Digit Channel Connect Special Issue (Nov.'09) by SIDDHANT RAIZADA

S E L ECT

Vol 02 issue 01 November 2009 | Rs. 50

S E R IES

Your one-stop guide for breaking into some of the hottest segments in the information security market in India

Authentication and IDP Trends and technologies that matter in this domain. PAGE 20

Unified Threat Management What lies behind the one-box wonder. PAGE 32

Data Storage and Loss Prevention Growing threats imply speedier adoption. PAGE 24

Firewall and Antivirus Still the most preferred way to secure data. PAGE 28

l In-depth features l Vendor interviews l White papers l Guest columns l Security survey

AND MORE...

editorial

As Safe As Possible

sanjay.gupta@9dot9.in

Security is not a destination but a constantly moving target.

ith due apologies to the über brands of the automobile world, there are only two types of mass-market cars (if you consider it thus): those which have some security products installed and those with just plain vanilla, factory-fitted locks. Then, even among the ‘secured’ ones, there’s an entire cornucopia of fitments – gear locks, ‘hockey sticks’, central locking et al. Nevertheless, both types of cars get stolen. But if I were to ask you, Which cars get stolen more often and in greater numbers? you would promptly answer the question without consulting the stolen-vehicle investigation department. The point is, just as in the physical world, wherein we try and secure our assets as much as we want but still lose them, so it is in the more subtle realm of information flow. Companies can use the best antivirus on the market, set up advanced firewalls or configure multiple layers of authentication, but they may still not attain foolproof security. Having said that, organisations have no option but to try as many ways to protect critical information – their life-blood in today’s competitive world – as possible. And keep at it relentlessly, because security is not a destination but a constantly moving target. The thieves and hackers (okay, for puritans’ sake, crackers) will keep on raising the bar for security vendors and solu-

tion providers by launching more and more sophisticated attacks (sometimes with alarming success). The market for information security products in India is still in its infancy, never mind that we have over 40 million active Internet users and our businesses are growing their data assets at an accelerated pace. There are various estimates for the size of this market, but it’s tiny in the context of India’s total domestic IT spending. That’s why the potential of selling and implementing data security solutions to Indian businesses is immense. And that’s why we have put together this special issue on information security. Given the diversity of solutions and offerings in security, we’ve narrowed our focus to four carefully contrived segments we think are hot right now: Authentication and IDP, Data Storage and Loss Prevention, Firewall and Antivirus, and Unified Threat Management. So, what are you thinking? Lock yourself in your study and steal some time to go through this package you are holding…

SANJAY GUPTA Editor Digit Channel Connect

sounding board sounding board Digit Channel Connect is National Media Partner for COMP-EX ’2010 Vidarbha Computer & Media Dealers’ Welfare Association (VCMDWA) is holding its 18th successive IT mega annual event, COMP-EX’2010, in Nagpur from 14 to 18 January 2010. This year Digit Chanel Connect is joining hands with the Association as its Official National IT Media Partner. Besides the exhibition, this year there will be two focused seminars – one on hot technology topics for CIOs and IT managers, and the other on career options for computer and engineering students. Recently, VCMDWA Nagpur was awarded the 2nd Best IT Association of India and is all set with renewed vigour and enthusiasum to hold its COMP-EX annual show. COMP-EX ’2010 will be sponsored by Logitech. Write to the Editor E-mail: editor@digitchannelconnect.com Snail Mail: The Editor, Digit Channel Connect, K-40, Connaught Circus, New Delhi 110 001

COMP-EX 2010 will house more than 25 pavilions and close to 90 stalls, a cafeteria and a helpdesk. More details about the plan and booking for the event can be found at www. vcmdwa.org.

DIGIT CHANNEL CONNECT

NOVEMBER 2009

contents

VOL 2 ISSUE 01 | NOVEMBER 2009

THE

Information SECURITY SCENARIO Increase in the amount and usage of data, rise in the number and type of security threats and changes in the way businesses work today are all contributing to the growth of the information security market

GETTING THE IDP RIGHT

SURVEY Taking the Pulse The security market trends and opportunities for solution providers in India

“Authentication mechanism should be given high importance”

WHITE PAPER

RAJIV CHADHA, VICE PRESIDENT, VERISIGN INDIA

Content Security: A Primer

DATA STORAGE & LOSS PREVENTION

“Unstructured data is the weakest link in any organisation” SURENDRA SINGH, REGIONAL DIRECTOR, SAARC, WEBSENSE

