digit channel connect - special issue (nov.'09)

Your one-stop guide for breaking into some of the hottest segments in the information security market in India

Authenti- cation and IDPTrends and technologies that matter in this domain. PAGE 20

Firewall and AntivirusStill the most preferred way to secure data. PAGE 28

lIn-depth features lVendor interviews lWhite papers lGuest columns lSecurity survey

AND MORE...

Data Storage and Loss PreventionGrowing threats imply speedier adoption. PAGE 24

Unified Threat ManagementWhat lies behind the one-box wonder. PAGE 32

November 2009 | Rs. 50Vol 02 issue 01 S E L E C T S E R I E S

editorial

DIGIT CHANNEL CONNECT 5 NOVEMBER 20095

Security is not a destination

but a constantly moving target.

With due apologies to the über brands of the automobile world, there are only two types of mass-market cars (if you consider it thus):

those which have some security products installed and those with just plain vanilla, factory-fitted locks. Then, even among the ‘secured’ ones, there’s an entire cornucopia of fitments – gear locks, ‘hockey sticks’, central locking et al. Nevertheless, both types of cars get stolen.

But if I were to ask you, Which cars get stolen more often and in greater numbers? you would promptly answer the question without consulting the stolen-vehicle investigation department.

The point is, just as in the physical world, wherein we try and secure our assets as much as we want but still lose them, so it is in the more subtle realm of information flow. Companies can use the best antivirus on the market, set up advanced firewalls or configure multiple layers of authentication, but they may still not attain foolproof security.

Having said that, organisations have no option but to try as many ways to protect critical information – their life-blood in today’s competitive world – as possi-ble. And keep at it relentlessly, because security is not a destination but a constantly moving target. The thieves and hackers (okay, for puritans’ sake, crackers) will keep on raising the bar for security vendors and solu-

As Safe As Possible

[email protected]

Write to the EditorE-mail:[email protected]

Snail Mail: The Editor, Digit Channel Connect, K-40, Connaught Circus, New Delhi 110 001

sounding boardsounding board

Digit Channel Connect is National Media Partner for COMP-EX ’2010Vidarbha Computer & Media Dealers’ Welfare Association (VCMDWA) is holding its 18th successive IT mega annual event, COMP-EX’2010, in Nagpur from 14 to 18 January 2010. This year Digit Chanel Connect is joining hands with the Association as its Official National IT Media Partner.

Besides the exhibition, this year there will be two focused seminars – one on hot tech-nology topics for CIOs and IT managers, and the other on career options for computer and engineering students.

Recently, VCMDWA Nagpur was awarded the 2nd Best IT Association of India and is all set with renewed vigour and enthusiasum to hold its COMP-EX annual show. COMP-EX ’2010 will be sponsored by Logitech.

COMP-EX 2010 will house more than 25 pavilions and close to 90 stalls, a cafeteria and a helpdesk. More details about the plan and booking for the event can be found at www.vcmdwa.org.

SANJAY GUPTAEditorDigit Channel Connect

tion providers by launching more and more sophisti-cated attacks (sometimes with alarming success).

The market for information security products in India is still in its infancy, never mind that we have over 40 million active Internet users and our businesses are growing their data assets at an accelerated pace. There are various estimates for the size of this market, but it’s tiny in the context of India’s total domestic IT spending.

That’s why the potential of selling and imple-menting data security solutions to Indian businesses is immense. And that’s why we have put together this special issue on information security. Given the diversity of solutions and offerings in security, we’ve narrowed our focus to four carefully contrived segments we think are hot right now: Authentication and IDP, Data Storage and Loss Prevention, Firewall and Antivirus, and Unified Threat Management.

So, what are you thinking? Lock yourself in your study and steal some time to go through this package you are holding…

contents


Threats= Opportunities

FIREWALL AND ANTIVIRIUS

Antivirus and firewalls are the most simple and effective ways of checking online threats

Why content security is important and how to protect it

The old rogue programs might still be at work in the year ahead

The security market trends and opportunities for solution providers in India

EDITORIAL ......................................................... 05

RADAR CHECK................................................... 08

GUEST EXPRESSION ON PCI DSS ...................... 35

GUEST EXPRESSION ON UTM ............................ 40

cover design: prasanth t r

cover illustration: photos.com

18

“Authentication mechanism should be given high importance”

THE 360 DEGREEAPPROACH

RAJIV CHADHA, VICE PRESIDENT, VERISIGN INDIA

SURENDRA SINGH, REGIONAL DIRECTOR, SAARC, WEBSENSE

Taking the Pulse22

32

17GETTING THE IDP RIGHT

UNIFIED THREAT MANAGEMENT

SURVEY

OTHERS

Content Security: A Primer

Trends to Watch in 2010

36

38

WHITE PAPER

“Unstructured data is the weakest link in any organisation”

26DATA STORAGE & LOSS PREVENTION

Managing Director: Dr Pramath Raj SinhaPrinter & Publisher: Kanak Ghosh

EDITORIALEditor: Sanjay GuptaSr. Correspondents: Charu Khera (Delhi), Soma Tah (Mumbai) DESIGNSr. Creative Director: Jayan K NarayananArt Director: Binesh SreedharanAssociate Art Director: Anil VKManager Design: Chander ShekharSr. Visualisers: PC Anoop, Santosh KushwahaSr. Designers: Prasanth TR & Anil TPhotographer: Jiten Gandhi

BRAND COMMUNICATIONProduct Manager: Ankur Agarwal

SALES & MARKETINGVP Sales & Marketing: Navin Chand SinghNational Manager - Events and Special Projects: Mahantesh Godi (09880436623)Business Manager (Engagement Platforms) Arvind Ambo (09819904050)National Manager - Channels: Krishnadas Kurup (09322971866)Asst. Brand Manager: Arpita GanguliCo-ordinator - MIS & Scheduling: Aatish MohiteBangalore & Chennai: Vinodh K (09740714817)Delhi: Pranav Saran (09312685289)Kolkata: Jayanta Bhattacharya (09331829284)Mumbai: Ganesh Lakshmanan (9819618498)

PRODUCTION & LOGISTICSSr. GM Operations: Shivshankar M HiremathProduction Executive: Vilas MhatreLogistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh

CHANNEL CHAMPSSr Co-ordinator - Events: Rakesh SequeiraEvents Executives: Pramod Jadhav, Nitin Kedare, Johnson NoronhaAudience Dev. Executive: Aparna Bobhate, Shilpa SurveEvents Programmer : Vijay Mhatre

OFFICE ADDRESS

Nine Dot Nine Interactive Pvt Ltd., KPT House, Plot 41/13, Sector 30, Vashi, Navi Mumbai - 400 703 Phone: 40789666 Fax: 022-40789540, 022-40789640

Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd.C/O KPT House, Plot 41/13, Sector 30, Vashi (Near Sanpada Railway Station), Navi Mumbai 400703

Editor: Anuradha Das MathurC/O KPT House, Plot 41/13, Sector 30, Vashi (Near Sanpada Railway Station), Navi Mumbai 400703

Printed at Silverpoint Press Pvt. Ltd, TTC Ind. Area, Plot No. : A - 403, MIDC,Mahape, Navi Mumbai - 400709

VOL 2 ISSUE 01 | NOVEMBER 2009

Increase in the amount and usage of data, rise in the number and type of security threats and changes in the way businesses work today are all contributing to the growth of the information security market

THEInformationSECURITY SCENARIO

Canon .......................................................False Cover,IFC

Neoteric .................................................................. IFC, 1

AVG ...............................................................................7

eCaps Computers ...........................................................9

Microworld ..................................................................11

Kingston ......................................................................13

Aladdin Multimedia .....................................................15

Quickheal .....................................................................23

VCMDWA ....................................................................27

India antivirus ..............................................................39

Cyberoam ................................................................. IBC

K7 Computing ............................................................. BC

ADVERTISERS INDEX

UTM comes to the rescue as a single-box painkiller

28

radar check

DIGIT CHANNEL CONNECT 8 NOVEMBER 2009DIGIT CHANNEL CONNECT 8 NOVEMBER 2009

McAfee Inc recently announced McAfee Email and Web Security Appliance 5.5 to help

protect customers against the latest email and Web-borne threats, manage Web and email traffic and usage, and reduce system administration requirements. Designed for small and midsized businesses (SMBs), the solution provides comprehensive email and Web security in a single, integrated appliance.

The McAfee Email and Web Security Appliances include new features and functionality, including:n Ar temis and Tr ustedSource Technology Integration: The first appli-ance release from McAfee that links to global threat intelligence from its Artemis and TrustedSource technologies, the most precise and comprehensive threat intelligence system in the worldn Appliance Clustering with Load Balancing: Multiple appliances can clus-tered to share scanning responsibilities for improved resiliency, scalability and consolidated management and report-ingn Simplified Installation: Auto-detects network settings and provides an easy to use configuration wizard, helping to simplify installation requirements, reduce installation time and improve the overall user experiencen New Content Policy Wizards: Simplified creation and set up of content policies through the new configura-tion wizards and advanced dictionaries simplify policy creation, enable greater enforcement flexibility and reduce false positives and configuration errorsn Integrated URL Filtering: URL filtering is also included in the 5.5 release at no additional cost. Integrated into the appli-ance, the URL filtering includes more than 90 Web site categories providing granular Web usage monitoring and policy enforcement. The URL filtering also includes the McAfee Web Reporter package for simplified viewing of Web utilization and trends.

In addition, these appliances provide customers with email and Web usage policy enforcement capabilities, compli-ance tools, informative dashboards and comprehensive reporting.. n

McAfee intros breakthrough email and Web security appliance

Symantec has announced the findings of its study on the mounting risk of data loss in Indian enterprises. The study, conducted

by IDC (India), revealed that 79 percent of orga-nizations highlighted data loss to be their most serious information security concern, followed by other threats like virus and denial of service attacks and spam.

“The need to protect sensitive information like source code, intellectual property, employee and customer accounts has made businesses realize that data loss can turn into a catastrophe and become a competition, compliance and credibil-ity black hole”, said Vishal Dhupar, managing director, Symantec India. “It is imperative that as part of their overall security strategy, enterprises protect their information proactively and know where confidential information resides with them, how this information is being used and how its loss can be prevented.”

Despite data loss being considered as a looming threat, only 15 percent of the surveyed organizations have adopted any form of DLP measures. This was largely a result of low awareness (32 percent) amongst enterprises on the impact and consequence of data loss and how DLP technologies could safeguard reputation and revenue of organizations.

According to respondents, more than 50 percent of information residing within their organization is classified as sensitive. As the value and significance of information increases within organizations, instances of data loss are also on the rise. n

79% Indian enterprises quote data loss as most serious security concern

Security software and services budgets to rise 4 percent in 2010

I n April and May of 2009, Gartner surveyed more than 1,000 IT profession-als with budget responsibility worldwide

to determine their budget-planning expecta-tions for 2010.

“In the current highly uncertain economic environment, with overall IT budgets shrink-ing, even the modest spending increases indicated by the survey show that security spending accounts for a higher percentage of the IT budget,” said Adam Hils, principal research analyst at Gartner. “Security deci-sion makers should work to allocate limited budgets based on enterprise-specific security needs and risk assessments.”

Specific areas of projected security-related software spending growth in 2010 includes security information and event management (SIEM), e-mail security, URL filtering, and user provisioning.

The continued, comparatively strong emphasis on security extends beyond soft-ware. The survey showed that security

services spending will also outpace spend-ing in other services areas, with budgets expected to grow 2.74 percent in 2010. This anticipated increase is being driven in part by a growing movement towards managed security services, cloud-based e-mail/web security solutions, and third-party compli-ance-related consulting and vulnerability audits and scans.

“When evaluating and planning 2010 security budgets, organisations should work to achieve a realistic view of current spend-ing and recognise that it may be impossible to capture all security-related spending because of organisationally diffused security budgets,” said Ruggero Contu, principal research analyst at Gartner. “Businesses should also recognise that new threats or vulnerabilities may require security spending that exceeds the amounts allocated, and should consider setting aside up to 15 percent of the IT secu-rity budget to address the potential risks and impact of such unforeseen issues.”. n

Vishal Dhupar, MD, Symantec India

S E L E C T S E R I E S

radar check

Fortinet has announced a new FortiGate multi-threat security appliance designed to meet high-

end requirements of the mid-enterprise customer segment.

The new FortiGate-1240B appliance offers best-in-class 40 Gbps firewall and 16 Gbps IPSec VPN throughputs, which represent a 400- and 800-percent perfor-mance advantage, respectively, over the nearest competitor. The FortiGate-1240B platform continues the technol-ogy excellence formula introduced on the other two members of Fortinet’s mid-enterprise family – the FortiGate-310B and FortiGate-620B – by also providing the highest port density and best price/performance ratio among products in its class. The three products make up Fortinet’s complete range of multi-threat security appliances for the mid-enterprise. n

AN INDIAN COMPANY SPENDS AN AVERAGE OF

$28,447 PER YEAR IN COMBATING

VARIOUS TYPES OF IT SECURITY

ATTACKS (MCAFEE SURVEY).

