Besieged and busy

[InfoSec News <isn () C4I ORG>]

http://www.ljworld.com/section/livinglead/story/39508

By Carlene Hempel, Raleigh News & Observer
Monday, January 15, 2001

Worried about hackers, companies flock to computer security firms to
lock out dangers.

If it's not a group of tech-savvy malcontents cracking into Internet
powerhouses like Amazon and eBay, it's a smart-aleck Filipino kid
scripting an e-mail virus, just because he can.

Or it's something worse.

The World Wide Web has been assigned the nickname Wild Wild West for
good reason: The air of lawlessness that pervades it. And though the
number of computer crime busters seems to be growing, the market is
begging for more.

"It's just a booming market. But what was that old Virginia Slims
commercial? 'You ain't seen nothing yet,'"says Randall Bennett,
president of Secure Enterprise Computing in Durham, N.C.

His client list has quadrupled between this year and last, and his
staff has grown from three to 17.

"Our phones are ringing off the hook," says Tom Kucmierz of GFI, a
computer security software company based in Europe with North American
sales office headquarters in Cary, N.C.

"Who's calling? It's any company that has a connection to the
Internet, small to huge, anybody. We have a lot of Air Force bases
calling in, a lot of high schools, colleges, Fortune 500 companies
right down to the small mom-and-pop shops. They're all getting
hammered."

What security companies once considered their target market industries
such as banking, telecommunications, aerospace and defense has grown
into a marketplace bustling with anyone who has a commercial stake in
the Internet.

Their clients have a variety of complaints But most complaints involve
fears of trade secret theft by corporate competitors, employee fraud
and international espionage. And these fears are not groundless.

In March, the Gartner Group issued a report that said by 2003, 50
percent of all small to mid-sized businesses connected to the Internet
and managing their own security systems will experience a
computer-based attack.

The Computer Security Institute, in partnership with the Federal
Bureau of Investigation, said in a report issued this month that 70
percent of large corporations reported some form of cyber attack in
the past year, almost double the number reporting attacks just two
years ago. Total cost in damages for 1999: $265,589,940.

"The findings of the 2000 Computer Crime and Security Survey confirm
that the threat from computer crime and other information security
breaches continues unabated and that the financial toll is mounting,"
the report warned.

Mounting, but not ignored.

"A company like ours, we can't even breathe right now," says Bennett.
"We're so busy, and next year is supposed to be even busier."

Crime-ridden neighborhood

The banks, the biotech and all the research and development going on
in the Research Triangle Park area of North Carolina make it a hotbed
for attempted computer attacks.

The FBI saw enough of a threat to North Carolina that it established
one of its first eight computer crime labs in the state last year.

And the bad news is, business is booming.

"We've had a 300 percent increase in our case load in the last four
months," says special agent Chris Swecker, who heads North Carolina's
computer crime unit. There are eight agents working for him, two in
Raleigh. He's hiring two more for the Triangle because, he says, it's
the hottest zone in the state.

"Six months ago, we were working a lot of low-level computer
vandalism. Now we're involved in cases where there are multi-million
intrusions and damages," Swecker says. "A good percentage of our
caseload centers around a lot of the high-tech companies."

The problem he and his crew still face, though, is that companies
continue to keep attacks quiet, and the FBI has trouble identifying
trends or computer crime rings when they don't have all the facts.

Which is precisely the trouble, says Bart Bielawski, chief executive
officer of the 4-year-old security company Celotek. Companies don't
want outsiders to know there are holes in the system.

"We are very vulnerable," he says. "It's costing us a lot of money.
And I know most organizations underreport by far what's happening to
them for a very obvious reason. They don't want to be seen as
vulnerable. How will you feel about your bank if it's caught with its
you-know-what around its ankles?"

Adapting to the situation

Not all the current group of network security companies emerged with
the new e-business model. Many have simply adapted the mainframe
security work that they used to do for large companies such as IBM and
Digital Equipment Company. What's happened, though, is that their
clients are no longer restricted to the big boys. Thus, there are many
more of them.

"The large companies have, for years, been seeking help," Bennett
says. "But now the middle market companies are saying, 'This is too
much. Our IS (information services) staff is overworked and we have to
go outside and find professionals who understand this.'"

That is exactly the strategy the Gartner Group recommends.

"An issue for small and mid-size enterprises is that they usually
cannot afford, or do not attract, experienced security personnel,"
analyst Jeff Pescatore writes in the report.

And that makes them most in peril.

"Most of these companies are flying by the skin of their teeth," says
Kucmierz. "I go into see their IT departments, and they're just
running around, just trying to keep the people's computers up, never
mind worrying about security."

Firewalls, fiber bumps

Of course, not every answer has to be a prohibitively expensive one.

There are numerous companies that install firewalls, which is a system
that stands between a company's local area network, or LAN, and the
Internet. The firewall can prevent someone on the outside from
accessing the internal network, and in turn can prevent people on the
inside from getting out.

Firewalls can be programmed to chart how much time employees are
spending online, where they're going and whether they are doing their
surfing during work hours.

And they can detect when an employee is up to something fishy.

GFI doesn't install firewalls, but has two security software products.
Mail Essentials is a filter that blocks e-mail viruses and monitors
content while allowing encryption. LANguard is an Internet access
control program that monitors what's going in and out of the system,
and issues reports on it.

Then, there are companies like Bennett's, which start their client
relationship by trying to crack into the network from the outside.
Once security holes are identified, they're patched and a full-service
plan is developed and supported by the security company.

Another option

Celotek, a spin-off company from MCNC in Research Triangle Park, takes
a different approach. One of its products is hardware-based and
provides high-speed security services to customers using asynchronous
transfer mode, or ATM, networks.

These systems are capable of incredibly fast speeds thousands of times
faster than the fastest modem and are often used to support the data
traffic for large corporations and institutions, such as banks,
insurance companies, government agencies.

Celotek supplies the box that's inserted at the perimeter of those
networks. It's like a security guard that monitors the data and
verifies its authenticity.

"Because they are high-speed networks, they operate over fibers. We're
the bump in the fiber," Bielawski says. "As the fiber enters a
building or a campus, on that perimeter, we place one of our systems
and it will encrypt and provide other security functions. It's
basically unbreakable stuff."

But Celotek is thinking even broader these days it's thinking Next
Generation Internet and it's working on a plan with networking
companies such as Cisco, Lucent and Nortel so that the security system
would be built right into the router; if that happened, every packet
of data traveling the Internet could be authenticated and encrypted.

"The leading approach to dealing with this much larger mess for
everyone is called 'IP sec,'" Bielawski says, or Internet Protocol
security. "It's a subset of the Internet Protocols, which run the
Internet."

The idea is, build the security into the infrastructure itself. That
way, anyone could benefit, not just those who could afford to buy and
support an individual security system.

The product should be on the market in a year.

"I think one of the things we have seen as the globalization of
information happens is, you really don't know where your data is,"
says Mel Snyder, vice president of operations at Celotek. "You may be
secure and understand in your building how controlling you are, and
you know whether your employees are coming and going, but once your
data leaves the building, you don't really know where it's going.
That's the big thing we're seeing."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".