The industry reflects, looks ahead

By Staff, ZDNet Asia
Friday, March 14, 2008 06:39 PM

Eric Hoh, vice president, Asia South, Symantec

Eric Hoh,
Symantec
Social networking Web sites are particularly valuable to attackers since they provide access to a large number of people, many of whom trust the site and its security.

Q: Name three hot technologies to watch in 2008.
Hoh: 1. Using software or green data center management. As the largest consumers of energy, data centers have become a natural target for social and political groups, to adopt environmentally friendly policies. However, data center managers also realize during the process that cost savings and other benefits of implementing such practices are worth the effort to "go green".

In 2008, Symantec expects to see more enterprises adopting a software based approach to reduce energy consumption and help data center managers implement "green" solutions. As data centers battle with rising power and cooling costs, and increasing complexity in data center management, the future will be about leveraging the power of software to consolidate and create a management experience that is more consistent, uniform and simplified.

A software based approach is easy to implement and less expensive than many hardware and cooling solutions. Such an approach can help by improving storage consolidation and utilization, consolidating servers and dramatically reduce storage requirements by eliminating duplicate files. Enterprises are able to double their server utilization rates, and reduce storage capacity requirements through data deduplication, by more than 500 times by using software.

2. Virtualization
Virtualization made headlines in 2007 with several companies making announcements around virtualization technologies. Businesses have increasingly adopted virtualization technology to maximize hardware usage, increase scalability, provide segregation and lower total cost, and this trend will continue into 2008. The security implications of virtualization, however, have not been taken into consideration by many enterprises.

The speed and ease of provisioning and deploying virtual machines may lull people into complacency about considering proper security of the virtual machine and the environment into which it is deployed. Most data center managers put a lot of thought into architecting the security of their systems and deployments, and the same care should be done for virtual machine configuration and deployment.

Virtualization technology was not designed as a security solution in most cases, and significant risks exist in the ways some companies are deploying this young technology and the security implications are only now starting to be understood.

In assessing virtualization from a security standpoint, Symantec has found some key limitations that illustrate what could be possible as attackers focus their energy on virtualization technology:

  • Escape from virtualized environments. In a worst-case scenario, a threat that compromises the guest operating system may utilize a vulnerability to break out of the guest and compromise the host operating system.
  • Use of virtualization by malicious code. This is considered one of the most advanced Rootkit methods and research projects such SubVirt, BluePill and Vitriol demonstrate how this might be achieved.
  • Detection of virtualized environment. Software virtual machines are relatively trivial to detect. Malicious code may use this knowledge to either exploit a known vulnerability in the virtual environment or to modify their behavior when in a virtual environment as a defense mechanism.
  • Denial of service. Attackers can crash the VMM (Virtual Machine Monitor) or a component of it, leading to a complete or partial denial of service.

While virtualization presents security concerns, Symantec also sees an opportunity to explore entirely new security models that leverage it. Symantec's collaboration with Intel is an example.

In April 2006, Symantec announced a partnership with Intel to build security solutions for the new Intel vPro technology. The technology allows IT managers to manage security threats outside the main PC operating system in an isolated virtual environment.

Symantec's Virtual Security Solution moves security to the hardware layer, providing new layers of system protection. It utilizes Intel's virtualization technology to create a virtual security solution on the PC.

3. Archiving and compliance technologies
As compliance requirements get more stringent, archiving processes and technologies to fulfil compliance regulations will receive more corporate attention. Symantec expects that automated archiving and compliance software will be a key technology on the radar of many corporations that intend to get ahead of the curve and enforce more iron-clad risk management programs and policies.

IT security continues to be a perennial problem. Please name up to three security trends that IT heads should look out for in 2008.
Bot evolution
Expect bots to diversify and evolve in their behavior, which may result in technologies like phishing sites hosted by bot zombies, for example. Bots tend to be "early adopters" of new functionality and, as a result, they can be used as test environments for deploying new malicious functionalities on a variety of targets before making widespread use of them.

Bots might be used in client-side phishing attacks against the legitimate owner or users of an infected computer; this approach would allow phishers to bypass traditional phishing protection mechanisms and eliminate the need to rely on a Web site that could be taken down if detected.

Bots might give attackers specific access to infected computers that attackers can then use to their advantage; if a bot owner could advertise that he or she controls a computer within a specific organization, then parties with interest in that targeted organization might pay to use the compromised computer to gather information or conduct attacks.

Bots might be used to artificially increase apparent traffic to certain Web sites by hijacking browsers and steering them toward sites that allow users to submit and vote on or recommend Web sites. By making it appear to be a high traffic site, a malicious user could then use the site to generate advertising revenue or to serve malicious code, which could then be used in subsequent fraudulent activities.

IT heads should look out for the use of new and more sophisticated bots that attempt to evade blocks by reputation-based systems.

Spam evolution
Expect to see spam continuously evolve, in order to evade traditional blocking systems and trick users into reading messages. Here are some of the spam trends IT heads should look out for in the coming year:

  • New attachment types. Expect to see an increase in the use of new attachment types such as MP3, flash and others.
  • Pop culture spasm. Spammers will continue to focus on making content more appealing to readers, capitalizing on highly visible current events such as the US presidential campaigns, the economy and popular fads.
  • Social networking sites. More spam is expected to be delivered via popular social networking sites.
  • Targeted attacks. More targeted attacks that focus on compromising machines and system vulnerabilities with the intent of stealing personal information.