FIREWALL AND ANTIVIRIUS

Threats= Opportunities Antivirus and firewalls are the most simple and effective ways of checking online threats

Why content security is important and how to protect it

Trends to Watch in 2010

The old rogue programs might still be at work in the year ahead

36 38

OTHERS EDITORIAL.......................................................... 05 RADAR CHECK................................................... 08 GUEST EXPRESSION ON PCI DSS....................... 35 GUEST EXPRESSION ON UTM............................. 40

ADVERTISERS INDEX Canon........................................................False Cover,IFC Neoteric................................................................... IFC, 1 AVG................................................................................7 eCaps Computers............................................................9

Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh EDITORIAL Editor: Sanjay Gupta Sr. Correspondents: Charu Khera (Delhi), Soma Tah (Mumbai) DESIGN Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Manager Design: Chander Shekhar Sr. Visualisers: PC Anoop, Santosh Kushwaha Sr. Designers: Prasanth TR & Anil T Photographer: Jiten Gandhi BRAND COMMUNICATION Product Manager: Ankur Agarwal SALES & MARKETING VP Sales & Marketing: Navin Chand Singh National Manager - Events and Special Projects: Mahantesh Godi (09880436623) Business Manager (Engagement Platforms) Arvind Ambo (09819904050) National Manager - Channels: Krishnadas Kurup (09322971866) Asst. Brand Manager: Arpita Ganguli Co-ordinator - MIS & Scheduling: Aatish Mohite Bangalore & Chennai: Vinodh K (09740714817) Delhi: Pranav Saran (09312685289) Kolkata: Jayanta Bhattacharya (09331829284) Mumbai: Ganesh Lakshmanan (9819618498) PRODUCTION & LOGISTICS Sr. GM Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh CHANNEL CHAMPS Sr Co-ordinator - Events: Rakesh Sequeira Events Executives: Pramod Jadhav, Nitin Kedare, Johnson Noronha Audience Dev. Executive: Aparna Bobhate, Shilpa Surve Events Programmer : Vijay Mhatre OFFICE ADDRESS

Nine Dot Nine Interactive Pvt Ltd., KPT House, Plot 41/13, Sector 30, Vashi, Navi Mumbai - 400 703 Phone: 40789666 Fax: 022-40789540, 022-40789640 Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd. C/O KPT House, Plot 41/13, Sector 30, Vashi (Near Sanpada Railway Station), Navi Mumbai 400703 Editor: Anuradha Das Mathur C/O KPT House, Plot 41/13, Sector 30, Vashi (Near Sanpada Railway Station), Navi Mumbai 400703

Microworld...................................................................11

UNIFIED THREAT MANAGEMENT

Aladdin Multimedia . ....................................................15

Printed at Silverpoint Press Pvt. Ltd, TTC Ind. Area, Plot No. : A - 403, MIDC, Mahape, Navi Mumbai - 400709

Quickheal......................................................................23 VCMDWA.....................................................................27

THE 360 DEGREE APPROACH

India antivirus...............................................................39

UTM comes to the rescue as a singlebox painkiller

DIGIT CHANNEL CONNECT

Kingston.......................................................................13

NOVEMBER 2009

Cyberoam .................................................................. IBC K7 Computing.............................................................. BC

cover illustration : photos . com

cover design : prasanth t r

radar check

S E L E C T

Security software and services budgets to rise 4 percent in 2010

n April and May of 2009, Gartner surveyed more than 1,000 IT professionals with budget responsibility worldwide to determine their budget-planning expectations for 2010. “In the current highly uncertain economic environment, with overall IT budgets shrinking, even the modest spending increases indicated by the survey show that security spending accounts for a higher percentage of the IT budget,” said Adam Hils, principal research analyst at Gartner. “Security decision makers should work to allocate limited budgets based on enterprise-specific security needs and risk assessments.” Specific areas of projected security-related software spending growth in 2010 includes security information and event management (SIEM), e-mail security, URL filtering, and user provisioning. The continued, comparatively strong emphasis on security extends beyond software. The survey showed that security

services spending will also outpace spending in other services areas, with budgets expected to grow 2.74 percent in 2010. This anticipated increase is being driven in part by a growing movement towards managed security services, cloud-based e-mail/web security solutions, and third-party compliance-related consulting and vulnerability audits and scans. “When evaluating and planning 2010 security budgets, organisations should work to achieve a realistic view of current spending and recognise that it may be impossible to capture all security-related spending because of organisationally diffused security budgets,” said Ruggero Contu, principal research analyst at Gartner. “Businesses should also recognise that new threats or vulnerabilities may require security spending that exceeds the amounts allocated, and should consider setting aside up to 15 percent of the IT security budget to address the potential risks and impact of such unforeseen issues.”. n

