Archive for June, 2009

Our new Intrusion Detection and Prevention system launches today

Tuesday, June 30th, 2009

A couple of months ago, I came up with a ‘wishlist’ (which I mentioned on this blog) for the ideal Intrusion Detection and Prevention system. This was based on research that we have been doing over a period of time to come up with a unified platform that combines existing IDP systems and approaches.

Today, we’re launching our new IPS/IDS technology, which combines passive and active detection with intrusion prevention, to create a single protection model that I believe is more effective than anything our competitors can offer. The three really significant things about it are:

1.    It fits our ‘unified’ approach to security by combining existing technologies on a single platform. It’s always more effective to build an integrated system that is meant to work together, rather than bolting bits together.

2.    It can be configured to whatever specific requirements clients have – even down to individual teams within companies.

3.    We are developing the IPS/IDS technology on existing functionality to make it even more effective, flexible and sophisticated.  It is all part of our service.

This managed approach has to be the way forward as security gets more complex.

Posted in Security, social media series | Comments Off

UK cyber strategy – who are our allies in this war?

Monday, June 29th, 2009

The UK government has announced its strategy on national cyber security. There is little doubt that serious damage can be done to a country through cyber space. We’ve seen many instances of cyber attacks already, but they have mostly been fairly mild to date. But our national infrastructure relies on technology and the potential for attack cannot be ignored.

Of course, cyber force can be used on both sides. There have been reports that US and UK forces have used the internet to change the information terrorists hold and so manoeuvre them into an ambush.  But it doesn’t take a huge leap of imagination to see the potential for causing trouble if a malign force was to infiltrate certain aspects of UK cyber space.

We need this national cyber security strategy, and, of course, it can be built on and developed further as needed in this fast-changing world.

When Gordon Brown announced the appointment of ‘senior civil servant’ Neil Thompson as Cyber-security chief (at the time of writing, it is unclear as to Mr Thompson’s credentials for this role) he made reference to the need for defence across different territories. We have defending forces for the air, the sea and the ground. It makes sense to have one for cyber security.

But in any war, or defence situation (cyber or real-world combat), we create alliances across borders to help us. We have NATO and other international bodies to help us defend ourselves from attack; the UN to negotiate peace. It is unclear, in this strategy, how we will do this in the borderless world of cyberspace. The very fact of an Internet without policed national borders means it would be strange indeed if we didn’t work to forge alliances in the virtual world, as we do in the real world. In any combative situation, you need allies.

Posted in Security | Comments Off

Unified Security

Wednesday, June 24th, 2009

It’s always nice to be mentioned in an analyst’s report, and Gartner’s recent Managed Security Service market (Asia Pacific) is no exception. The first thing that struck me is how far managed security services have come in the last five or six years – it is a fast-maturing market and one in which Gartner forecasts a 12 per cent compound growth over the next 12 years in the region. That’s significant, given spending freezes and cuts in other areas.

But still, as the report highlights, relatively few security companies offer unified threat management (UTM) services. Those that do, it says, are enjoying considerable success. The cynic in me says that many vendors won’t offer UTM because it’s more expensive for customers to buy several services separately (and so advantageous for vendors not to integrate their services); but the truth is that it is also very difficult to do well for a company that hasn’t been set up specifically to do so. But those that do (and of course I include Network Box in that) are seeing huge growth potential in the market.

I’ve said before that systems built to fit together are always more effective than systems that are bolted together, or bought separately (remember the boom in ‘middleware’, designed specifically to make bits of kit work with each other?). We spend a significant amount of time and money in researching and developing the most effective integrated systems: it’s better value for our customers, and gives overall a much more effective security solution.

Here’s hoping that next year, Gartner will go one step further, and devote a whole report to the growing market for UTM.

Posted in Security | Comments Off

Digital Britain, maybe… but will it be secure?

Monday, June 15th, 2009

Initially, I was heartened to see that Chapter 7 of the Digital Britain report (the section concerned with online safety and security) makes reference to the need for a global approach to Internet security. This is something that most of us in the security industry have been pushing for, for some time. The report states:

Whilst ultimately, the Internet cannot be made risk-free if it is to function effectively, governments, businesses, civil society and individual users can and must share responsibility for minimising the risks. And due to its global nature, issues relating to governance of the Internet are often outside the jurisdiction of individual national governments and regulators. Responsibility for ensuring that Internet governance is effective therefore needs to be considered at three levels:

  • at the global level, recognising the cross jurisdictional nature of today’s networks;
  • at the national level, on those issues where appropriate national action remains a highly effective tool; and
  • at the consumer level, through appropriate action and by empowering all of us to take steps to protect themselves.

