Cybercriminals in the Cloud

Charlotte Dunlap,Forbes.com

Posted: 17 May 2009 2049 hrs

Security breaches continue to plague organizations, causing CIOs to question whether their traditional network security solutions are adequate for protecting against increasingly sophisticated cybercriminals.

Recently, it was reported that foreign hackers broke into the Pentagon's $300 billion fighter plane weapons program, a security breach apparently achieved through contractors' computers. The news is particularly disheartening to CIOs, because if the federal government--with all of its brain power and billions in funds--is still grappling with keeping its data secure, how can organizations and enterprises expect to avoid Internet threats and costly data breaches?

In a bit of serendipitous timing, security vendors discussed a new type of threat protection as they gathered at the annual RSA security conference in San Francisco last month. The much-discussed methodology included "in-the-cloud'' security intelligence, as it borrows from reputation services--an effective security technique that has primarily been used to verify sender data in e-mails. Specifically, CIOs will begin to see a major trend this year whereby infrastructure companies integrate reputation services with traditional networking devices such as Intrusion Prevention Systems (IPS) and firewalls.

In Pictures: Cyber Attack Hot Spots

In Pictures: Gadgets For Stopping Identity Theft

In Pictures: Eight Ways To Hack The Web

In Depth: How To Stop Cyber-Bullying

In Pictures: Hollywood's Most Powerful Superheroes

Reputation services can check, score and block IP addresses. These services have proved themselves to be critical to e-mail security and Web security solutions because they can block as much as 90% of bad traffic at an organization's gateway, alleviating the burden of filtering unwanted communications.

The point is that cybercrime and malware have become so advanced and relentless that trying to maintain a database with hundreds of thousands of signatures will no longer cut it in keeping companies up on the latest threats. Reputation services, on the other hand, dynamically use behavioral techniques in-the-cloud to weed out suspicious IP locations and behaviors.

So in the same way reputation services have significantly shored up secure messaging security by blocking bad IP addresses at the gateway, the intelligence services can also eliminate the need for IPS and firewalls to scan and inspect Internet-based content on the network. The services can intelligently block unwanted data in real-time in the cloud before it even approaches customers' networks.

Cisco is the first vendor to announce this type of "Global Correlation,'' which links its reputation services with security offerings, including its IPS and firewall products. Other major network security players will follow suit, probably even by this year. Cisco is offering a hybrid approach to its traditional IPS, which sits on the customer premise, but is now able to tap the intelligence of Cisco's Security Intelligence Operations to check for the latest Internet threats. (Cisco acquired e-mail security leader IronPort two years ago, primarily for its reputation service.)

Other IPS leaders expected to follow similar strategies include TippingPoint, McAfee, IBM ISS, Check Point and Sourcefire. Unified Threat Management (UTM) providers, including Fortinet, WatchGuard, SonicWall and Netgear, whose solutions include intrusion prevention, are also able to tap cloud-based reputation services to improve security.

So here's what CIOs need to keep in mind: Who's providing your IDS/IPS, UTM and firewall technology? Does the vendor have a strategy for integrating reputation services into its solutions? Better yet, does the vendor have access to a solid reputation service? These are questions to ask current or prospective technology partners, and as part of your homework, read up on how reputation services, including SenderBase (IronPort/Cisco), TrustedSource (Secure Computing, now McAfee), Trend Micro Network Reputation Services and the Commtouch Reputation Service, have improved e-mail security and Web security dramatically.

(Charlotte Dunlap is vice president of Research at Synergy Research Group. Her expertise is in network security and threat protection. )

From ChannelNewsAsia.com; see the source article here.