QUICK VIEW

AVG to appoint 1,000 resellers by the end of this year

AVG Technologies has announced its plans to appoint 1,000 channel part-

ners, who are typically involved in selling IT equipment, by the end of December 2009. The company has till now been operating in India though its national distributors. As per the company, the appointments will be a step towards enhancing its focus in

the country. As part of the same initiative,

AVG recently appointed Mumbai-based AARVEE Computers and New Delhi-based The Park Group as its premier partners for retail products. With these appointments, AVG aims to reach out to a larger section of users in the Western and Northern parts of India.

AVG offers a wide range of secu-rity products to consumers as well as small and medium businesses (SMBs). “With the rate of PC pen-etration and adoption of technology in the consumer and SMB space in India increasing, we realised that Indian users would have the need and demand world-class security soft-ware. It is hence important for us to reach out to these users and make our products available and thus these appointments have been announced. This will further enable AVG to meet the demand from users,” said Peter

Fortinet appli-ance breaks price performance record

Baxter, Vice President – Business Development, AVG Technologies.

In India, AVG has a direct pres-ence with a dedicated website that allows users to download products as required. Furthermore, nearly 96 percent of AVG’s sales come via the offline channels. “We are expanding our reseller network to ensure that we effectively serve the needs of the fast-growing Indian market. Keeping this in mind, we have a set ourselves a target of enrolling 1,000 resellers by the end of this year. So far we have added 200 partners and feel we are well on our way to achieving our tar-get,” said Baxter.

AVG also recently launched the SignUp Reseller programme, which aims to educate resellers about company’s products and gives them the opportunity to become authorised distributors for AVG. “As per the programme, resellers can become AVG authorised resellers by plac-ing an order for AVG security products worth Rs 25,000. The reseller would also get an additional five percent discount on dealer transfer price,” said Baxter who fur-ther added that so far, the programme has received a phenomenal response.

The company would initially be targeting met-ros such as Mumbai, Delhi, Kolkata, Chennai, Bengaluru, Hyderabad, Ahmedabad, Pune, Kanpur and Surat. This apart, the company has also announced plans to appoint a Country Manager for India as well as staff to support its reseller network.

Netherlands-based AVG Technologies is a global secu-rity software maker protect-ing more than 80 million consumers and small busi-nesses in 167 countries from web threats, viruses, spam, cyber-scams and hackers on the Internet. AVG has about 6,000 resellers, partners and distributors worldwide. n

Peter Baxter, Vice President, Business Development, AVG Technologies

CHARU KHERA

THE AVERAGE TOTAL COST OF A CORPORATE DATA BREACH STANDS

AT $6.3 MILLION,

ACCORDING TO A STUDY BY THE PONEMON

INSTITUTE.

radar check


QUICK VIEW

McAfee report on security reveals crucial gapsOrganisations of sizes from 51 to 1,000 employees are cutting their security budgets at the same time that cyber threats are escalating, according to McAfee’s report The Security Paradox.

The study found that more than half of Indian com-panies surveyed have seen more security incidents in the past year (63%), and one in five mid-size orga-nizations around the world has had a single incident that cost an average of $41K as loss of revenue. The study reveals that 70 per-cent of the Indian companies reported spending more than a day on recov-ering from IT security attacks.

This paradox occurs in part because these types of companies are under the mistaken impression that hackers prefer to target larger compa-

nies. Almost half of global organisa-tions surveyed (43 percent) think larg-er organisations with 501+ employees are most at risk for a security attack. In truth, organisations with less than 500 employees actually suffer from more attacks on average.

“Companies in India are becoming increasingly aware of the threats of IT security attacks. It’s heartening to see that a signifi-cant number of organisations have increased their bud-gets in 2009 on IT security despite the downward pressure on finances and

resources. According to our research, organisations that put more effort on preventing attacks can end up spending less than a third as much as those that allow them-selves to be at risk. Hence, adopting preventive security measures should

HC L S e c u r i t y h a s s i g n e d a M e m o r a n d u m o f Understanding (MoU) with

Cisco to collaborate on delivering IP-based safety and security solutions to help enable safer and more secure communities. The collaboration will combine the strengths of Cisco’s Smart+Connected Communities lead-ership with HCL Security’s ‘Safe State’ architecture to deliver safety and secu-rity solutions in India initially and later in other countries.

Cisco Smart+Connected Safety and Security solutions address the grow-ing complexity of protecting citizens, critical infrastructure, and key assets by enabling the construction of a common security operations picture while helping to ensure full integra-tion and interoperability between different functional parts of the secu-rity system. HCL Security’s Safe State is an architecture that offers integrated urban safety and security technology

HCL Security, Cisco collaborate on secure communitiessolutions with policing and enabling actionable intelligence to make a city secure and safe.

“Cisco envisages a future where successful communities and cities will run on networked information, and where information technology will help the world better manage its challenges. We recognize that the mission of public safety and security is at the heart of economic capac-ity, potential, and growth. For a city or community to grow, thrive, and attract human and financial capital, it needs to be highly secure. Cisco’s Smart+Connected Safety and Security solutions enhance the capabilities of emergency and security personnel by employing next-level infrastructure, technology, services, and platforms to create intelligent, enduring solutions. Our collaboration with HCL Security and its Safe State architecture will help us better address safety and security projects and customer requirements,”

said Dave Stone, vice president, Safety and Security, Smar t+Connected Communities, Cisco.

“HCL Security is committed to deploying an integrated technology approach to enable safer and more secure cities. HCL Safe State marries hi-tech security and surveillance with intelligence and policing - the three key pillars to this integrated approach to secure an entire state, city or large, significant establishments. Our collab-oration with a likeminded global tech-nology pioneer like Cisco will enable us to jointly provide best in class security solutions” said Rothin Bhattacharyya, CEO, HCL Security.

As part of the collaboration, HCL Security will use Cisco technologies to build a state of the art Command & Control Centre for next-generation secu-rity solutions that will provide customers with the features of prevention, auto-mated detection, analysis, and coordi-nated response to incidents. n

be taken as a serious concern by every organisation”, said Kartik Shahani, Regional Director, McAfee India. n

Kartik Shahani, McAfee India

Rothin Bhattacharyya,

CEO, HCL Security

• 67 percent of the Indian companies are very concerned about their busi-ness being a target for cyber crime

• India and China have the largest amount of unreported data leaks, with 35 percent and 32 percent, re-spectively

• 38 percent of the Indian companies surveyed one or more incidents of data breaches in the last one year

• 63 percent of Indian companies witnessed an increase in IT security incidents from 2008 to 2009

• 73 percent of Indian companies fear that a serious data breach could put their organization to out of business

• 47 percent Indian suffered more than 20 security incidents in the past one year

• An Indian company spends an av-erage of $28,447 per year in com-bating various types of IT security attacks (data loss, endpoint protec-tion, email threats, website threats and network security threats)

A FEW INDIA SPECIFIC RESULTS

AS PER AN IDC-SYMANTEC

STUDY, RESPONDENTS

QUOTED

50 %

OF INFORMATION

RESIDING WITHIN THEIR

ORGANIZATION AS SENSITIVE.

70 %OF INDIAN COMPANIES

SURVEYED BY MCAFEE SAID THEY SPEND MORE THAN

A DAY RECOV-ERING FROM

SECURITY ATTACKS PER

WEEK.


radar check


GeScan has announced that it is now a Microsoft gold certified partner. As per the company, it has earned the gold

certificate in Microsoft’s partner programme in recognition of its expertise, strategic role and impact on the security industry.

As Microsoft gold cer tif ied par tner, eScan has demonstrated its expertise with Microsoft technologies and proven its abil-ity to satisfy the needs of its customers. The company has also won several acclaimed awards and certifications by Microsoft. Some key contributors to this certification were certification of eScan in Vista, Windows 7 and many Microsoft certified professionals as part of their team.

Microsoft gold certified partners are the elite Microsoft business partners who earn the highest customer endorsement. They have the knowledge, skills, and commit-ment to help implement technology solu-tions that match exact business needs. Gold certified partners represent the highest level

eScan is the new Microsoft gold certified partner

Govind Rammurthy, CEO & MD, MicroWorld

Technologies

of competence and expertise with Microsoft technologies, and have the closest working relationship with Microsoft.

“First, we would like to thank our custom-ers, who have endorsed us for this certifica-tion. Getting the highest level of certification from Microsoft reiterates our determination and capabilities in providing good security solutions to our customers. This partner-ship will help us in delivering faster solu-tions for upcoming Microsoft technologies too,” explained Govind Rammurthy, CEO and Managing Director, eScan.

Rohini Sonawane, Chief Operating Officer of eScan, who played an instrumental role in obtaining the certification added, “These certi-fications drive us to develop innovative technolo-gies that can help our customers secure their desktops and networks in this ever-expanding threat scenario. Being a part of the select gold circle makes us proud of our accomplishment and we are looking forward to accomplishing many more certifications.” n

IBM report reveals 500 percent increase in malicious Web links

IBM recently released results from its X-Force 2009 Mid-Year Trend and Risk Report. The report’s find-

ings show an unprecedented state of Web insecurity as Web client, server, and content threats converge to create an untenable risk landscape.

According to the report, there has been a 508 percent increase in the number of new malicious Web links discovered in the first half of 2009. This problem is no longer limited to malicious domains or untrusted Web sites. The X-Force report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulle-tin boards, personal Web sites, online magazines and mainstream news sites. The ability to gain access and manipu-late data remains the primary conse-quence of vulnerability exploitations.

The X-Force report also reveals that the level of veiled Web exploits, espe-

cially PDF files, are at an all time high, pointing to increased sophistication of attackers. PDF vulnerabilities disclosed in the first half of 2009 surpassed disclosures from all of 2008. From Q1 to Q2 alone, the amount of suspicious, obfuscated or concealed content moni-tored by the IBM ISS Managed Security Services team nearly doubled.

“The trends highlighted by the report seem to indicate that the Internet has finally taken on the char-acteristics of the Wild West where no one is to be trusted,” said X-Force Director Kris Lamb. “There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity.”n

The 2009 Midyear X-Force report also finds that:n Vulnerabilities have reached a plateau. There were 3,240 new vulner-abilities discovered in the first half of 2009, an eight percent decrease over the first half of 2008. The rate of vulnerability disclosures in the past few years appears to have reached a high plateau. In 2007, the vulner-ability count dropped for the first time, but then in 2008 there was a new record high. The annual disclosure rate appears to be fluctuating between six and seven thousand new disclosures each year.

n PDF vulnerabilities have increased. Portable Document Format (PDF) vulnerabilities disclosed in the first half of 2009 already surpassed disclo-sures from all of 2008.

n Trojans account for more than half of all new malware. Continuing the recent trend, in the first half of 2009, Trojans comprised 55 percent of all new malware, a nine percent increase over the first half of 2008. Information-stealing Trojans are the most prevalent malware category.

n Phishing has decreased dramatically. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets. In the first half of 2009, 66 percent of phishing was targeted at the financial industry, down from 90 percent in 2008. Online payment targets make up 31 percent of the share.

n URL spam is still number one, but image-based spam is making a comeback. After nearing extinction in 2008, image-based spam made a comeback in the first half of 2009, yet it still makes up less than 10 percent of all spam.

* Nearly half of all vulnerabilities remain unpatched. Similar to the end of 2008, nearly half (49 percent) of all vulnerabilities disclosed in the first half of 2009 had no vendor-supplied patch at the end of the period.


radar check


Matrix recently launched a comprehen-sive range of security products designed

to ensure effective safety, security and higher productivity for various organizations.

The products encompass finger print and card based Access Control System - a hard-ware for access management; Time and Attendance System - a powerful software package for time and attendance manage-ment; and automated Fire alarm and Control

System - a control panel to detect and warn against fire.

H i g h l i g h t i n g t h e key considerations that went into t h e d e s i g n -ing of the new Access Control System, Sajeev Nair, Product

ZyWall USG (unified security gateway) series products have integrated IPSec

VPN (starting 25 tunnel till 2000 tunnel) and SSL VPN (starting 2 tunnel till 750 tunnel) technologies to allow the establish-ment of a Virtual Private Network (VPN) for SMBs as well as large businesses.

The application patrol, for managing the use of IM/P2P applications and HA (High Availability) features, provide a new level of security for all businesses needs. The USG products come with multiple WAN settings from Dual WAN to Hex WAN. In ad dit ion to this, you may even inte-grate Dual 3G adapter as WAN on the same product. With a market customer price of Rs 62,000, ZyWall USG 100 is available at ZyXel regional distributors, including Usha Infotech in North India and Ransys Bios in Tamil Nadu.n

CA Inc recently announced new prod-uct releases and integrations designed to help strengthen IT security, lower costs of managing compliance, and improve enterprise-wide IT risk management.The products and integrations include:n CA Access Control 12.5 with new features to deliver comprehensive privi-leged user management and enhanced host access control;n Improved integration of CA Identity Manager 12.5 and CA Role & Compliance Manager 12.5 for more streamlined identity lifecycle manage-ment, including innovative Smart Provisioning capabilities;n CA DLP 12.0 with extended discov-ery, protection, and control of sensitive data, and new integrations to comple-mentary solutions; demands; andn CA Governance, Risk & Compliance Manager 2.5 with new features to further strengthen its role as the primary platform for management of IT risk and compliance information and initiatives.

“The explosion of data growth and the increase in regulations have created unprecedented security and compliance challenges for organizations,” said Dave Hansen, corporate senior vice presi-dent and general manager, CA Security Management.