79% Indian enterprises quote data loss as most serious security concern

ymantec has announced the findings of its study on the mounting risk of data loss in Indian enterprises. The study, conducted by IDC (India), revealed that 79 percent of organizations highlighted data loss to be their most serious information security concern, followed by other threats like virus and denial of service attacks and spam. “The need to protect sensitive information like source code, intellectual property, employee and customer accounts has made businesses realize that data loss can turn into a catastrophe and become a competition, compliance and credibility black hole”, said Vishal Dhupar, managing director, Symantec India. “It is imperative that as part of their overall security strategy, enterprises Vishal Dhupar, MD, Symantec India protect their information proactively and know where confidential information resides with them, how this information is being used and how its loss can be prevented.” Despite data loss being considered as a looming threat, only 15 percent of the surveyed organizations have adopted any form of DLP measures. This was largely a result of low awareness (32 percent) amongst enterprises on the impact and consequence of data loss and how DLP technologies could safeguard reputation and revenue of organizations. According to respondents, more than 50 percent of information residing within their organization is classified as sensitive. As the value and significance of information increases within organizations, instances of data loss are also on the rise. n

DIGIT CHANNEL CONNECT

NOVEMBER 2009

S E R I E S

McAfee intros breakthrough email and Web security appliance

cAfee Inc recently announced McAf ee Email and Web Security Appliance 5.5 to help protect customers against the latest email and Web-borne threats, manage Web and email traffic and usage, and reduce system administration requirements. Designed for small and midsized businesses (SMBs), the solution provides comprehensive email and Web security in a single, integrated appliance. The McAfee Email and Web Security Appliances include new features and functionality, including: n Ar temis and Tr ustedSource Technology Integration: The first appliance release from McAfee that links to global threat intelligence from its Artemis and TrustedSource technologies, the most precise and comprehensive threat intelligence system in the world n Appliance Clustering with Load Balancing: Multiple appliances can clustered to share scanning responsibilities for improved resiliency, scalability and consolidated management and reporting n Simplified Installation: Auto-detects network settings and provides an easy to use configuration wizard, helping to simplify installation requirements, reduce installation time and improve the overall user experience n New Content Policy Wizards: Simplified creation and set up of content policies through the new configuration wizards and advanced dictionaries simplify policy creation, enable greater enforcement flexibility and reduce false positives and configuration errors n Integrated URL Filtering: URL filtering is also included in the 5.5 release at no additional cost. Integrated into the appliance, the URL filtering includes more than 90 Web site categories providing granular Web usage monitoring and policy enforcement. The URL filtering also includes the McAfee Web Reporter package for simplified viewing of Web utilization and trends. In addition, these appliances provide customers with email and Web usage policy enforcement capabilities, compliance tools, informative dashboards and comprehensive reporting.. n

radar check QUICK VIEW

AVG to appoint 1,000 resellers by the end of this year CHARU KHERA

VG Technologies has announced its plans to appoint 1,000 channel partners, who are typically involved in selling IT equipment, by the end of December 2009. The company has till now been operating in India though its national distributors. As per the company, the appointments will be a step towards enhancing its focus in

Peter Baxter, Vice President, Business Development, AVG Technologies

the country. As part of the same initiative, AVG recently appointed Mumbaibased AARVEE Computers and New Delhi-based The Park Group as its premier partners for retail products. With these appointments, AVG aims to reach out to a larger section of users in the Western and Northern parts of India. AVG offers a wide range of security products to consumers as well as small and medium businesses (SMBs). “With the rate of PC penetration and adoption of technology in the consumer and SMB space in India increasing, we realised that Indian users would have the need and demand world-class security software. It is hence important for us to reach out to these users and make our products available and thus these appointments have been announced. This will further enable AVG to meet the demand from users,” said Peter

