Custom-fit security apps

[InfoSec News <isn () C4I ORG>]

http://www.zdnet.com/eweek/stories/general/0,11011,2697677,00.html

By Dennis Fisher, eWEEK
March 19, 2001 12:00 AM ET

If last year saw the birth of managed security services, then this is
the year they will come of age, evolving from one-size-fits-all
services into unique, proactive offerings tailored to the individual
customer.

This new wave of service is typified by Ubizen, a Belgian security
company that this week will launch its services in the United States,
along with others such as Counterpane Internet Security Inc. and
Netsec. Each of these companies is trying to change managed security
from a strictly reactive discipline to a predictive and proactive
field.

Unlike past attempts to manage security, these companies are
concentrating on gathering real-time intelligence on attacks,
vulnerabilities and exploits. Using data mining and artificial
intelligence techniques, they can predict where problems could appear
on a particular customer's network and then design a system to
counteract them.

Ubizen this week will launch in the United States its OnlineGuardian
services, which include firewall and virtual private network
management and provide customers with round-the-clock network
intrusion detection and vulnerability assessment monitoring services
that security administrators said are becoming a must.

"The architecture and the nonintrusive nature of the service is key,"
said Ron Zahavi, chief technology officer of MedContrax Inc., a Ubizen
customer and pharmaceutical industry contracting portal based in
Gaithersburg, Md. The company currently uses another Ubizen solution
but will begin using OnlineGuardian soon. "We have a lot of security
issues with our network, so we need someone to hand that off to and
know that it's taken care of," Zahavi said.

Later this year, Ubizen plans to unveil an application-monitoring
service to address the growing number of application-level attacks
plaguing corporations, as well as a policy-compliance service.

Services blossomed last year when companies faced a shortage of
trained security personnel at the same time that attacks against
networks hit new heights. Companies were often forced to foist
critical tasks such as network monitoring and intrusion detection on
overworked IT managers. As a result, crackers and virus writers had a
field day on corporate networks.

And hackers are still having their way. In the latest Computer Crime
and Security Survey, released last week by the Computer Security
Institute and the FBI, 85 percent of respondents said they had
detected a security breach within the last 12 months. More telling was
that 27 percent of those surveyed didn't even know if there had been
unauthorized access or misuse of their company's site.

"Companies have been spending a lot of money on security, but they
can't keep up with the management of it because they don't have people
with the knowledge to do it," said Stijn Bijnens, CEO of Ubizen, of
Leuven, Belgium, with U.S. headquarters in Reston, Va.

But customers are now demanding more advanced services than many MSPs
(management service providers) have offered. In response, Ubizen is
unveiling its SEAM software, which stores, processes and classifies
event data as well as information from network security devices such
as firewalls and intrusion detection monitors. The data is analyzed by
the Ubizen staff against information culled from other customers'
networks; analysts can then identify potential problems and recommend
the appropriate responses.

The advantage lies in that, while any given attack may be new to a
victimized company, the intelligence staff of an MSP is likely to have
seen dozens of such attacks and will know how to respond.

"A managed security monitoring provider can learn from attacks against
one customer and use that knowledge to protect all of its customers,"
said Bruce Schneier, chief technology officer of Counterpane, in San
Jose, Calif. "To [us], network attacks are commonplace, not rare."

Ubizen's database analyzes more than a million security events a week,
which gives its staff a much larger picture of the overall security
landscape than the staff of any one enterprise customer could ever
have.

Netsec, in Herndon, Va., and Counterpane are in the process of
building intelligence databases as well, and officials from both
companies said these repositories are key to future services.

"The threat environment and vulnerability landscape changes every day,
and you have to be able to deliver intelligence reports in advance of
new problems," said Jerry Harold, director and co-founder of Netsec.

"Being able to glean information from the customers' networks and
analyze a wide array of threats is what makes managed security
monitoring valuable."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".