ZyWall USG 100

Security, governance products from CA

WatchGuard XTM-1050

WatchGuard XTM builds on the powerful UTM foundation of inte-grated firewall/VPN with virus

and intrusion blocking, but extends security to provide spam blocking, spyware and bot protection, and URL filtering. It also includes enhanced support for business technologies such as Voice over IP (VoIP), and is the only XTM product on the

market that offers inbound and outbound HTTPS inspection to increase content secu-rity coverage and close the HTTPS loophole.

The XTM 1050 delivers strong security, high performance, flexible management tools, and advanced networking features, with

integrated SSL and IPSec VPNs to ensure secure connectivity for remote workers.n

Matrix launches a range of security productsManager of Matrix Telecom, said, “The idea was to design a unique solution that offers foolproof security, flexibility, as well as reduces the implementation cost drastically. Its modular design offers unique scalability option and supports up to 5 million users. Unlike traditional solutions, Matrix Access Control Solution is based on IP back-bone and master-slave architecture. This ensures that installation is no more a pain area for integrators.”

Among the new products is Matrix Cosec Sigma, a state of the art Access Control System designed to provide comprehensive access control and time & attendance solution for medium and large enterprises. This versatile product comes with a Web-based Management Software that can monitor and control up to 1000 locations, 75,000 Door Controllers and 5 million users in real time.n

Quick Heal Technologies has announced the launch of new 2010 computer secu-

rity series, including Quick Heal AntiVirus 2010, Quick Heal Internet Security 2010 and Quick Heal Total Security 2010.

Focused on giving the best user experience, Quick Heal 2010’s series is much lighter, faster and smarter than its previous versions. Lighter in terms of lesser memory usage during operation and an enhanced engine that performs faster scanning and quicker updates. Advanced technologies implemented in the enhanced scan engine help in deeper scanning of threats which was not possible in earlier versions making it smarter and ready to fight latest threats.

“Quick Heal’s 2010 product line will give more advantage to users in fight against cyber criminals” says Kailash Katkar, CEO, Quick Heal Technologies. “Quick Heal 2010 series

Quick Heal 2010 serieswill also be compatible to Windows 7 and make opti-mal use of this new operat-ing system from Microsoft”

Quick Heal 2010 has new features like advanced memory scanning, pen drive protection, browsing protection and enter-tainment mode. New advance memory scan-ning now scans the system memory deep at kernel level which makes sure even Rootkit drivers get detected at user mode. In this new release Quick Heal’s new unique feature automatically stops all kinds of malware from getting executed when an infected pen drive is plugged into the computer. Quick Heal 2010 – browsing protection feature helps prevent browser from visiting infected websites. Additionally, the Firewall is enhanced to protect users from hacking etc.n


radar check


Kingston Digital Inc, the flash memory affiliate of Kingston

Technology Company Inc, has announced the release of the DataTraveler Locker+ USB flash drive.

The DataTraveler Locker+ allows companies of any size to secure mobile data with the ease and confidence of knowing that their data is encrypted and safe. The DataTraveler Locker+ also comes at a lower cost in times of shrinking IT budgets, making it ideal for budget-conscious companies.

“Kingston created this drive to address the rise in data loss and theft which has been a growing problem with expensive consequences. This device gives companies a solution that is not only affordable but provides peace of mind in securing mobile data,” said Nathan Su, Flash Memory Sales Director, APAC Region, Kingston. “The DataTraveler Locker+ encrypts 100 percent of the contents and is available at a price point that is very attractive for all entities looking to comply with corporate security policies.”

Data on the Kingston DataTraveler Locker+ is secured with 256-bit hard-ware-based AES encryption. Access to the drive’s contents is through a simple to use interface requiring a complex password. The likelihood of successful brute force attacks on the DataTraveler Locker+ is reduced as the drive locks down and reformats after 10 incorrect password attempts.

The 100 percent encr ypted DataTraveler Locker+ ships in up to 32GB capacity. For companies in need of a partitionable area on the USB drive for public sharing (e.g., within an office setting), Kingston offers the DataTraveler Locker which allows both a public and encrypted zone. Kingston also ships the DataTraveler Vault – Privacy Edition for enterprise and government customers requiring a speedier, more robust Flash drive. It is also waterproof and Trade Agreements Act-compliant. Kingston

DataTraveler USB drives are backed by a five-year warranty and free

tech support.T h e f l a s h d r ive s

are available from HCL Infosystems, Compuage

Infocom, Transtek Infoways, Shree Pati Computers and Sunrise Infosolutions.n

QUICK VIEW

Cyberoam launches endpoint data protection solution

Cyberoam, a manufacturer of Identity-based Unified Threat Management (UTM) solutions,

announced the launch of its End Point Data Protection suite to secure corporate data and manage IT assets. This suite extends Cyberoam’s secu-rity protection from the gateway to the endpoint, marking its presence as a complete security provider.

The extensive use of removable storage devices and file sharing appli-cations makes end points the most vulnerable areas with research statis-tics showing more than 50% data loss incidents originating at end points. The average total cost of a corporate data breach stands at $6.3 million and lost business accounts for 65% of breach costs, according to a study by the Ponemon Institute. End point data protection is thus increasing-ly being recognized as the critical immediate step in cutting data losses and delivering immediate ROI.

Cyberoam’s End Point Data Protection suite fills the gap for a dedicated end point security solution with available solu-tions being highly priced and targeted at the enterprise seg-ment. Supporting up to 3000 users, Cyberoam meets the data protection requirements of SMB and enterprise segments.

Tushar Sighat, Vice-President – Operations, Cyberoam, said, “Blended threats do not distinguish between the gateway and the end point to gain entry. With the launch of the end point data protection suite, Cyberoam will secure organizations at the gateway and the desktop, offer-ing a single, complete security cover for organizations.”

Cyberoam’s End Point Data Protection suite consists of four modules - Data Protection and Encryption, Device Management, Application Control and Asset Management. With its policy-driven data protection and asset management, the suite delivers Identity and group-based policy control as well as activity logging to provide comprehensive control and visibility of data transfer over removable devices; applications; chat applications such as Skype, MSN and more; network sharing and printers.

Kingston’s DataTraveler Locker+ allows portable security at lower cost

Speaking about opening of new opportunities for channel partners, Sighat said, “Cyberoam is the first in India to offer Data Protection and Asset Management in a single solu-tion, meeting customer demand for a comprehensive, easy-to-manage solu-tion. Our end point solution opens a whole new opportunity for channel partners for revenue generation and expanding the customer base. In fact, a poll of our global partners revealed that 59% wanted end point data pro-tection including asset management from Cyberoam in their portfolio.”

Even as Cyberoam offers com-

prehensive control with role-based access to removable devices and applications, its real benefits come in the form of high granularity in defining customizable whitelists and blacklists. User identity-based control over file handling, granular controls over data transfer based on user, group, time, file name, type, size, location, extending its controls outside the network in addition to creation of shadow copies ensures that Cyberoam delivers effective data security. Encryption and decryption controls of the file or removable device prevent data leakage through loss of device or malicious transfer of data to unauthorized end points.

The Asset Management module for Windows enables organizations to take automated hardware and soft-ware inventory in addition to auto-mating patch management, handling bug fixes across the network irrespec-tive of the geographic location.n

Tushar Sighat, VP-Operations, Cyberoam

73% OF INDIAN COMPANIES FEAR THAT A

SERIOUS DATA BREACH CAN

PUT THEM OUT OF BUSINESS.

47% INDIAN ORGAN-

ISATIONS SUFFERED

MORE THAN 20 SECURITY INCI-DENTS IN THE

PAST ONE YEAR.

TROJANS ACCOUNT FOR MORE THAN HALF OF ALL

NEW MALWARE. CONTINUING THE RECENT

TREND, IN THE FIRST HALF OF 2009, TROJANS

COMPRISED

55% OF ALL NEW MALWARE, A

NINE PERCENT INCREASE OVER THE FIRST HALF

OF 2008.

SOURCE: IBM X-FORCE 2009 MID-YEAR TREND AND RISK

REPORT


survey


TAKINGS E L E C T S E R I E S

PULSETHE

To find out what the solution providers who sell and implement security products think about the opportuni-ties and trends in this segment, DCC conducted a survey across India. Of the hundreds of responses received, a total of 92 respondents were shortlisted whose answers were found to be

complete in all respects. The results are compiled and presented here.

Look out for some interesting insights.

top view

Informationreport on Internet Security Threats, more electronic records were breached in 2008 alone than in previous four years. But we can’t put all the onus of informa-tion security breaches on the attackers. Of more than 35 million data records that were breached in 2008 in the US, a majority of the lost data was neither encrypted nor protected by a password, says a 2008 report of the Identity Theft Resource Centre. Further, the Symantec Internal Security Threat Report XIV of 2008 says that of the 5,491 vulner-abilities documented by its researchers, 80 percent could be classified as easily exploitable. Another report by Symantec and Ponemon Institute, in which employ-ees who either lost or left their jobs in 2008 were surveyed, reveals that 59 percent of them admitted to having stolen confidential company information. This means there’s a gap between “want to protect information security” and “none, barely or actual” deployment of informa-tion security solutions in organizations.

Because of the growing number of threats and breaches – and a growing awareness of the same among enter-prises – there’s still a huge demand for information security solutions, the recent economic conditions notwithstanding. According to the “Global IT Security Market Forecast to 2013” released by ReportLinker, the global market for IT security grew in 2008 despite reces-sion. It estimates the global IT security

Increase in the amount and usage of data, rise in the number and type of security threats and changes in the way businesses work today are all contributing to the growth of the information security market

THE

SECURITY SCENARIO

TProtecting information is not only necessary, it is also an ethical and legal responsibility of every busi-

ness. An organization owes it to all its stakeholders, including itself, to protect all forms of proprietary and confiden-tial information from both internal and external breaches. And since information is useless unless it is accessed, you can’t securely hide it behind a lock and throw away the key. Information has to be shared

and used – but only by those who are authorised to do so.

Information security is becoming ever more difficult due to heterogeneous IT environments, an increasing number of endpoint computing instruments such as laptops, mobile phones, PDAs and the like, and a rise in the number of people who want to make quick bucks by supplying unauthorized information and misus-ing it. According to the latest Symantec



top view

Vendor Name Site Solutions Provided*

AEP Networks Inc www.aepnetworks.com Secure Voice and Multi-service Datacom Solutions, Encryption and Authentication, Hardware Security Modules

Alwil Software a.s. www.avast.com Antivirus Software, Data Recovery Tools

AVG Technologies www.avg.com Antivirus, Antispyware, Internet Security

Barracuda Networks www.barracudanetworks.com Content Security, Antivirus, Antispam, Firewall, SSL VPN

CA www.ca.com Access Control, Identity Management, DLP, Mainframe Security, Antivirus, IPS, SOA Security, Security Management

Cenzic Inc www.cenzic.com Application Security, Risk Management

Check Point Software Technologies Ltd www.checkpoint.com Security Appliances, Security Gateways, Security Management, Endpoint Security, Software Blades

Elitecore Technologies Ltd www.elitecore.com UTM Solutions

FaceTime Communications Inc www.facetime.com Security solutions for Web 2.0 apps such as social media, instant messaging, P2P networking, audio/video sites

Fortinet Inc www.fortinet.com Network Security Software, UTM, Business Network Security

F-Secure Corp www.fsecure.com Internet Security, Mobile Security

IndiaAntivirus www.indiaantivirus.com Antivirus, Antispyware, Content Security

K7 Computing www.k7computing.in Antivirus, Antispam, Firewall

Kaspersky Lab www.kaspersky.com Antivirus, Antispam, Internet Security, Mobile Security

McAfee Inc www.mcafee.com Antivirus Software, Intrusion Prevention Solutions

MicroWorld Technologies Inc www.mwti.net Antivirus, Content Security Software, Firewall

Panda Security www.pandasecurity.com Antivirus, Internet Security, Cloud-based Security

PGP Corp www.pgp.com Encryption Software, Enterprise Security Solutions

Quick Heal Technologies (P) Ltd www.quickheal.co.in Antivirus, Antispyware, Antispam, Internet Security

RSA Security# www.rsa.com Secure Access, Identity Management, Encryption, Authentication, DLP, Digital Certificates

SafeNet www.safenet-inc.com Content Security, Encryption, Authentication

SonicWall Inc www.sonicwall.com UTM, Antispam, Email Security, SSL VPN, Backup and Recovery

Sophos plc www.sophos.com Antivirus | Security Software | Data Protection | Encryption Software for businesses

Symantec Corp www.symantec.com AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage Solutions

Trend Micro Inc www.trendmicro.com Antivirus, Content Security Software

Unistal Systems www.unistal.com Antivirus, Data Recovery, Anti-theft and Tracking System

Verint Systems Inc www.verint.com Video Analytics and Management, Communication Interception and Analytics, Public Safety Solutions

VeriSign Inc www.verisign.com Internet infrastructure services for the digital world, SSL Certificates, Domain Name Services, DDOS Mitigation, Identity Protection

WatchGuard Technologies Inc www.watchguard.com UTM, VPN Security Solutions, Content Security

Websense Inc www.websense.com Web security, email security, data security

zation is saddled with unmanaged PCs and smartphones, as well as unmanaged social media networks.

