Image Hosted by
FACTDROP: ‘Big intelligence’ to tackle cyberthreats


‘Big intelligence’ to tackle cyberthreats

Πηγή: FT
By Richard Waters
Feb 27 2013

There aren’t many markets where, when the old products have failed, customers flock back for more.

That could explain why the leading lights of computer security – who have converged on San Francisco this week for their industry’s biggest gathering – have been struggling to strike the right tone.

Something between humility, Schadenfreude and a wary self-confidence seems to be the order of the day. A Queen cover band may have launched the event with a blasting rendition of “We are the Champions”, but the triumphalism was otherwise in short supply.

Recent headlines suggest that even the best-defended computer networks resemble Swiss cheese. But, if the old approaches to security have been discredited, there’s no shortage of new companies springing up with promises of better ways to plug the gaps – or at least make a lot of money trying.

The IT security market, worth some $65bn this year, is set to grow at 9 per cent annually for the foreseeable future, according to Gartner – which is a lot faster than the IT industry as a whole. Since large parts of the security market are barely growing, that leaves plenty of opportunity to cash in on new approaches.

The dirty secret that the security professionals can no longer keep to themselves is that their old defences – which were aimed at protecting PCs and other devices that comprise the endpoints of computer networks – no longer work.

Anti-virus software has proven ineffective against the most sophisticated attacks – and therefore the ones likely to cost most in terms of damage inflicted or intellectual property lost.

Hopes for a fightback are now pinned on two very different approaches.

One involves spotting so-called malware long before it reaches its intended targets. Companies such as Palo Alto Networks, one of last year’s hottest tech IPOs, and FireEye, tipped to follow it, specialise in appliances that sit at the gateway to corporate or government networks, looking out for such threats.

Pulling suspicious-looking email attachments and testing them in ringfenced “sand boxes” before allowing them to be delivered offers the promise of filtering out many of these malware threats, almost in real time, according to Asheem Chandna, a former security industry executive and now venture capital investor at Greylock.

This may sound like a natural market for networking companies such as Cisco and Juniper. But, as so often in technology, it is start-ups that have set the pace so far. With Palo Alto trading at 10 times revenues, some high-priced acquisitions seem likely as the industry giants add to their arsenal of defences.

The second approach begins with an acceptance that even the best-secured networks will be penetrated. If the attackers are assumed to be already on the inside, then the focus shifts to identifying their tracks as they move around – while making sure a company’s most important digital assets are harder for the intruders to locate and extract.

Latching on to another of the tech industry’s big promises, the security purveyors have discovered big data. Pattern-recognition – using reams of data to identify normal types of behaviour on a network, in order to spot the anomalies – is becoming the order of the day.

The result is what Francis deSouza, president of products and services at Symantec, calls “big intelligence” – in which a stronger situational awareness and a better sense of behavioural norms are the main lines of defence.

Yet the big data promise can only go so far. The extent of the architectural shift in computing, as the client-server age gives way to the cloud, raises profound challenges to the old methods of securing data. The number and variety of computing endpoints is multiplying almost exponentially, as mobile devices and, increasingly, machine-to-machine communications proliferate. A tide of data is starting to flow out of corporate networks to tap services that live in the cloud, turning the old defensive barriers into virtual Maginot Lines.

At least the security industry, accused alternately of alarmism and complacency, now has a more realistic way to talk to its customers. The big data promise is that, although the enemy is wily and will find ways to break in, the defenders have smarts of their own. They may sometimes lose this cat-and-mouse game, but at least there is a chance of minimising the damage.

And, besides the improved rhetoric, there’s another benefit to these new approaches: some of them might even work.

No comments:

Post a Comment