Baxter, Vice President – Business Development, AVG Technologies. In India, AVG has a direct presence with a dedicated website that allows users to download products as required. Furthermore, nearly 96 percent of AVG’s sales come via the offline channels. “We are expanding our reseller network to ensure that we effectively serve the needs of the fast-growing Indian market. Keeping this in mind, we have a set ourselves a target of enrolling 1,000 resellers by the end of this year. So far we have added 200 partners and feel we are well on our way to achieving our target,” said Baxter. AVG also recently launched the SignUp Reseller programme, which aims to educate resellers about company’s products and gives them the opportunity to become authorised distributors for AVG. “As per the programme, resellers can become AVG authorised resellers by placing an order for AVG security products worth Rs 25,000. The reseller would also get an additional five percent discount on dealer transfer price,” said Baxter who further added that so far, the programme has received a phenomenal response. The company would initially be targeting metros such as Mumbai, Delhi, Kolkata, Chennai, Bengaluru, Hyderabad, Ahmedabad, Pune, Kanpur and Surat. This apart, the company has also announced plans to appoint a Country Manager for India as well as staff to support its reseller network. Netherlands-based AVG Technologies is a global security software maker protecting more than 80 million consumers and small businesses in 167 countries from web threats, viruses, spam, cyber-scams and hackers on the Internet. AVG has about 6,000 resellers, partners and distributors worldwide. n

AN INDIAN COMPANY SPENDS AN AVERAGE OF

$28,447

Fortinet appliance breaks price performance record

ortinet has announced a new PER YEAR IN FortiGate multi-threat security COMBATING appliance designed to meet highVARIOUS TYPES end requirements of the mid-enterprise OF IT SECURITY customer segment. ATTACKS (MCAFEE The new FortiGate-1240B appliance offers best-in-class 40 Gbps firewall and SURVEY).

THE AVERAGE TOTAL COST OF A CORPORATE DATA BREACH STANDS

$6.3

AT MILLION, ACCORDING TO A STUDY BY THE PONEMON INSTITUTE.

16 Gbps IPSec VPN throughputs, which represent a 400- and 800-percent performance advantage, respectively, over the nearest competitor. The FortiGate1240B platform continues the technology excellence formula introduced on the other two members of Fortinet’s mid-enterprise family – the FortiGate310B and FortiGate-620B – by also providing the highest port density and best price/performance ratio among products in its class. The three products make up Fortinet’s complete range of multi-threat security appliances for the mid-enterprise. n

radar check

S E L E C T

S E R I E S

QUICK VIEW

McAfee report on security reveals crucial gaps Organisations of sizes from 51 to nies. Almost half of global organisa1,000 employees are cutting their tions surveyed (43 percent) think largsecurity budgets at the same time er organisations with 501+ employees that cyber threats are escalating, are most at risk for a security attack. according to McAfee’s report The In truth, organisations with less than Security Paradox. 500 employees actually suffer from The study found that more than more attacks on average. half of Indian com“Companies in panies surveyed have India are becoming seen more security increasingly aware incidents in the past of the threats of year (63%), and one IT security attacks. in five mid-size orgaIt’s heartening to nizations around see that a signifithe world has had cant number of a single incident organisations have that cost an average increased their budof $41K as loss of gets in 2009 on IT revenue. The study security despite the reveals that 70 perdownward pressure cent of the Indian on finances and Kartik Shahani, McAfee India companies reported resources. According spending more than a day on recovto our research, organisations that ering from IT security attacks. put more effort on preventing attacks This paradox occurs in part can end up spending less than a third because these types of companies are as much as those that allow themunder the mistaken impression that selves to be at risk. Hence, adopting hackers prefer to target larger compapreventive security measures should

AS PER AN IDC-SYMANTEC STUDY, RESPONDENTS QUOTED

50 %

OF INFORMATION RESIDING WITHIN THEIR ORGANIZATION AS SENSITIVE.

70 %

OF INDIAN COMPANIES SURVEYED BY MCAFEE SAID THEY SPEND MORE THAN A DAY RECOVERING FROM SECURITY ATTACKS PER WEEK.