In view of these new developments, layered, centralized security solutions that provide multiple touch points within as well as around the network will be necessary. With wider adop-tion of cloud computing, social media networks and virtualization, data will become more vulnerable to unau-thorised access. Which is why infor-mation-centric security, rather than container-centric security, will be the pressing need of organisations.

Needless to say, over the next few years, security vendors are going to rely more and more on channel partners to sell, implement and support a diverse mix of products and services. n

Note: Not a comprehensive listing; some big names are missing from this list because it focuses on players for which security is a primary or significant business. Others may have been left out due to space constraints. * Compiled from vendor websites; only indicative of solutions and does not show entire portfolio # Started as an independent vendor but now a division of EMC Corp

market to be more than $54 billion in 2008, which is expected to grow at a CAGR of about 11% from 2009-2013. According to an IDC May 2009 survey of IT Executives and CIOs in Australia, India, Korea, China and Singapore, more than two-third of respondents indicated that security software will be a key focus in order to address threats and improve compliance. Besides software, another key component of the overall security market is going to be – no surprises here – the most-talked-about Unified Threat Management (UTM) appliances that provide layered, unified security at the network level. UTMs will make up 33.6% of the total network security market by 2012, as per another IDC report.

In the Indian market, much of the growth and volumes in the informa-

tion security market is expected to be contributed by SMBs – who are finding it increasingly essential to secure their data and systems if they want to pursue their growth ambitions.

It is estimated that a major informa-tion security threat to businesses and government agencies will come from the remote workforce using home/public PCs, PDAs and mobile phones. While the flexi-benefits of a remote workforce is only going to make more companies empower their employees to work away from their desks, the phenomenon also forces an organisation to relin-quish some of its information security control. Add to this the use of sites and apps such as Facebook, Twitter, Google Apps, LinkedIn, etc, by businesses, and you have a scenario where an organi-

Of more than 35

million data records

that were breached

in 2008 in the US, a

majority of the lost data was neither encrypted

nor protected by a password.

SECURITY VENDORS DIRECTORY


authentication and idp


I t is truly said that the past teaches good lessons. In the olden days, kings used to defend their assets by building high

walls around their castles and putting heavily-armed soldiers at the top. Today’s enterprises guide their infor-mation assets just as zealously – albeit with the use of modern data security technologies rather than the stout sentinels.

With the pace at which online threats are getting complicated and fierce, enterprises are bound to opt for mechanisms/solutions that can help them detect and prevent the ever-increasing attacks. Authentication and Intrusion Detection and Prevention (IDP) are two key measures companies are looking at to keep their data safe from security threats and intruders.

Intrusion Detection and PreventionAn Intrusion Detection and Prevention System (IDPS) comprises an IDS (Intrusion Detection System) and an IPS (Intrusion Prevention System). An IDS detects suspicious activities, whereas IPS is designed to take imme-diate action on such activities (such as blocking a specific IP address). The IDS

alerts the network administrator and the IPS stops potentially dangerous data entering the network. The two are often termed an IDPS.

With the help of an IDPS, users can monitor activities for malicious or unwanted behaviour and can react, in real-time, to block or prevent those activities. Furthermore, IDPS help monitor and analyse both user and system activities; assess system and file integrity; has the ability to recognise patterns typical of attacks and even track user policy violations.

IDPS solutions are primarily focused on identifying possible incidents that can occur with accessing websites, logging information about these acci-dents, attempting to stop them, and reporting them to security adminis-trators. In addition, organisations use IDPS for identifying problems with security policies, documenting exist-ing threats, and deterring individuals from violating security policies.

Growth driversRecent breaches in security have shown that having an antivirus or fire-wall solution alone is not sufficient for an organisation’s security. Providing insights on the same, Vishal Dhupar,

The growing complexity and severity of online threats imply that enterprises large and small will have to look beyond simple firewalls

CHARU KHERA

NOTRESPASSING

feature


MD, Symantec India, says, “IDPS complements various security mecha-nisms (adopted by enterprises today) by offering significant detection and prevention capabilities against exter-nal attacks and internal policy abuse. This has well been accepted by enter-prises – both large and small – and they are adopting IDPS solutions to ensure an integrated security strategy for multi-tiered protection.”

As per industry watchers, the most crucial factor driving the growth of IDS/IPS solutions among Indian enter-prises is the constant onslaught of new worms and viruses that exploit vulner-abilities of a system. Apart from this, as end-point devices become more and more sophisticated and diverse, large enterprises as well as SMBs will have to provide an effective way to address risks emanating from employees taking data from their workstations to their personal devices using Bluetooth, USB or CD/DVD. An IDPS is the way out.

Challenges IDPS solution providers have seen high revenue growth but challenges remain. Says Govind Rammurthy, CEO and MD, MicroWorld Technologies, “We expect to see a lot more of mergers and acquisitions, leading to consolidation of technologies and products into single platforms. Challenges for vendors will be to educate the SMBs on various emerging threats and ways

to protect against them.”Both IDS and IPS are very complex in

nature - both come in various configu-rations, each designed to address a particular intrusion-protection need. According to Saket Kapur, CEO of Delhi-based Green Vision, “IDPS as a technology has undergone a lot of enhancements over the years and the scenario will continue to be the same. That is why enterprises generally tend to have misconceptions in terms of expectations from IDPS.”

Another crucial challenge that most enterprises face is lack of skilled manpower. More often than not, organisations do not have well laid-out response plans for the instance when an intrusion is detected and reported by the IDPS.

Channel opportunitiesLayered security is the key to protect any network – and addition of the IDPS tier will provide high growth opportunities to solution providers. Most partners believe that IDPS is a rapidly growing field and is the logical next step for many organisa-tions after deploying firewalls at their network perimeter.

Moreover, the success of an IDPS implementation depends, to a large extent, on how it has been deployed, which in turn provides great opportu-nities for channel players.

AuthenticationNo business today is immune from phishing attacks and its devastating ef fects. A recent repor t by AMI indicates that close to 10 percent of all global phishing activities specifically target India. Another report by Anti-Phishing Working Group (APWG) stated that in the first half of 2008, over 47,000 phishing attacks targeted over 26,000 unique domain names.

As phishing attacks increase in effectiveness and present a real threat to the online community today, espe-cially e-banking and e-commerce sites, strong authentication is needed to make these attacks ineffective. As per Wikipedia, authentication is the process of determining if a user or identity is who they claim to be. It is achieved with the help of either a pass-word, a security token or biometric.

Authentication has today largely become a measure for many large enterprises, SMBs as well as banks against fraud and identity theft. More often than not, people associate

authentication with passwords, but there are several mechanisms for authentication, including multi-factor authentication, website verification, security certificates, etc.

Business opportunities Authentication is a very big market and experts believe that online banking and e-Governance are going to drive the future of this segment. Explaining the benefits of authentication, Rana Gupta, Business Head, India & SAARC, SafeNet, says, “Authentication solutions ensure that only authorised individuals access an organisation’s sensitive infor-mation - enabling business, protecting data, lowering IT costs, and boosting user productivity. With authentication, users can even strengthen VPN security for remote access and simplify password management and protection.”

Authentication services provide enormous opportunities for channel. For one, Mumbai-based Allied Digital Services has tied up with Australia-based ValidSoft to offer authentication solutions in India. Says Bimal Raj, CEO of Allied Digital, “With the increase in the number of security breaches and transaction frauds, the need for authentication has become crucial for any enterprise today. Thus, it is the best avenue for channel to foray into.”

Market trendsThe pace at which online threats are increasing, a password-only approach provides a relatively low level of trust for consumers. Thus, two-factor authentication (known as 2FA) is being adopted by enterprises, which helps them add another layer of secu-rity and represents a higher level of trust between consumers and online businesses. Recent Reserve Bank of India guidelines calling for all online transactions to have an additional layer of security are speeding up the use of two-factor authentication among banks and e-commerce sites.

ChallengesMost partners are of view that while the complexity of online threats is increasing, most companies find it challenging to understand and upgrade their existing systems. In many cases, despite its importance in maintaining customer trust, authenti-cation remains a challenge due to the difficulty involved in the implementa-tion and execution phase. n

[email protected]

As per a recent survey done by Forrest-er in association with VeriSign, out of 324 global IT security decision-makers, 70 percent reported that their current authentication methods are related to their customers’ degree of trust in their offerings. 80 percent of respondents said that line-of-business managers believe that the establishment and retention of customer trust is a busi-ness requirement. Moreover, given the importance placed on securing trust, it is not surprising that 60 percent of those surveyed reported that this objec-tive was supported with a specific tech-nology or policy implementation. These investments included everything from more user-friendly and robust front-end application to new server, and overhaul of databases and customer education and usage safety ethics, as well as easier-to-use authentication processes.

A QUESTION OF TRUST

A recent report by

AMI indicates that close to 10 percent

of all global phishing activities

specifically target India.

Intrusion detection systems

complement other

security solutions.”

VISHAL DHUPAR, MD, SYMANTEC INDIA

WITH THE HELP OF AN IDPS, USERS

CAN MONITOR ACTIVITIES

FOR MALICIOUS

OR UNWANTED BEHAVIOUR AND CAN REACT, IN

REAL-TIME, TO BLOCK

OR PREVENT THOSE

ACTIVITIES.

authentication & idp


DCC: What are some of the crucial factors driving the growth of authentication as well as IDP solutions in the Indian market?

The world we are living in today is an era defined by immediate access to information and services, irrespective of the connection—from our desk at work, our desk at home, or even when there’s no desk at all. People are collabo-rating, communicating, and interacting like never before. From e-commerce to financial services to healthcare, consum-ers are using the Web to accomplish everyday tasks online. But transmit-ting confidential, personal, or financial information over the Web can be risky, making businesses responsible to better protect their consumers’ digital iden-tities. With the variety of individuals and businesses on the Internet, and the prevalence of online fraud, it is critical to know and trust the parties that you are doing business with. Hence, strong identity and authentication mechanism must be attached high importance by the decision makers in any organisation.

Every day, identity thieves are getting smarter at tricking people into revealing their account numbers, pass-words or financial information. Last year, 9.9 million fraud victims were tracked who lost an average of $4,849 in each incident.

DCC: What is the current level of awareness on phishing attacks in India? How can it be raised?

Currently, the awareness level of Indians with regard to phishing

“AUTHENTICATION MECHANISM SHOULD BE GIVEN HIGH IMPORTANCE BY DECISION MAKERS”

Last year, 9.9 million

fraud victims were

tracked who lost

an average of $4,849

in each incident.

attacks and other cyber threats is significantly low. As per a recent survey commissioned by VeriSign, 76 percent of Indian web users are unable to spot phishing sites. Hence, as the first recommended step, awareness needs to be built-in. This can be accomplished by engaging with the mass base of Internet users via information that helps them understand their vulnerability and threats online. The Indian Internet users must be made to realise that only when armed with the right information and simple precautionary measures, consumers can freely and rightfully surf and transact on the Internet and keep their valuable personal information intact.

VeriSign has recently launched ‘TrustTheCheck.com’, a website devoted to helping consumers keep safe as they surf the web. The website presents the tips and techniques consumers need to safely shop, bank, trade stocks and book travel online.

DCC: RBI has issued guidelines that all online transactions should have an additional layer of security apart from the one already present. How does this provide a business opportunity for VeriSign and its partners?

More than an immediate business opportunity, the RBI guidelines have certainly highlighted the need for more secure transactions on the Internet. It is a guideline in the right direction, and helps in raising the trust on the Internet, an imperative for enabling e-commerce to flourish in India. However, it is too

early to say whether the technology implemented is correct or not. The pass-word put in place is static, which again is risky if a fraudster is able to lay hands on someone’s password. There is a need to bring dynamic passwords in picture, because static passwords cease to be secure once stolen.

DCC: What are some of the key challenges in creating awareness among channel partners?

We must constantly focus on impart-ing value addition to the knowledge base of channel partners about the need for strong authentication tools that hold preference among business houses across sectors. We believe training the partners and helping them understand the threats and solutions in the area of online security will help them secure better business and assist them in achieving their growth objectives.

DCC: Do you think the lack of a large and active e-commerce base is holding back the market for authentication solutions?

Authentication services are now a must for not only the e-commerce space but across verticals on the Internet, wherever an identity creation is required - even at a Social Networking site.

An unrelenting demand for real-time information from employees, partners, and customers has put an enormous pressure on businesses and IT organisa-tions to adopt the strongest authentica-tion solutions. n

[email protected]

Rajiv Chadha, Vice President, VeriSign India

Explaining the need for strong authentication policies in Indian enterprises, Rajiv Chadha shares with Charu Khera the outlook for the Authentication and IDP (Intrusion Detection and Prevention) market in India. Excerpts:

76%OF INDIAN WEB USERS ARE UNABLE

TO SPOT PHISHING

SITES.

data storage & loss prevention


making it much harder to know where sensitive data is actually located throughout the enterprise. In addition, dramatic changes in the way people communicate and collaborate are changing the way in which informa-tion is being created and accessed. For example, increasing numbers of wire-less and mobile users with portable storage devices pose challenges for IT in controlling how and where infor-mation is used. These highly portable devices can be lost or stolen more easily, placing valuable information in the hands of external parties.

Technologies such as P2P, stream-ing media, social networks, and instant messaging have further broadened the

Changing work environment and evolving malware necessitate a comprehensive approach to data protection.

