Intrusion Prevention

With Neal Hartsell, VP of Worldwide Marketing at security specialists TippingPoint.

BM. A recent executive survey found that 86 percent of respondents perceived system penetration to be the largest threat to their enterprises. Are they right to be concerned?
NH. I think they’re right to put that at the top of the list. A few years back we saw more pure network-level penetrations – we saw network downtime from things like worms and Trojans and viruses like the Code Reds and the SoBigs and the MyDooms. Now, however, hackers are not focused on penetrating networks for the purpose of taking the network down; they’re going after critical applications and servers that have key information stored behind them – social security numbers, credit card numbers, healthcare records, intellectual property, etc. – something they can monetize for profit. And so system-level penetration is now where a lot of more of the hacker activity is focused.

BM. What challenges does this pose?
NH. The challenge is that it’s a harder area to guard against because you’re talking about application-level protection, and there’s a lot more applications than there are network operating systems. There’s a lot of pressure to push back on application developers and have them focus on security as they design applications, and that’s not really what most application developers are good at. So it’s creating a pain point because if you’ve got business critical applications or applications that face outbound for ecommerce purposes, you’ve now got to retrofit those applications to make sure they can’t be hacked, and that’s not an easy thing to do. And if it does happen the pain could be severe.

BM. What different solutions are currently being developed to help tackle this problem area?
NH. Well, there’s a whole class of different products that are focused on guarding against the modern threat landscape. We provide intrusion prevention systems that are capable of guarding against network threats as well as server and application threats. So we’ve got a pretty rich solution model to guard against the data leakage problem and the application server penetration problem.

There are also post-intrusion prevention solutions. There are web applications. There are traditional firewalls that are trying to get into application-level protection. So pretty much everyone in the network security business is looking for ways to guard against application-level attacks. The trick is who can do that with the broadest form of coverage, the highest performance, the lowest latency or network impact and the greatest accuracy. Because if you don’t meet those criteria, security gets in the way of normal business operations, and it’ll just be ripped out. Or if you have a solution that generates lots of false positives, you’re just causing security analysts to chase a bunch of red herrings, which is a management nightmare.

And so the thing that really sets apart an intrusion prevention system approach as opposed to an intrusion detection approach – or even a web application firewall approach – is we stop the problem in its tracks in an automated way as opposed to alerting humans, which is a more costly and frustrating way to go about the problem.

BM. So what’s your view on the current state of IT security in the Middle East? Is there enough focus on these issues or does more need to be done?
NH. Well, any time you talk about a market you have to segment it in terms of size of customer and verticals and so forth. And so what we’re seeing in the Middle East is that, in general, the market is probably 12-18 months behind the US and Europe in terms of its security understanding, sophistication and solution deployments.

Now having said that, we do see very sophisticated buyers in the government, telecommunication and finance sectors. Those verticals are pretty high IT security spenders. But the problems that we’re talking about can attack any kind of organisation, whether it be a hotel, a retail operation or an energy concern. You name it. Certainly these security problems are not strictly the domain of the government or telecoms or finance verticals.

And we also see that from a security threat point of view there’s a lot of focus in the Middle East right now on phishing attacks, identity theft and denial-of-service attacks. Fortunately for us, TippingPoint has strong filters and a strong solution model for all those types of attacks as well as many others. In the Middle East there’s a pretty high focus on those kinds of issues at present.