Advanced Web threats
The online presence of an organization is often facilitated through Web applications, particularly as an increasing number of traditional software vendors are complementing their existing applications with Web-based user interfaces, or converting them over entirely. Web applications may be the site of vulnerabilities that can be exploited to gain unauthorized access to computers on which they are deployed.

Over the past several years, as Web applications have been more widely deployed, they have been increasingly targeted by attackers as a simple means to circumvent network security measures, such as intrusion detection/ prevention systems and firewalls.

As the number of available Web services increases and as browsers continue to converge on a uniform interpretation standard for scripting languages, such as JavaScript, Symantec expects the number of new Web-based threats to continue to increase. User-created content can host browser exploits, distribute malware/spyware, most unwanted ads (splogs), or host links to malicious Web sites.

With more businesses establishing an online presence, as well as an increased reliance on Internet services, such as online shopping, banking, and communication, both consumers and businesses are at risk from compromised Web applications. With the improved economics of reducing the cost of transactions, Web-reliant organizations cannot shift back to their old mode of operations. Hence, the interaction between buyers and sellers through e-commerce needs to be protected.

The key ingredient to the continued growth of e-commerce is trust. Without trust, consumers will cease to transact with organizations.

Social networking sites...
... Are changing the human fabric of the Internet. In less than a lifetime, the way we work, play, shop, and communicate with our friends, our family, and our business colleagues has undergone a transformation unprecedented in its scope and speed of adoption.

The growth in online commerce and in the number of ways people can access the Internet has profoundly changed life for the individual consumer--and for the enterprises serving them.

At the same time, the ability to collaborate online, work remotely, and engage in more multi-party transactions has attracted hackers, stealing information for financial gain. Gone are the days when they hack for fame or notoriety.

According to Symantec's Internet Security Threat Report Volume XII, hackers indirectly target victims by first exploiting vulnerabilities in trusted environments, such as popular financial, social networking and career recruitment Web sites. Symantec observed 61 percent of all vulnerabilities disclosed were in Web applications.

Once a trusted Web site has been compromised, cyber criminals can use it as a source for distribution of malicious programs in order to then compromise individual computers. This attack method allows cyber criminals to wait for their victims to come to them verses actively seeking out targets.

Social networking Web sites are particularly valuable to attackers since they provide access to a large number of people, many of whom trust the site and its security. These Web sites can also expose a lot of confidential user information that can then be used in attempts to conduct identity theft, online fraud or to provide access to other Web sites from which attackers can deploy further attacks.

The biggest challenge facing IT departments is...
... Data leakage. It is becoming a key concern for companies as it is not only costly in financial terms; it also comes at a price to a business' reputation and customer confidence.

Data breaches can cost companies billions of dollars and data loss prevention (DLP) has emerged as a top priority for any company that handles confidential information. Today, companies are no longer focused on keeping anti-social elements from getting into the corporate network, but also from preventing corporate espionage and accidental data leakage by employees from within. It's about ensuring that the information within the organization is not compromised.

According to the Symantec IT Risk Management Report, released in 2007, 58 percent of respondents expect a major data loss caused by events such as data centre outage, corruption of data, or breach of security systems, at least once every five years. Most organizations have basic security at the gateway but these are not comprehensive enough to address data leakage and information risk management. Data security solutions are important, but they do not address the risk involved.

With 75 percent of a typical company's intellectual property contained in e-mail, having content control will prevent good and sensitive information from being sent outside of the organization accidentally or with ill intent thus managing the risk involved.

Having said that, if an organization keeps all electronic communication for the last six years without proper processes in place, it will cost an organization a lot of time, money and resources to discover the relevant information should they be involved in litigation. With 80 percent of all organizations today accepting e-mail as written confirmation of transactions and 75 percent of all Fortune 500 company litigation involving the discovery of e-mail communication, it may not be acceptable in courts if the time required discovering the information far exceeds the allocated time for discovery.

Initially Asia was lagging behind North America and Europe in terms of deploying technology to prevent data leakage but they are catching up as regulations such as JSOX and Basel II currently in place. Corporate litigation and transacting with businesses globally are beginning to help Asian companies better understand the risks involved. We are beginning to see an upsurge of requirements from Asian companies for such technologies to be in place.

 Sydus 

WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

10 open source projects worth checking out

Open Source

The open source field is pretty crowded, but certain projects stand above the rest. Here are 10 tools and solutions you don't want to overlook.


Read more



Do we need more delivery centers?

Blog thumbnail

As I wrote a while back in about "racing to subsidies", there certainly is an increased focus by governments to attract delivery centers to their region. To do that, many..... by Michael Rehkopf

Read more

Tags

  1. acquisition
  2. acquisitions
  3. ceo
  4. china
  5. financial
  6. google inc.
  7. green it
  8. ibm corp.
  9. india
  10. industry
  11. information technology
  12. it outsourcing
  13. job
  14. microsoft corp.
  15. network
  16. outsourcing
  17. revenue
  18. singapore
  19. software
  20. u.s.