PROTECTION

ACHIEVING TOTAL

amount of unstructured information being transferred in and out of the enterprise. For example, users can inadvertently reveal sensitive infor-mation from images posted on their profile pages.

All these changes mean that IT management requires a more effec-tive approach towards data protection in the enterprise. And while digital trails can help determine how a data breach occurred, it is more impor-tant for enterprises to have preven-tive measures that actively safeguard against such breaches from happening in the first place.

Need for new safeguards The occurrence of data breaches can be classified under two scenarios. The first involves breaches triggered by an external source. This may include direct network intrusion, phishing scams deliv-ered via spam email or social networks, as well as delivery of malicious soft-ware in the form of viruses, worms and

For any company - from startup to large enterprise - informa-tion is a main corporate asset. However, the globalized and

open nature of modern business also means that corporate information - and the intellectual property that it contains - exists in more formats, is more accessible, and more exposed than ever before. No longer is data confined within the physical walls of a company, it is now easily copied, shared, and stolen.

Corporate information is typically managed in structured databases and documents. However, the majority of information resides in unstructured form, such as emails and images,

white paper


Trojans to compromise the organiza-tion’s IT infrastructure.

The second scenario occurs from within the organization (whether acci-dentally or deliberately), such as the exposure of sensitive corporate data contained within files and commu-nications sent by employees, or lost hardware that contain portable stor-age media (e.g. laptop hard drives, CDs, USB drives).

In a typical enterprise, technologies already in place, such as firewalls, intrusion detection and prevention (IDP) systems and virtual private networks (VPN) focus on prevent-ing outside threats from entering the enterprise network. However, these systems fail to protect against internal threats that originate from infected employee machines or outgo-ing communications from inside the network. In addition, security solu-tions such as Network Access Controls (NAC) only focus on initial posture assessment and authentication of the employee’s endpoint. Once a user is authenticated, he or she is no longer monitored and can act in ways harm-ful to the network.

Multiple loss vectors Data can end up in the hands of unau-thorized users through the following channels:

Data Stealing Malware. Endpoint solutions and pattern file deployments alone are inadequate to protect busi-nesses. Today, data-stealing malware circumvents industry-standard enter-prise security solutions by exploiting their weaknesses with sophisticated methods of attack that evolve rapidly and make use of multiple modalities. Various methods employed by cyber criminals include hiding malicious programs within intriguing emails, redirecting users to fake websites that ask for login details, and sneaking data-stealing malware into corpo-rate networks where they can remain undetected for months.

Te c h n o l og i e s s u c h a s i n t r u -sion detection (IDS) and intrusion prevention systems (IPS) monitor behaviour with the objective of identi-fying unusual or suspicious activity or network anomalies. But these meth-ods can evade detection by “hiding” commands in regular port 80 traffic or TCP/IP packets. Upon gaining entry, hackers can then install sniffer programs that allow it to intercept keystrokes and other data being transmitted over the

network. This method can avoid detec-tion for an extremely long time, provided the hacker does not become overzealous in bandwidth utilization.

According to TrendLabs, Trend Micro’s global network of research, development, and support centres, there was a 1,731% increase in web threats between 2005 and the first quarter of 20082. Based on this, an organization’s defences will need to detect over 26,598 new threats every hour by 2015 to keep up (see graph).

Stolen and Loss of Equipment. As it is easy to copy and carry critical enter-prise data using to laptops, USBs, and other portable storage devices, one of the most significant sources of infor-mation loss comes from employees who misplaced their hardware. Even the most stringent firewall, IPS, or VPN cannot protect these corporate data assets when they can be simply carried beyond the physical boundar-ies of the enterprise. Equipment theft is a major concern with 28% of data breaches due to stolen equipment such as laptops and computers.

Accidental Exposure from Within. Email systems, file transfer systems, instant messaging systems, blogs, wikis, Web tools, and other applications are now used as part of everyday business communications. However, without proper controls over what can and cannot be sent, confidential information such as trade secrets, designs, propri-etary processes and other knowledge assets can be easily exposed to outsid-ers. In addition, disgruntled employees may even actively seek to remove data that they consider to be useful such as customer lists and emails.

Damages from data breaches Data breaches could have serious consequences for enter-prises. Besides the lost data itself, the results could be down-time, reduced productivity, and costly clean up, with immediate damage to a company’s reputation and customer loyalty.

Taking all these follow-on costs into account, a 2007 study by the Ponemon Institute found that the loss of customer records costs an organization an average of $197 per lost record, and that the average business loss for a large organi-zation that suffers a data breach is as high as $4.1 million. According to Gartner, “organizational costs of a sensitive data breach will increase 20 percent per year over the next two years through 2009.”

In light of these alarming numbers, it should be obvious that the cost of a data breach can far outweigh the investment in advanced security solutions designed to prevent them from happening. Yet, many firms still do not have the right level of data protection technologies in place. According to a survey conducted by Osterman Research during April 2008, only 49% of organizations have deployed these capabilities.

Strategy for total protection Trend Micro recommends a five-

step process that will serve as a useful starting point for incorporating data protection solutions:

Classify: What digital assets do you want to protect? Speak with line of business owners to under-stand what information they want protected, watched, and ignored - as they have the knowledge of how data is used on a day-to-day basis. However, sensitive data may differ by business segment or region.

Identify escape methods: What are the channels from which sensi-tive information might escape? Identifying channels of escape is really a function of how data is used in an environment. How data is moved around in an organiza-tion and the business processes the organization has created around that data, both give an idea of how data may escape.

Discovery: Once sensitive data (and escape methods) have been defined for your organization, automated scanning technologies can be deployed to locate the data itself, whether it resides in file shares, databases, emails, content manage-ment systems, laptops, USB drives, CDs, and more. Data can then be marked according to the level of sensitivity.

Develop policies: What are the reme-diation steps needed when sensitive data is encountered? What data should be ignored? While govern-ment regulations provide a baseline policy for sensitive data, additional allowances and restrictions will need to be put in place depending on unique business processes. For enterprises starting out with DLP solutions, certain policies can be made to start in a monitor-only mode.

Monitor/Report/Refine: Long-term effectiveness relies on a process of monitoring, reporting on events, and refining policy. Initial rules for endpoint policies may be adequate, but they may result in some unintended consequences, as some legitimate events may be identified inadvertently as viola-tions. Monitoring the company’s networks, systems and users can help flag these events to enable policy refinement. n

Courtesy: Trend Micro

According to

TrendLabs, there was a 1,731% increase in web threats

between 2005 and

the first quarter of

2008.

EQUIPMENT THEFT IS A MAJOR CONCERN

WITH

28% OF DATA

BREACHES DUE TO STOLEN

EQUIPMENT SUCH AS

LAPTOPS AND COMPUTERS.

data storage & loss prevention


companies would use it as a tool to instill some best prac-tices among their employees, some would use it as a tool to prevent further damages. To sum up I would say there are three major drivers –first, the strategy not to let the confidential information out of the organization and go in the wrong hands; second, the compliance with laws and other regulatory requirements (the latest has been the IT Act 2000 Amendment); and third is a purely tactical reason, as some compa-nies use it as a forensic tool to differen-tiate between good and bad employees.

DCC: What do you think are the major concerns of businesses in terms of storing, managing and protecting their business-critical data? How effective is a DLP solution in addressing them?

Customers have already imple-mented the identity and access management to protect their stored data, as the technologies in this field are matured enough. The real chal-lenge is to make these tools widely available and accessible for the busi-nesses and dealing with unstructured data which is probably the weakest link in any organization. These unstruc-tured data in the form of e-mails and Word documents need to be managed carefully to prevent data leaks and DLP solutions can be very effective in deal-ing with such unstructured data.DCC: What are the new trends emerg-ing in the DLP space and what are the most-sought-after features?

Vendors are taking a comprehensive approach towards data security and hence looking to integrate DLP with

DCC: How mature is the DLP market in India currently?

The DLP market is gradually getting mature in India. Though businesses were wide awake of the repercussions of their sensitive and confidential data getting leaked earlier also, still they did not have the right tools which could help them put a stop to that. But now they have the right technology available to handle those confidential data, and they know exactly what to secure, how to secure, what tools to deploy and how complex is the deployment and the associated costs. We have been working on few large projects at present, which I consider to be a very positive sign of recovery considering the economic depression causing very slow adoption last year.

DCC: What are the factors driving growth in the DLP space?

Today people’s notions towards data have changed drastically and I can see it has become an important element of both the reactive and proactive secu-rity measures taken by the compa-nies to protect their business critical data. In fact, that there are different objectives behind the adoption of data protection measures by different organizations. There are organiza-tions that would not wait for some data seepage to happen and would not like to see their names getting flashed in the newspapers before going for a dedicated solution. While some

“UNSTRUCTURED DATA IS THE WEAKEST LINK IN ANY ORGANISATION”Surendra Singh foresees a consolidation of the data loss prevention (DLP) market in India in the next few years, besides promising growth in the adop-tion of various DLP tools. Excerpts from an exclusive interview to Soma Tah:

VENDORS ARE TAKING A COMPRE-

HENSIVE APPROACH TOWARDS

DATA SECURITY

AND HENCE LOOKING TO INTEGRATE DLP WITH

OTHER SECURITY FEATURES.

DLP can be very

effective in dealing with

securing unstru-

ctured data

other security features, so that the customers can get maximum protec-tion out of it. For example we have integrated DLP with web security to give data protection and I see aligning endpoint security with the DLP can bring a significant amount of growth.

But the vendors need to strike a balance somewhere, as the solution can become increasingly complex and increasingly difficult to manage. May be the benefits would be high, but one has to keep it in mind that the costs would also go so high that the solu-tions would not be worth having.

Automated data identif ication and classification is another emerg-ing trend which will ensure the ROI from the day one of the installation. Among the other features, the accu-racy of the data identification system and the robustness of reporting are the two very important factors that the customer needs to consider before investing on any DLP solution.

DCC: What kind of business opportunities are there for partners and what are the main challenges ahead?

Partners need to have a very sound understanding of technology. Partners should also have a very distinct skill set which can help them engage differ-ent departments for an effective DLP deployment, so that businesses can reap the benefits across the board. n

[email protected]

Surendra Singh, Regional Director, SAARC, Websense

firewall and antivirius


The Internet today has become an integral part of personal and busi-ness communication, entertainment and productivity. But the increasing sophistication, complexity and func-

tionality of the Web has created many new oppor-tunities to exploit its users. According to Peter Baxter, Vice President – Business Development, AVG Technologies, “Today, 60 percent of all tech-nological threats are web-based.”

“A threat landscape once dominated by e-mail borne spam and viruses has now been replaced by fast-moving attacks, which infect even legitimate websites and pages,” explains Baxter. Moreover, cyber-criminal activities are continually growing. Gartner recently reported that new threats have increased from 30,000 to 50,000 on a single day. As per another research conducted by AVG research labs, on any given day, 8-14 million unique users worldwide are exposed to social engineering scams. As the Internet percolates deeper into our lives, this number will continue to rise. Furthermore, Web 2.0 applications also make an organisation much more vulnerable to a host of risks.

Antivirus and firewalls are the most simple and effective ways to prevent systems from ever-increasing online threats. For partners, this means a continuous string of opportunities. CHARU KHERA

Opportunities

Most experts in the industry advise that antivirus and firewalls are the most simple and effective ways to prevent PCs/laptops from these ever-increasing online threats. As per Wikipedia - an antivirus is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses.

A firewall, on the other hand, is a part of a computer system or network that is designed to block unauthorised access while permitting authorised communications. As Ajay Verma, Director Channels and Alliance, Symantec India, says, “A firewall is designed to provide proactive, enterprise-class network and appli-cation-level protection which enables faster and secure Internet connectivity. It protects the enterprise from both known and unknown attacks, due to its stringent standards-based approach. The solution integrates full appli-cation inspection, application-layer proxies, stateful inspection, and packet filtering into a unique hybrid architecture which protects against complex blended threats and denial of service attacks by default.”

The Indian firewall and antivi-rus market is currently dominated by companies such as Symantec, Kaspersky, AVG, K7 Computing, McAfee, Quick Heal and Trend Micro, among others. These companies are taking active steps to educate users on the necessity of antivirus and firewall.

Market trends Both firewall and antivirus segments account for an ever-increasing portion of the IT spend by enterprises as well as SMBs. The Indian antivirus industry has evolved over years to keep pace with a wide variety of threats, which a PC user faces, on a daily basis, when connected to the Internet. Online users have to fight different kinds of viruses such as Spyware, Trojans and other malicious contents, which can delete as well as damage data, and also lead to the loss of personal and financial (credit card/Internet banking) information.

Most laptops and desktops today come pre-installed with evaluation (90-days) versions of antivirus solu-tions. This means that at the end of the evaluation period, the customer has to either renew the license (using his credit card on the Web) or purchase a new antivirus. As per reports, in India, most customers end-up buying a new antivirus. However, there are many who download antivirus prod-ucts which are available free of cost on the Internet (only for a limited period of time), which normally provides limited protection from various secu-rity threats. However, home PC users (mostly first-timers) lack the knowl-edge and awareness for having a good antivirus solution installed in their PCs/laptops. However, with regular usage and experience, most users realise the need for a good antivirus and end-up purchasing one.

