2012: Next-generation threats need next-generation firewalls

It wasnrsquo;t too long ago that security vendors were touting new lsquo;heuristicrsquo;, or behaviour based,analysis as a newfangled way to spot new viruses that were generated by hacker toolkits and didnrsquo;t match any known signature on file. These days, however, heuristics are less a luxury than the standard operating procedure as globally connected malware authors spew new threats faster than ever and even the most diligent companies continue to suffer the indignity of successful security attacks.

Recent figures from the Australian Institute of Criminology suggest that cybercrime has overtaken physicalcrimes like car theft and break-ins, which have plummeted by half or more in the past decade. Cyber attacks reportedto the Australian Computer Emergency Response Team (AusCERT), on the other hand, jumped 255 per cent in2010 compared with the previous year ndash; while the number of compromised hosts notified to AusCERT jumped 296per cent and the number of sites hosting malware jumped 111 per cent in the same period.

Hackers love new technology: they have already started compromising IPv6 networks, and are turning tonew technologies like peer-to-peer (P2P) networking and headless lsquo;botrsquo; networks that are increasingly difficult forauthorities to trace, much less intercept.

In a word, the bad guys are creative ndash;and they have both obscurity and time on their side. Thatrsquo;s producing longerand longer odds for corporate security managers who just want to keep the baddies out so the business can get onwith its business.

The threat of malicious attacks is likely to strike fear into the hearts of executives who face growing exposureto increasingly bold hackers unafraid to take on big-name targets like Sony, Stratfor, RSA and Nasdaq ndash; all amongthe 535 companies, according to the Privacy Rights Clearinghouse, that were penetrated quite publicly during 2011.

In many of those cases, millions of private customer records were compromised mdash; something thatrsquo;s becoming easier and easier to do ashackers exploit unpatched databases and refine their understanding of attack techniques like SQL injections, whichtook more than four million websites in 2011 alone. Privacy breaches not only embarrass companies and alienate customers, but they are seriousoffences under laws in Australia, Europe and elsewhere.

Despite the high-profile threats posed by data loss, a recent survey for the Independent Oracle Users Group foundthat databases were still not being protected adequately: a quarter of respondents felt it was likely or inevitable their company would have a data breachin 2012, but only 36 per cent said they had worked to protect their applications from SQL injections.

Even worse, 70 per cent take over three months to apply critical patch updates; only 30 per cent said they encrypt sensitive and personallyidentifiable information; and only 40 per cent of respondents audit their databases for security breaches on a regular basis. For the rest, it could be
weeks or months before they even noticed they had been hacked; in many cases, the first notice of a hack comes when the perpetrators splash it across
the internet.

Budget at last

No wonder security breaches seem to be happening with more regularity of late: as the targets and the prizesget bigger, so too does the coverage. Heaven forbid the organisation works in government or other potentially unpopular industries: lsquo;hacktivismrsquo; hasbecome a very real threat that stacks even well-protected targets against the ravages of a determined and resourceful enemy.

Political goals drive a large portion of distributed denial of service (DDoS) attacks, which cripple websites by flooding them with up to 10Gbps or moreof phantom traffic; DDoS was named as a significant operational threat by 71 per cent of network operators in Arbor Networksrsquo; recent Worldwide InfrastructureSecurity Report.

With attacks continuing to rise, there is little positivity coming out of enduser security surveys ndash; except for the optimism of surveys like a recent reportby analyst firm Telsyte, which found that CIOs are finally refocusing their security priorities and boosting security spending during 2012.
The Telsyte Australian CIO Information Security Priorities Study 2012, which consisted of 320 senior IT executives, found that growing boardand senior-management awareness of security issues ndash; and the potential reputational damage they can cause ndash; has increased the priority of security
remediation.Budgets are higher, and security refreshes are being put onto the front burner for the first time in years as nearly a quarter of Telsytersquo;s respondents said they are working tochange security strategies.

But what will CIOs be buying?
Therein lies the rub: whereas it was once seen as enough to install a brand-name firewall to protect the ingress and egress points of the corporate network, todayrsquo;schanging usage models have relegated that model to the dustbin of history.