Much of the report relates to the UK’s cyber-security, rather than the international issue of cyber-crime. Of course, it is hugely important that we secure our UK infrastructure against threat of attack, cyber or otherwise. There is passing reference to the work of SOCA’s e-crime unit, and the government-established PCeU (Police Central e-crime Unit). The report acknowledges that ‘a vast amount of e-crime is small scale and aimed at home users through the use of malicious software and deception’. The focus here was very much on educating users to avoid becoming victims of this ‘small-scale’ cybercrime, through initiatives such as Get Safe Online.

The importance of maintaining the security of private data was also mentioned (although I noted that the example given was ‘bank details’ rather than the government’s own data breaches around child benefit claimants, for example).

On the issue of the global nature of the Internet, there is an endorsement from government of the Internet Governance Forum (IGF) to continue its work for another five years. The IGF has a role to play in creating debate around a range of key issues, including (but by no means limited to security), but what we also need is a clear, international security policy that goes further than just discussion.

Overall, there is very little in here to demonstrate that the government understands the issues at stake because if they did then they would be committing further resource to creating, or leading the development of, an international task force to combat cyber-crime.

Posted in Security | Comments Off

Mapping Security

Tuesday, June 9th, 2009

As part of the complete overhaul of our customer portal, we’ve developed a new global monitoring system (GMS) that lets our customers run a health check on their security and connectivity, in real-time, from anywhere in the world. A network of monitoring systems across the world test and record the activity of all Network Box appliances, and send alerts to customers on unusual activity that should be investigated or monitored (it differentiates between a ‘critical’ alert and one that should just be watched with care). Our customers can access a map showing the locations of all their Network Box systems and the status of each box, and click on the relevant location to view more detailed information (and to contact us for help if required).

This is particularly useful if there is one location that is causing connectivity problems that could have implications for other company offices. So, if there are offices in London, Sydney and Hong Kong, and there is an outage in Hong Kong because of issues with the Internet, the administrator can see which VPNs are still up and what the access speeds are to each surviving location. Similarly, the administrator can monitor incoming and outgoing Internet activity, and VPN activity between locations around the world from the GMS, which lets the administrator see levels of activity and a ‘health check’ for each office.

There’s more information on this system in our customer portal guide, here.

Posted in Security | Comments Off

Push Technology

Tuesday, June 2nd, 2009

Network Box has recently launched a further improvement in the delivery system for all updates, upgrades and operating systems used by the Network Box system.

Since its launch, Network Box has focused on optimising its PUSH technology, as the best way to get security updates onto the devices providing the protection PUSH Technology provides three primary advantages over PULL:

1) Speed – Reduces latency (the time from when the update is available until when delivery commences) to a minimum.

2) Acknowledgement – Allows for the provider to be certain that updates are installed and activated correctly.

3) Optimization – Provides for optimization of the update system, from the provider’s point of view
(making the most optimum use of the provider’s network for delivery of updates , in both resource utilisation and source of updates).

Real world experience with PULL vs PUSH also backs up the clear statistical and mathematical analysis. PUSH Technology, quite simply, offers the best way to deliver updates to the signatures and code on protection devices.

We are pleased to announce that on 20 May 2009, we completed the migration of all our NOCs to our new patented HQPUSH system. This new system offers improved performance and optimisation of PUSH updates. It allows us to continuously, and concurrently, monitor all our sources of security signatures, and to PUSH out changes within seconds. With this new system, updates are currently being installed on regional NOCs within 3 seconds of their release, and on all end-user Network Boxes, globally, well within our targeted 45 seconds from release. This is orders of magnitudes faster than the industry standard.

For further information, please see our PUSH Technology white paper at here.

Posted in Developments | Comments Off

Spam and viruses both up in May

Monday, June 1st, 2009

We’ve released our threat analysis for May, and spam and malware continue to increase. Overall, spam volumes are up 27.7 per cent, and malware 28.7 per cent. This is slightly lower growth than last month (which was a huge 63 per cent) but still a significant increase. We’re seeing a slight rise in the number of viruses from the UK, with three per cent of the world’s malware now coming from home shores.

 

The usual suspects – the US and Korea – take top chart positions. The US is responsible for 17.2 per cent and Korea for six per cent of all viruses.  Both feature in the top three sources of spam, too: the US produces 11.4 per cent of spam; Brazil comes in second at eight per cent; and Korea third at 4.2 per cent.

 

Details are on our website.

Posted in Security | Comments Off