This is also similar in case of firewalls. Every Windows PC comes preloaded (by default) with Windows Firewall option. It provides a basic level of security to online users, but for stricter control, it is always good to adopt a third-party firewall. Organisations should be extra cautious while choosing a firewall as it saves its important data from all kinds of online attacks.

“A firewall is a must-have safeguard for PCs, and most system integrators and vendors believe that firewalls will continue to be an emerging trend among Indian enterprises as well as SMBs. Though the level of threat in India is not as high as it is in the US,

THREATS =


feature


organisations in India (large as well as SMBs) are waking up to various online security concerns,” says Saket Kapur of New Delhi-based Green Vision.

Moreover, traditional firewalls are no longer sufficient protection against the evolved threats of today. As social engineering scams including phishing attacks become more sophisticated, firewalls of today have to keep up and keep threats at bay. “Today users value convenience and do not like a firewall that is obtrusive. Hence, vendors should develop a quieter, unobtrusive firewall that incorporates a new database of trusted sites and applications that allows the firewall to take decisions without users’ inputs,” explains Baxter.

Market challengesIn India, most users generally are not abreast with the growing sophistica-tion of web-threats and thus continue to use age-old and out-dated methods or antivirus trial products. This lack of user awareness and education are the biggest challenges that the industry vendors as well as channel partners are facing today. Besides, with limited knowledge, customers’ expectations from entry-level antivirus as well as firewall products are high, even though it is equipped to meet only the basic requirements.

Price of the software solutions is another issue. Although, lucratively prices are available for home users, the large organisations are charged heav-ily for the solutions.

Moreover, most people – both first time and experienced users -- fail to under-stand the importance of a good antivi-rus as well as firewall. This is the reason why most organisations either take dras-tic steps such as locking the computer access for USB drives/Internet access, or handing over the entire network security to the IT department.

“Antivirus and firewall are our prime focus/vision for the next five years. It is a vastly untapped area. Majority of effective firewalls are out of reach for small enterprises because of the price factor. We are planning to come up with concept-based firewalls, wherein the customer can choose what all features they require for their firewall. The price of these concept based fire-walls would be one fourth the price of imported firewalls,” adds Kapur.

Opportunities for channelSelling antiviruses and implementing firewalls has always been a preferred option for most channel partners considering the growth opportunities that dominate the space. According to industry estimates, the broadband subscriber market in India is expected to increase to 30.1 million by 2013 with a growth rate of 8.9 per cent.

As the PC and Internet penetration continues to grow at a steady pace, channel, system integrators and vendors can avail this opportunity to make the cyber-environment safer for Indian users. “As the Internet market in India continues to grow, vendors should focus on developing technologies and solu-tions; implementing firewall for SMBs and enterprises that will pre-empt the growing sophistication of cyber-crime. However, to reach out to the vast Indian market, these vendors will need a robust channel network, thus providing the community with enormous business growth,” asserts Baxter. He further adds, “Moreover, with an increasing number of users becoming aware of the dangerous threats that lurk in today’s online environment, the demand for effective firewalls will continue to grow. Thus, providing a huge opportunity for vendors and channel partners. AVG is working towards tapping a larger network of resellers in order to meet this growing demand for comprehensive Internet security.”

GROWTH DRIVERSA few research analysts believe that with the evolution of many innovative technologies, antivirus software is dead. However, there is a counter argument that end-point security is evolving as a function of the changing online threat landscape.

The growth in the firewall as well as antivirus market in India is fuelled by the ever-increasing volume and complexity of online threats. Another key driver is the growth in online transactions, especially in segments such as financial services, travel and hospitality. Many international vendors are cashing in on this opportunity by launching their solutions in the Indian market. Among the players that have already made a strong mark have been adopting innovative practices to attract a larger customer base. For instance, Symantec has launched an antivirus solution specifically targeted at gamers. For vendors and partners alike, the next few years will continue to yield ample scope for play.

GARTNER RECENTLY REPORTED THAT NEW THREATS

HAVE INCREASED

FROM

30,000 TO

50,000 ON A SINGLE

DAY

As margins keep shrink-

ing in the hardware segment,

selling and implement-ing antivirus and firewall products and solutions can be a lucrative

option for channels

GOVIND RAMMURTHY,

CEO AND MD, MICROWORLD TECHNOLOGIES

Concurring with him is Govind Rammurthy, CEO and MD of e-Scan who believes that as margins keep shrinking in the hardware segment, selling and implementing antivirus and firewall products and solutions can be a lucrative option for channels.

K7 Computing expects antivirus market to grow at 19-20 percent CAGR with over 16 million home PCs as addressable market segment. “The secu-rity market in India is driven predomi-nantly by assemblers and system integrators. As per reports, Indians are among the top five global online spend-ers. This means they are using credit cards freely on the Web. Moreover, Phishing (fooling users into thinking that they are providing vital information to a legitimate e-mail) and identity theft are unfortunately part of everyday life of an online user. Thus, the security market in India is expected to provide immense opportunity to channel players in the years to come,” said John Devasahayam, Executive Director, K7 Computing.

Stating the channel view, Bharat Bhushan, CEO of Delhi-based RR Systems, which deals in many Internet security software, believes that anti-virus is the need of the hour. “Everyone likes to buy genuine products but most often the price does not allow the customer to avail the facility, therefore he has to move towards the cheap and inauthentic soft-ware. This has provided channel players great opportunities with the threats that invades users’ PCs/laptops,” he says.

The road aheadIndia has an installed base of about 40 million computers and an Internet user base of 45 million people. The trouble is that viruses, trojans and other form of security concerns spread from one computer to another via other ways than network access. This could be via USB drives or through infected CD/DVDs. But new technologies are now emerging to meet all online threats. Most enterprises believe in integrating systems into the firewalls and are domain-specific.

In addition, India has finally woken up to the need for antivirus and fire-wall solutions. Even though the government has issued strict norms for IT frauds and cyber crime, it is for organisations to take appropriate steps to safeguard their own interest. With ease of availability of security software and the varieties available, organisa-tions and users have simpler and better ways for protection. n

[email protected]


firewall & antivirus interview

DCC: DCC: What, according to you, are the key drivers for antivirus as well as firewall solutions market in India?

The Internet threat landscape is getting murkier by the day. While the burgeoning Internet adoption is a good sign, it brings with it a closet full of threats. This is especially true for a country like India, which is increas-ingly becoming the hub to carry out malicious activities

Accordingly to the recently released Internet Security threat report by Symantec, much like the trend glob-ally, India saw a substantial increase in its proportion of malicious activity in almost every category. India had the fifth highest number of broad-band subscribers in the APJ region in 2008 and the third highest volume of malicious activity, with 10 percent of the regional total. The main reason for this is that the security protocols and measures to counter malicious activities are not in place in spite of the rapidly growing Internet infra-structure and burgeoning broadband population.

Another alarming trend for Internet users in India is the online threat land-scape being heavily infested with worms and viruses. All these threats are the key reasons why Indian enterprises are increasingly looking at adopting antivi-rus and firewall solutions.

DCC: Quite often, SMBs do not update their antivirus solutions or prefer to use trial versions. How can vendors and partners address this?

I believe that large enterprises as well as SMBs are today realising that

“INDIAN ENTERPRISES ARE INCREASINGLY LOOKING AT ADOPTING ANTIVIRUS AND FIREWALL SOLUTIONS”

OF MALICIOUS ACTIVITY IN THE APAC REGION

OCCURS IN INDIA

10%

Customers often rely on trial versions without realising

that it would not be able to secure

the system if not

upgraded.”

information is the lifeline to their business from a technology perspec-tive. Symantec, in association with its partners try and educate customers the benefits and ways to protect their critical information, ie, by using vari-ous firewall and antivirus products and solutions.

According to a recent study by AMI Partners, India’s SMBs are boosting investments in Internet-related prod-ucts and services such as antivirus and firewall and these investments are on track to reach $1.26 billion this year, up 35 percent from last year.

Moreover, as more and more SMBs explore and grow their business, backup and restore are their biggest pain points for them. In addition, data availability and secure back-ups are critical for SMBs as they rely on their data to run their business. Thus, most vendors and channel are increasingly partnering and connect-ing with SMB customers.

DCC: Symantec recently conducted a survey on ‘Security in SMBs’, which indicated that though SMBs are aware of various security risks, they are not doing all they can to protect information. How do you plan to address this particular issue?

As per the report’s findings, Indian SMBs are aware of the need to protect their data but fall short in deploying measures to safeguard it. This is due to various reasons, primarily being inad-equate budgets along with ineffective information security management at the operational level. But the scenario seems to be changing as more and

more SMEs conduct business interna-tionally. Global competition will drive them to form symbiotic collaborative relationships and to improve efficien-cies to access wider markets.

DCC: What skill sets should a partner have to install and maintain firewall solution for its customers? How do you ensure adequate training for your partners so that they possess multi-domain capabilities?

Awareness is a key to any challenge. Customers often tend to rely on trial versions of security solutions without realising that the solution would not be able to secure the infrastructure if there are any further upgrades in the system or new threats. Symantec usually offers trial packs of 30 or 60 days and on the expiry of the trial period the security solution becomes ineffective. At Symantec, we believe that our partners should have the following skill sets to install and maintain security solutions for its customers:

Ability to educate customers: Partners should be able to explain the benefits of using the upgraded version of security solutions to customers. They should also be able to establish the fact that a trial version is just created to demonstrate the function-ality of a product and it needs constant upgradation for better functioning.

Deployment of solutions: Partners should have the skill set to deploy solutions for customers and simultane-ously educate them about the possible upgradation for better functionality. n

[email protected]

In an exclusive interaction with Charu Khera, Verma talks about the growth opportunity as well as challenges in the firewall and antivirus space in India.

Ajay Verma, Director, Channels and Alliances, Symantec India

Unified Threat Management


A rapidly changing threat landscape over the past few years has made businesses move on from a piecemeal

approach towards security and look for a consolidated and comprehen-sive security measure instead. Unified security solutions like Unified Threat Management appliances (the term was originally coined by IDC) evolved as a logical way to tackle these increas-ingly complex threat vectors, especially blended ones that point solutions were unable to counter.

Says Seepi j Gupta, Analyst - Software and Services Research, IDC India, “Enterprises are facing threats mainly at three levels - endpoints, networks and from insiders. Also, with the evolution of threats, the number of solutions required to guard the resources of an enterprise at all the three levels have also increased. This has led to consolidation of security offerings and led to the emergence of UTM appliance as a solution to the conundrum [of multiplicity of solu-tions].”

A UTM appliance consolidates features of individual security tools, such as firewall, antivirus, antimal-ware, content filtering, intrusion

detection and prevention functions, etc, in a single rack mountable network appliance and thereby brings down the cost of buying point solutions. The cost-performance ratio works well for SMBs and branch office operations of

As businesses find themselves aching with multiple point solutions for security, UTM comes to the rescue as a single-box painkiller SOMA TAH

THE 360 DEGREE APPROACH TO SECURITY

large organizations.

Growth across the spectrum Organizations these days require the highest level of gateway security because of an increasing usage of the

feature


E-business and e-commerce Regulatory compliance (CIPA, HIPAA,

SOX, PCI DSS, etc) Convergence of system and network

management Workforce is becoming more mobile

as a result of corporate travel, which means more flexible work arrangements and thus an increase in end points

Threats are migrating to newer technologies such as VoIP and instant messaging

Focus shifting from “data in motion” to “data at rest”

Drive towards reducing human interventions

Vendors diversifying and extending products for different segments

DRIVERS OF GROWTH

UTM vendors are trying

to add new features

like content filtering,

on-appliance SSL VPN,

bandwidth management and data loss prevention.

With rising performance

and load balancing

capabilities, UTMs

are being embraced

not only by SMBs but by large

enterprises as well.

ACCORDING TO IDC,

THE UTM APPLIANCE

MARKET IN INDIA IS SLATED TO

CROSS $100 MILLION BY

2012.

internet, hosted applications, Web 2.0 tools, and remote access. “While a user would use the internet for legitimate business applications, such as Sales Force Automation, CRM, Web confer-encing, VOIP and HR applications, the same user may also be accessing P2P, Instant Messaging, Web mail and vari-ous social networking applications,” points out Mayur Trivedi, Regional Manager – Channel Sales, GajShield InfoTech (I) Pvt Ltd.

Traditionally, UTMs used to be considered as a one-stop-shop offer-ing for network security, typically for SMBs, which are exposed to similar kinds of threats as enterprises but who cannot afford to invest much on dedicated solutions. With its cost effi-ciencies and ease of manageability, UTM fits the requirements of SMBs very well.

“Standalone appliances were the choice of many customers mainly due to the mindset that ‘all in one’ approach essentially provides a single point of failures. The Large enterprise segment with a high-performance and high-capacity requirement may ideally go for a software option that can be installed on their choice of hardware,” says Bhaskar Bakthavatsalu, Regional Director, India & SAARC, Check Point Software Technologies Ltd.

But with rising performance and load balancing capabilities of UTMs through multi-core architecture, large enterprises have also started deploying UTMs in place of individual security solutions.

“Even if some enterprises are hesi-

tant to put all of their security eggs in one basket, so to speak, consolidating just two or three functions can gain measurable benefits in both capital and operational savings,” says Vishak Raman, Regional Director-India & SAARC, Fortinet.