Cloud computing, for example, is putting corporate data and applications outside the firewall ndash; and outside the direct protection of the companiesthey serve. Virtualisation has changed the structure of the enterprise, putting a new spin on time-honoured security practices.

The rise of mobility and bring your- own (BYO) computing, which is only gaining further momentum with every new smartphone or tablet thelikes of Apple and Samsung release, allows many corporate devices to bypass perimeter firewalls altogether.If comparable authentication and security canrsquo;t be extended to these new computing paradigms, all the security mandates in the world will be for nought.

CIOs intrinsically recognise this ndash; Telsyte found that around half rated mobile security as being critical or very important ndash; and vendors are rushing tomeet the resultant demand.

Security: the next generation
Although vendorsrsquo; 2012 product lineups vary, they generally seem to be converging around several common attributes.

First, they are falling into what the industry broadly refers to as lsquo;next-generation firewallsrsquo; (NGFWs). Compared with traditional port-basedsentries, NGFWs have a broader remit and a modular architecture that lets customers mix and match the security capabilities they need.

These might include DDoS detection, intrusion detection systems (IDS), intrusion prevention systems (IPS), spam blocking, antivirus, botnet blocking,advanced persistent threats (APTs), and other nasties; Check Point Software Technologies, for one, offers more than a dozen different software lsquo;bladesrsquo; that
can be plugged into its core NGFW engine. Importantly, those threats must also be blocked from internal sources ndash; a requirement that has become crucial given the rise of Cloud computing and mobile devices.

'The cornerstone of security in 2012 is still a firewall on a network appliance,' says ANZ managing director Scott McKinnell, 'but the value proposition is around centralised management of those capabilities, and aggregating technologies onto that platform.'

A key part of the overall NGFW security approach is the addition of a correlation engine thatrsquo;s able to bring together the data from all manner of individual scanners, then analyse itand raise appropriate alarms based on behavioural anomalies.

This is the old-reliable heuristic analysis done large, and itrsquo;s been a major target of organisations such as HP, whichhas recently ramped up its security practice on the back of several acquisitions that have bulked out its securityproducts and consulting services.

'When a port is being opened and its activity level is different to the norm, that's almost instantaneous information,' says Chris Poulos, South Pacific general manager for the Enterprise Security Products division of HP Australia. 'Logs come in all different shapes and sizes, so if we can ingest logs to be able to speak the same language, it gives us great power to see what's going on. We're trying to get the information that really matters.'

With virtualisation now well-entrenchedinside the firewall and becomingincreasingly common outside of itthrough the takeup of Cloud-basedapplications and storage, correlating thatinformation is becoming increasinglyimportant. To this end, next-generationsecurity defences are increasingly
bundling in ever-tighter integrationwith virtualisation hypervisors, whichinclude APIs that let security toolsseamlessly monitor traffic to, from andwithin virtual machines.

Cloud security, on the other hand,remains a moving target, althoughvendors are working together to nutout interoperable standards under theguidance of peak bodies like the OpenData Center Alliance (ODCA), which hasattracted more than 300 vendor anduser members in its first year.

The ODCA offers evolving standardsand best practices for Cloud securitybased around eight usage models forareas like security monitoring, virtualmachine interoperability, regulatoryframeworks and the like. By usingthese and similar frameworks to guideyour security efforts in 2012, you can
combine both business and technicalperspectives on your data security togreat effect ndash; as long as you rememberthat nothing in the security market sitsstill for long.

'At the end of the day, the threat landscape is moving fast,' says McKinnell. 'If you can't move with a high amount of agility to protect it, having a Nirvana of a solution is useless. Risk is increased by time without action.'

Want to read more from this author?

The week in security: Flame shows hackers LinkedIn to dev tricks

The week in security: Malware spike raises urgency of threat sharing

Agentless security offers virtual peace of mind: Grenda Transit

Malware innovation outpacing security defences, eThreatz testing shows

And many more here

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful cybersecurity companies