information outside the organisation. This all highlights the need for a systems approach that can streamline IT risk management for security and compliance. How do you feel the security market will shape up in the year to come?
GP:The market is poised for reasonable growth next year considering that the market compacted in 2009. While security spend did not see a huge dip, it dropped compared to 2008. Many customers who did not update or upgrade their security infrastructure will be forced to upgrade or add new technologies. Greater emphasis on compliance and governance standards will compel governments and financial institutions to make investments to cover gaps in their data risk landscape. Application aware firewalls or next generation firewalls could be a rapid growth technology in 2010.
JP:The Middle East covers a large area but generally we see the technology and security market growing, especially with some countries in the region. At Gitex this year, people came to us with their wish-list for solutions. We notice an optimism among enterprises to invest in security. More generally, I would say that the adoption of cloud computing will push even more organisations to rethink whether their data is truly protected. For example, the rental of online storage — companies will have to think about and create protection schemas for data both while in motion (during transfer) and at rest (at the vendor’s virtual storage). Security as a service will continue to grow, especially in the SMB space as businesses find it too complex and expensive to maintain their own security infrastructure. It seems that CaaS or crime as service will proliferate as cybercriminals look to rent malicious networks for malware/adware distribution or spewing spam — ‘environments for hire’ so to speak. This will likely evolve into extensive cybercriminal services such as hackers for hire or as consultants. Also, with the growing use of web-based applications, I foresee more denial-of-service (DDoS) attacks for 2010.
WH:As predicted in the Cisco 2008 Annual Security Report, attacks are only going to become more sophisticated and targeted as we move through 2009 and beyond. Social engineering is, and will remain, the technique of choice for criminals devoted to mastering the arts of trust-breaking and reputation-hijacking. To launch an attack, a social engineer might seize upon the hot topic of the day, such as swine flu or a major sports championship, or pose as someone (a friend or family member) or something (a local bank or a well-known company) to lure unsuspecting victims into handing over their personal information and ultimately, their identity and money.
Users, in droves, are also being convinced to install software that infects their systems and then harvests their personal information—or hijacks the machine so it will spam, infect, or con other users. Worse, users seeking protection from common cybercrime ultimately become victims anyway by turning to the Internet for help. They are duped into buying bogus anti-malware software to ‘clean up’ their infected systems. Meanwhile, there is increasing investment, focus, and success in malware used to infiltrate a computer and make it part of a botnet. Increasingly, botmasters are working to monetise their botnets, by renting them out.
Although it’s true that cybercrime is only becoming more pervasive, this year’s positive news clearly illustrates the growing effectiveness of the means for fighting back. The unprecedented level of cooperation and participation by the security community and industry in response to the Conficker threat earlier this year marked an important turning point in the ongoing battle against cybercrime and fast-moving and far-reaching Internet security events. Here are a few Cisco recommendations for enterprises over the year ahead. Security must move at the speed of crime. Organisations and users must not wait to patch their operating systems and applications. Businesses and users have no choice but to become more agile in deploying countermeasures and working with appropriate parties to respond to attacks. In addition, security solutions need to be built to react rapidly. Anti-spam systems have become the blueprint for this model. For years now, new attacks have been developed and new techniques have been deployed to meet those threats effectively. All threats are heading in this direction and solutions must do the same.
Secondly, user education and security awareness training are critical. As was recommended in the Cisco 2008 Annual Security Report, employees should be expected to play a vital role in safeguarding their own online identity and understanding the risks that go along with their use of technology. Particularly, today’s users must be educated as to how their growing reliance—and affinity for—Web 2.0 collaborative tools and applications and mobile devices that are not approved or supported by the enterprise pose significant security risks. Ongoing user education on security policies, technologies, and online threats, as well as clear guidance for meeting compliance measures, are essential.