Factors driving UTM uptake UTM is witnessing a growing appeal among businesses across all sectors, mainly due to reduced total cost of ownership (TCO) as well as lower administrative burden of managing and upgrading legacy or outdated point security solutions.

The economic downturn has also conditioned enterprises to be more conservative about investment in new solutions or infrastructure. “The value proposition offered by the UTM plat-forms has become more pronounced in the current economic climate,” says Bakthavatsalu.

Compliance is probably the most important factor driving UTM uptake in the education, healthcare, BFSI, retail, IT and ITES sectors, as the device helps address the specific regulatory mandates. Among the other factors are the increased usage of convergent technologies as well as remote and Wi-Fi access among enterprises.

Opportunities for partnersMarket analysts predict strong growth for UTMs, especially in the SMB segment. According to IDC, the UTM appliance market in India is slated to cross $100 million by 2012, which will generate fresh business opportu-nities for solution providers.

Sanchit Vir Gogia, Senior Analyst, Springboard Research, says, “The success of selling UTM appliances largely hinges on how effectively the reseller can act as a consultant and help the enter-prise see value and real-time application to its IT environment.”

Demand for UTM solutions has also been sharply increasing from tier-two and tier-three cities, which have a large proportion of SMBs and SOHOs. Both these segments are largely served by channel partners, and that’s why vendors have been actively recruiting and training partners in these cities.

Outsourcing security to a trusted partner has also become a viable option for businesses, creating an enormous opportunity for managed security service providers (MSSPs).

Lack of high-end security skills among smaller solution providers is

also driving growth for UTMs, which are much easier to handle. Says Rishi Samadhia, Executive Director– Channel, ZyXEL Technologies India, says, “Since delivering security solu-tions for specific consumer require-ments is a bit complicated and most of the SIs working in the lower segments of the market do not have enough trained manpower to successfully implement them, they look to imple-ment smart and manageable solutions like UTMs.”

New breed of UTMGoing beyond traditional security features, UTM vendors are now trying to add features like content filtering, on-appliance SSL VPN, bandwidth management and data loss prevention, which will make the solution more comprehensive and effective in an evolving threat scenario. An increas-ing demand for virtualized UTM solu-tions is also expected down the line.

Another trend is identity-based devices. According to Tushar Sighat, VP-Operations, Cyberoam (India), “With the individual user being the weakest link in enterprise security, identifying the user and gaining visi-bility into their online activities has become a critical concern.”

Nevertheless, despite making a major breakthrough in the SMB market, UTM does have its failings. Nitin Nistane, COO, Infospectrum India, says, “There are so many things already packed into one box, it often becomes a single point of failure. Therefore, the solution needs to be highly available and have a failover strategy as well as load balancing features in case of any breakdown. This is probably when things start going wrong. First, such a highly available solution is not available with all the vendors. Second, even if the vendor provides these features, it becomes increasingly complex to deploy. Third, integrating these features can be very expensive for an additional cost of subscriptions levied for the same set of software used in the standby box.”

Some of these concerns are begin-ning to be addressed by vendors in new products. It may take another one or two years before large enterprises deploy these devices on a bigger scale than they are doing now. Meanwhile, as far as the SMBs are concerned, UTMs continue to be hot as ever. n

[email protected]: IDC

unified threat management

DIGIT CHANNEL CONNECT 34 NOVEMBER 2009DECEMBER 2009

DCC: What do you think are the major challenges facing the network security market and how effective is the UTM solution in addressing them vis-à-vis standalone security solutions?

The continuing growth of networks and the constantly evolving Web threat landscape creates challenges for companies to stay up-to-date on every method and mode of protection. Separate security systems means differ-ent management consoles to config-ure each system. It can be very time consuming to make sure the different security policies on different systems work together and provide adequate protection. Also, the log informa-tion from each system will be stored in different formats in different loca-tions, making detection and analysis of security events difficult. On the other hand, UTM gives system and network administrators the ability to configure and deploy network countermeasures from one centralized interface, thereby reducing the time needed to respond effectively to new threats from hours to minutes.

DCC: What are the drivers of UTM adoption in India?

India is one of the biggest security markets in Asia. Manufacturing, government and service providers are the key adopters of UTM. Rise in prevailing Internet threats along with a growth in organizations using Internet-based business model, growth of the mobile workforce, w i d e n i n g ge og rap h i c a l r e a c h ,

“UTM SOLUTIONS LOWER COSTS AND MAKE IT EASY TO BUILD COHERENT SECURITY POLICIES”

As server and desktop

virtualization continues to proliferate,

we will need better

security tools for role-based access

control, virtual server

identity management,

virtual network

security, and reporting/auditing.”

increasing demand for s i m p l e s o l u t i o n s a r e

some of the key drivers in this space.

DCC: Why have UTMs not been able to make much of a dent beyond SMBs and branch offices of big enterprises?

UTM, with its cost ef ficiencies, comprehensive security against blended threats and ease of manage-ability, has emerged as the solution of choice for SMBs. Small organizations are increasingly deploying it as gate-way security solutions and are show-ing keen interest in the UTM concept of all-in-one security. At the other end, with rising performance capabilities of UTMs through the efficient use of multi-core processors, large enter-prises are deploying UTMs in place of individual security solutions for their easy manageability, cost-effectiveness and efficiency. However, increasing awareness on security among Indian SMBs is also a key driver for the rising popularity of UTM.

DCC: Is UTM still considered a reactive security measure or is it becoming a part of proactive security strategy?

Yes, the changing mindset of customers towards security solutions from a need fulfillment to a strategic move plays a major role in this. Businesses need to map laws and regulat ions to communicat ion technology in order to comply with various industry standards and this has been one of the primary drivers behind the acceptance and implementation of UTM technology by the government, public and private

organizations. A UTM solution makes it easy to build coherent security policies, simplifies administration tasks such as log file management, auditing, and compliance reporting, and lowers operational costs.

DCC: What kind of opportunities lie ahead for the partners?

Vendor s are coming up with advanced UTM appliances to meet the needs of enterprises and data centers, providing high level of security that has high performance, high through-put and low latency. There has been a major shift in the mindset of orga-nizations: with budget restraints and other financial priorities, many busi-nesses that were reluctant to replace their legacy network-security products are now ready to adopt better solutions like UTMs.

DCC: What are the new trends emerging in the UTM space?

First is the virtualization of security. As server and desktop virtualization continues to proliferate, we will need better security tools for things like role-based access control, virtual server identity management, virtual network security, and reporting/auditing. Virtualized UTM (vUTM) delivers the features of a fully integrated multi-threat security device in the network “cloud”, enabling tremendous savings in recurring operational costs related to equipment maintenance as well as reducing admin complexities. Second is the emergence of managed security solution providers in this space. n

[email protected]

The Indian market is seeing an increasing uptake of UTM solutions in small and medium organizations. Shubhomoy Biswas talks to Soma Tah about the existing and new business opportunities for partners from the latest innovations in this space.

Shubhomoy Biswas, Country Director – India, SonicWall

guest expression


The growing popularity of plastic over cash for online as well as of f l ine trans-actions has led to enor-

mous volumes of confidential data traversing payment networks. A typical retailer, for example, gener-ates hundreds of thousands of log messages per day amounting to many terabytes a year.

From consumers’ point of view, the sophistication of cyber criminals digging into their credit card information is gener-ating a lot of fear. It is no more about steal-ing passwords, but criminals are studying the consumer spending behavior and psychology to catch hold of information for a fraud attack.

In India alone, banks across the country reported a loss of over Rs 42 crore to online banking and credit card frauds during April-December 2008 with the maximum amount being fraudulently withdrawn using credit cards, according to a report in The Times of India. Apparently, merchants are shelling out huge sums of money for fraud management, besides cough-ing up money for repair work after a data breach has happened. With such huge stakes involved, a standard that regulates processes and procedures in organizations holding cardholder data is a necessity for the security of sensitive information they have.

PCI DSS Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) aims to give cardholders the assurance that their

card details are safe and secure when their debit or credit card is offered at the point of sale, whether it’s over the Internet, on the phone or through mail order. The Compliance applies to any company that processes, stores or transmits credit card data and conse-quently affects merchants, hospitality industry as well as banks, bureaux and service providers.

Measures for ComplianceThe PCI Data Security Standard consists of twelve basic requirements – sometimes referred to as the “Digital Dozen” – segregated into 6 groups.

PCI DSS Compliance requires that merchants and other service provid-ers holding the cardholder data must build and maintain a secure network through use of a firewall and by changing vendor-supplied default passwords and other security parameters; protect cardholder data by protecting the stored cardholder data and encrypting data in trans-mission; maintain a vulnerability management program through use and regular updation of the anti-virus software and developing and maintaining secure systems and applications; implement strong access control measures by restricting access to cardholder data on need-to-know basis, assigning a unique ID to each internal user and restricting physical access to data; regularly monitor and test networks by monitoring all access to network resources and cardholder data and regularly testing security

systems and processes; and maintain an information security policy.

Compliance RequirementsBuild and Maintain a Secure Network: Install and maintain a firewall to protect cardholder data; Do not use vendor-supplied defaults for system passwords.

Protect Cardholder Data: Protect stored cardholder data; Encrypt trans-mission of cardholder data across open, public networks.

Maintain a Vulnerability Management Program: Use and update anti-virus; Develop and maintain secure systems and applications.

Implement Strong Access Control Measures: Restrict access to card-holder data by business need-to-know; Assign a unique ID to each person with computer access; Restrict physical access to cardholder data.

Regularly Monitor and Test Networks: Monitor a l l access to network resources and cardholder data; Regularly test security systems and processes.

Maintain an Information Security Po l i cy : M a i n t a i n a p o l i cy t h at addresses information security.

PCI DSS Acceptance in IndiaThe global credit card brand Visa

has set two deadlines for businesses in the APAC region for comply-ing with PCI DSS requirements – the September 30, 2009, deadline mandates that merchants, retailers and service providers cannot retain any credit card data like PIN, CVV data and more; the September 30, 2010, deadline mandates merchants and retailers to demonstrate full PCI DSS compliance. This is applicable for big as well as small businesses.

There is an immediate need to spread awareness and benefits of PCI DSS among organizations in India and also facilitate them to protect cardholders’ data to remain compli-ant with PCI DSS. Identity-based threat management appliances enable organizations to protect sensi-tive cardholder data in storage or in transmission through their identity-based security features. These solu-tions facilitate PCI DSS compliance by keeping organizations up-to-date and help them maintain their information security policies. n

Abhilash Sonwane is VP of Product Management, Cyberoam, a division of

Elitecore Technologies.

The need to comply with Payment Card Industry’s Data Security Standard is growing every day ABHILASH SONWANE

A standard that regulates processes and procedures in organizations

holding cardholder data is a necessity.

BANKS ACROSS INDIA REPORTED A

LOSS OF OVER RS 42 CRORE TO ONLINE BANKING

AND CREDIT CARD FRAUDS

DURING APRIL-

DECEMBER 2008.

ABHILASH SONWANE

PCI DSS :

SERIOUSTIME TO GET

white paper


This white paper provides information about content security, why it’s needed and recommends features that efficient content security software must possess

A PRIMERcache information stored in the user’s computer and collect all your valuable bank account information including IPIN passwords.

LEGAL ISSUESWhen employees visit malicious websites to access obscene content or post hate mails, they are committing a legal offense. The company in ques-tion is liable for legal action. Employees using the Internet at their workplace must remember that: n If an employee downloads objection-able materials and shows it to another employee (maybe a female colleague), the company could be liable for sexual harassment damagesn IT managers face prosecution if their corporate networks are used to carry illegal material from the Internet. The law for online transport of information is the same as offline. (Computer Weekly)n E-mails are acceptable as evidence in courts. n Copyright infringement is a major threat of accessing malicious or insecure website. It can happen willfully or unintentionally. An employee can download and use a software program, a graphic image or a proprietary document unaware of its copyright and can in turn be committing a crime. Copyrights are extendable to the Web media too.

33% employees surf with no specific objective; men are twice as likely to do this as women (www.emarketer.com)

70% malicious website hits occur between the hours of 9am and 5pm, during office hours (Businessweek.com)

30% to 40% of employees’ Internet activity is not business related and costs employers millions of dollars in lost productivity (IDC research)

Men are 20 times more likely than women to view and download obscene content (www.emarketer.com)

1 in 5 men and 1 in 8 women admitted to using their work computers to access malicious content online (MSNBC)

Some statistics on Internet abuse:

CONTENT SECURITY:

Content Security refers to monitoring Internet access and e-mail activity in a person’s network. It broadly involves setting security policies that govern Internet use in your home or

organization. A system administrator or parent can set guidelines for productive and safe use of the Internet in this case. It also involves control over e-mails and attachments sent or received by the employees or children respectively..

IMPACT OF INTERNET MISUSEThe impact of the misuse of the Internet would lead to productivity loss as the employees would indulge in checking personal emails, download-ing movies and music for personal use and also

accessing malicious websites. Also, the primary concern these days is usage of networking sites and instant messaging devices which are free to download and use. Usage of these websites in turn leads to bandwidth loss and hence slows down the usage of Internet. Another concern is that using certain websites leads to insecure connection.

Internet access is double sided. When you open a website, it also has access to your PC. If your network does not have the requisite secu-rity, then it falls prey to viruses, Trojans, hack-ing, theft of confidential data, etc.

For example: When a user accesses his bank account, in the absence of content security software, a computer hacker can gain access to


white paper


WHAT A CONTENT SECURITY SOFTWARE SHOULD HAVEA content security software should broadly address the following issues: n Control access to websites n Protect private informationn Provide endpoint security n Control e-mail activity n Block spammer’s e-mail ID and issue warnings and notifications If your organization is large, then you need to assign uniform global security policies that govern all the machines.

CONTROL ACCESS TO WEBSITESThe software should allow one to selec-tively block and allow websites on the network. The following issues need to be addressed: Restricted words: Software should allow you to specify restricted words and phrases which are obscene and add them to the restricted words list. Access to any URL or page that has these words should automatically be blocked. List of banned sites: Software should allow you to add URLs of sites that you want banned in your organisation. Access to these sites is immediately blocked. Some adult-content sites like www.hustler.com or www.playboy.com do not change their names. Such known sites need to be blocked outright. Banned IP: Websites can be accessed by entering the IP (Internet Protocol) number. The software should be able to translate the IP number to its site name and block access if it contains restricted words or is on the banned list. Filter Category: The software should allow one to create category of filters for block and allow site. Sites related to the category can be listed there. It should be possible to add or remove sites from block and allow category with a click. Advanced Content Matching Options: The software should allow one to set advanced content matching options that search for restricted words in different parts of the web page, set number of times a restricted word occurs in a page before it is blocked, allow to block page elements like images, applications, movie files, etc. Content Matching: After a list of restricted words is made, the software should automatically, search for such words in the accessed site. Words occurring in the following areas of the web page should be detected and denied access to - Site Name, HTML Tags, Page Title, Page text or body and Page description and keywords

USB Control: The software should block running /execution of any applications (programs) on the system via a USB Controlled device. This controls the execution of viruses / malware spreading through a USB device. With endpoint security, you can: n Identify all executable files and devices, collect profiles and organize into pre-defined file groups. n Assign permissions for applications to run based on executable, user, or user group attributes. Use an application white list approach to ensure that only authorized and legal applications can run on a computer. n Monitor the effectiveness of endpoint security policies in real time and identify potential threats by logging all application execution attempts and recording all policy changes and admin-istrator activities.

CONTROL EMAILE-mails have become one of the prime sources for Internet abuse. Offensive mails, which include unsolicited junk mail, called spam, can be sent and received from your network. The content security software should have the ‘restricted phrase checking’ feature for spam. Spam mails often have entic-ing subject lines and alluring words like ‘deal of a lifetime’, ‘free your debts’, etc. The words may occur in the body, header, and HTML tags of the e-mail, and the security software should be able to detect them. The software should have a block list of such words and phrases. Any mail with the words as the subject should be automatically deleted or quarantined. You should also be able to add or delete words and phrases to the block list.

Block Spammer Software with the following features effectively combats spam. n Add e-mail ID of known spammer to the block list. Any mails received from an ID included in the list are auto-matically deleted, without being down-loaded into your server. n If required, the software should remove an e-mail ID from the block list and allow mails from it. n Software should allow a notification to be sent to the intended recipient and system admin. The notification should provide details of whom the mail came from and who it is for, subject, reason why the mail was deleted, etc. n

Courtesy: Micro World Technologies

The content security software

should allow you to add

URLs of sites that you want banned in your

organisation

For safe net surfing,

organizations like RSCAi,

ICRA, SafeSurf, etc, rate sites based on the

use of obscene language

MALICIOUS WEBSITE

HITS OCCUR BETWEEN

THE HOURS OF 9AM AND 5PM, DURING

OFFICE HOURS

Threshold Level Setting Bar: Obscene words can be found in legitimate sites. Hence it becomes an issue in differentiating a malicious website from a secure website. In a website, if any three words from the list appear as a combination, more times than the threshold value, the site is blocked. The Threshold level bar allows one to set the threshold value number. Block Options: The software should allow you to choose options for blocking a website on the basis of images, applications (for instance, executable files), audio files and videos. Active X Control Blocking: Some web sites embed objects like applets and scripts in your browser when you access their Web pages. The software should allow you to bar this action.Safe Net Use Rating: For safe net surfing, organizations like RSCAi, ICRA, SafeSurf, etc, rate sites based on the use of obscene language.

PROTECT PRIVACY INFORMATIONThe software should prevent private and confidential data being stolen from browsers, cache, cookies, Internet history, files and folders. It should act as a browser cleanup to clear all the unwanted files created on the system when browsing the Web as well as files created by other installed software.

PROVIDE ENDPOINT SECURITYThe content security software should prevent data thefts and virus infections through USB based portable storage devices such as flash drives, portable hard disks, etc. It should provide both application control and USB control which allows one to block or permit applications on the networks and personal systems. Suspicious files and applications can be detected.

The security software should stop endpoints from becoming a door-way for security threats to enter and sensitive data to escape. Application c o n t r o l , wh i c h i s t h e p r i m a r y component of an endpoint protec-tion solution, allows only authorized applications to run, so the endpoints are fully protected from malware and unknown threats. Application Control: The software should block computer games, Instant Messengers, Music & Video Player, P2P applications which are listed under blocked executables as well as lists defined by user.

white paper


humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

FAST FLUX BOTNETS INCREASE Fast flux is a technique used by

some botnets, such as the Storm botnet, to hide phishing and mali-cious Web sites behind an ever-chang-ing network of compromised hosts acting as proxies. Using a combi-nation of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection, it makes it dif ficult to trace the botnets’ original geo-loca-tion. As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique being used to carry out attacks.

URL SHORTENING SERVICES BECOME THE PHISHER’S BEST FRIEND

Because users often have no idea where a shortened URL is actually send-ing them, phishers are able to disguise links that the average security conscious user might think twice about clicking

Don’t be surprised if you find the old rogue programs still at work in the year ahead. But do prepare yourselves and your customers to tackle the threats.

Security TrendsTO WATCH IN

2010T

he domain of security just keeps on getting broader and broader, what with increasing sophistication of threats, growing mobility and rising popularity of tools such as instant messaging and

social networking. A few key trends to watch:

ANTIVIRUS IS NOT ENOUGHWith the rise of polymorphic threats and the

explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioural capabilities, are not enough to protect against today’s threats. We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analysing malware. Instead, approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2010.

SOCIAL ENGINEERING ATTACKS More and more, attackers are going directly

after the end user and attempting to trick them into downloading malware or divulging sensi-tive information under the auspice that they are doing something perfectly innocent. Social engi-neering’s popularity is at least in part spurred by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine. Social engineering is already one of the primary attack vectors being used today, and Symantec estimates that the number of attempted attacks

using social engineering techniques is sure to increase in 2010.

ROGUE SECURITY SOFTWARE In 2010, expect to see the propagators of rogue

security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party anti-virus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.

SOCIAL NETWORKING With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure.

WINDOWS 7 WILL GET ATTACKEDMicrosoft has already released the first security

patches for the new operating system. As long as


white paper


on. Symantec is already seeing a trend toward using this tactic to distribute misleading applications and we expect much more to come.

MAC AND MOBILE MALWAREThe number of attacks designed to

exploit a certain OS or platform is directly related to that platform’s market share, as malware authors are out to make money and always want the biggest bang for their buck. In 2009, we saw Macs and smartphones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX.Iservice Trojan targeting Mac users. As Mac and smartphones continue to increase in popularity in 2010, more attackers will target them.

SPAMMERS BREAKING THE RULESAs the economy continues to suffer

and more people seek to take advan-tage of the loose restrictions of the CAN SPAM Act [the Act applies in the US; in India the situation could be worse for

lack of stringent legal framework], we’ll see more organizations selling unau-thorized e-mail address lists and more less-than-legitimate marketers spam-ming those lists.

SPAM VOLUMES TO FLUCTUATE Since 2007, spam has increased on

average by 15 percent. While this growth in spam e-mail may not be sustainable in the long term, it is clear that spammers are not yet willing to give up as long an economic motive is present. Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software, the intervention of responsible ISPs and government agencies across the globe.

SPECIALIZED MALWARE Highly specialized malware was

uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of

malware targeting electronic voting systems.

CAPTCHA TECHNOLOGY TO IMPROVEThis will prompt more businesses in

emerging economies to offer real people employed to manually generate accounts on legitimate Web sites, especially those supporting user-generated content, for spamming purposes. Symantec esti-mates that the individuals will be paid less than 10 percent of the cost to the spammers, with the account-farmers charging $30-40 per 1,000 accounts.

INSTANT MESSAGING SPAMAs cybercriminals exploit new ways to

bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legiti-mate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL.

Courtesy: Symantec

In 2010, Symantec

predicts that overall,

one in 12 hyperlinks

will be linked to a domain

known to be used for

hosting malware.

SINCE THE YEAR

2007, SPAM VOLUME HAS

INCREASED ON AVERAGE BY

15%

guest expression


costs, lower electricity usage and bills, increase the protection layer by imple-menting near real-time signature and reputation updates, and eliminate the management of devices on site. A typi-cal UTM device will see a significant performance hit when implementing an effective anti-virus, anti-malware, or intrusion prevention profile. These resource intensive processes are great examples of technologies that could leverage what really become an infinite amount of horsepower at a datacenter. One of the most common configurations we are seeing in this type of environment (called a hybrid solution) is to run the firewall and intrusion prevention system locally with the on-premise device, while running anti-virus, anti-malware, and Web filtering in the cloud.

In addition to being able to utilize an infinite amount of headroom to do the heavy processing of anti-malware and such, other benefits come into play when the UTM manufactures begin to tightly integrate the configuration of the cloud services with the UTM appliance itself. One should be able to go to one loca-tion and configure the entire protection scheme seamlessly.

There are definitely hurdles to over-come. A common theme with some administrators and businesses is that the idea of redirecting all of the company’s data through a transparent proxy to a cloud service is a bit daunt-ing. Are there any security holes to concern themselves with when rout-ing every bit and byte to one location not entirely under their control?

While an interesting and appealing idea to many organizations, thus far, this author has seen really what I will refer to as ‘emerging enterprises’ begin to pick up on these difficulties and solu-tions. These are organizations again, that have seen the complexities of what they are trying to fight and are willing to dive into what could very well be the next generation of UTM deployments. Generally smaller in size, they recognize the need for the most comprehensive protection, with the least amount of maintenance. And when a datacenter is taking care of the technologies that need to be monitored and updated more often than others, they see immediate benefits. While today’s UTM offerings are very effective in what they do, I’m glad to see alternatives come alive with some of the lesser known issues that arise out of all-in-one devices. n

Dave Bull is Product Marketing Manager - UTM Firewall, McAfee.

A unified threat management device may seem like a one-box-does-all solution but there are performance issues to consider.

TheUTM

Unified Threat Management (UTM) is a very vague and meaningless term to most. Unless, of course, you are a small to medium sized

enterprise that has been looking into the best way to protect your network – take the next step beyond just a fire-wall and have a holistic approach to protecting your perimeter, your email servers, your endpoints and everything in between. For a term that is a bit nebu-lous to many, UTM represents a market space that is growing by more than 20 percent according to many information technology industry analysts.

Many organizations that are recog-nizing how complex the online threats are today are also recognizing that they may have holes in their network security deployments. If you are relying exclu-sively on a firewall to protect your orga-nization, there are other technologies available via a UTM appliance that can significantly reduce the risk associated to being in a world that relies on connectiv-ity. Some of the additional technologies include intrusion prevention systems, anti-malware engines, anti-virus gate-ways, access control systems like URL filtering engines, and even global repu-tation systems.

Unified threat management appli-ances can do a great job filling the gaps in a security platform by leveraging one or more of these technologies. There is a problem though that many don’t neces-sarily see up front. To put it simply, these devices can easily be overloaded. Here

is a simple analogy. I’ll use my friend’s souped up SUV as an example. What a great vehicle. It can drive 180 kilome-ters per hour, tow 5,000 kg, and even climb some of the roughest terrain you have ever seen – without tipping over, but there is no possible way it can do all of these feats at the same time. This same issue applies to most of today’s UTM appliances – at least on the lower end devices. A significant amount of processing power and resources are needed to be able to do a good job of many of the UTM features that are avail-able. A UTM device is great at being used as a firewall, a VPN device, load balanc-ing, and maybe a few or so more of the hundreds of features packed into these appliances. The result of recognizing this is that you will need to either priori-tize your security concerns, or purchase an appliance with enough actual ‘UTM’ throughput to handle your environment, and if you have to purchase such a large appliance to meet your needs, one may begin to wonder if the cost savings and simplicity goals associated to purchasing a UTM is overtaken by the need for such powerful hardware appliances. Typically the answer is still yes, but consideration should be taken, especially for those within growing organizations.

Cloud to the rescueTo alleviate the load on UTM devices you will see some of the leading UTM vendors begin to leverage cloud services. Software-as-a-service (SaaS) has the potential to lower hardware

YOU MAY NEED TO EITHER

PRIORITIZE YOUR

SECURITY CONCERNS,

OR PURCHASE AN APPLIANCE WITH ENOUGH ACTUAL ‘UTM’ THROUGHPUT TO HANDLE

YOUR ENVIRON-

MENT

To alleviate the load on UTM devices,

some vendors

have begun to leverage

cloud servicesDAVE BULL

LANDSCAPE

digit channel connect - special issue (nov.'09)

Documents