A FEW INDIA SPECIFIC RESULTS • 67 percent of the Indian companies are very concerned about their business being a target for cyber crime

• India

and China have the largest amount of unreported data leaks, with 35 percent and 32 percent, respectively

• 38 percent of the Indian companies surveyed one or more incidents of data breaches in the last one year

• 63

percent of Indian companies witnessed an increase in IT security incidents from 2008 to 2009

• 73 percent of Indian companies fear that a serious data breach could put their organization to out of business

• 47

percent Indian suffered more than 20 security incidents in the past one year

• An

Indian company spends an average of $28,447 per year in combating various types of IT security attacks (data loss, endpoint protection, email threats, website threats and network security threats)

be taken as a serious concern by every organisation”, said Kartik Shahani, Regional Director, McAfee India. n

HCL Security, Cisco collaborate on secure communities

CL Security has signed a Memorandum of Understanding (MoU) with Cisco to collaborate on delivering IP-based safety and security solutions to help enable safer and more secure communities. The collaboration will combine the strengths of Cisco’s Smart+Connected Communities leadership with HCL Security’s ‘Safe State’ architecture to deliver safety and security solutions in India initially and later in other countries. Cisco Smart+Connected Safety and Security solutions address the growing complexity of protecting citizens, critical infrastructure, and key assets by enabling the construction of a common security operations picture while helping to ensure full integration and interoperability between different functional parts of the security system. HCL Security’s Safe State is an architecture that offers integrated urban safety and security technology

DIGIT CHANNEL CONNECT

solutions with policing and enabling actionable intelligence to make a city secure and safe. “Cisco envisages a future where successful communities and cities will run on networked information, and where information technology will help the world better manage its challenges. We recognize that the mission of public safety and security is at the heart of economic capacity, potential, and growth. For a city or community to grow, thrive, and attract human and financial capital, it needs to be highly secure. Cisco’s Smart+Connected Safety and Security solutions enhance the capabilities of emergency and security personnel by Rothin Bhattacharyya, employing next-level infrastructure, CEO, HCL Security technology, services, and platforms to create intelligent, enduring solutions. Our collaboration with HCL Security and its Safe State architecture will help us better address safety and security projects and customer requirements,”

NOVEMBER 2009

said Dave Stone, vice president, Safety and Security, Smar t+Connected Communities, Cisco. “HCL Security is committed to deploying an integrated technology approach to enable safer and more secure cities. HCL Safe State marries hi-tech security and surveillance with intelligence and policing - the three key pillars to this integrated approach to secure an entire state, city or large, significant establishments. Our collaboration with a likeminded global technology pioneer like Cisco will enable us to jointly provide best in class security solutions” said Rothin Bhattacharyya, CEO, HCL Security. As part of the collaboration, HCL Security will use Cisco technologies to build a state of the art Command & Control Centre for next-generation security solutions that will provide customers with the features of prevention, automated detection, analysis, and coordinated response to incidents. n

radar check

S E L E C T

S E R I E S

eScan is the new Microsoft gold certified partner

eScan has announced that it is now a Microsoft gold certified partner. As per the company, it has earned the gold certificate in Microsoft’s partner programme in recognition of its expertise, strategic role and impact on the security industry. As Microsoft gold cer tified par tner, eScan has demonstrated its expertise with Microsoft technologies and proven its ability to satisfy the needs of its customers. The company has also won several acclaimed awards and certifications by Microsoft. Some key contributors to this certification were certification of eScan in Vista, Windows 7 and many Microsoft certified professionals as part of their team. Microsoft gold certified partners are the elite Microsoft business partners who earn the highest customer endorsement. They have the knowledge, skills, and commitment to help implement technology solutions that match exact business needs. Gold certified partners represent the highest level

Govind Rammurthy, CEO & MD, MicroWorld Technologies

IBM report reveals 500 percent increase in malicious Web links

BM recently released results from its X-Force 2009 Mid-Year Trend and Risk Report. The report’s findings show an unprecedented state of Web insecurity as Web client, server, and content threats converge to create an untenable risk landscape. According to the report, there has been a 508 percent increase in the number of new malicious Web links discovered in the first half of 2009. This problem is no longer limited to malicious domains or untrusted Web sites. The X-Force report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites. The ability to gain access and manipulate data remains the primary consequence of vulnerability exploitations. The X-Force report also reveals that the level of veiled Web exploits, espe-

DIGIT CHANNEL CONNECT

cially PDF files, are at an all time high, pointing to increased sophistication of attackers. PDF vulnerabilities disclosed in the first half of 2009 surpassed disclosures from all of 2008. From Q1 to Q2 alone, the amount of suspicious, obfuscated or concealed content monitored by the IBM ISS Managed Security Services team nearly doubled. “The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West where no one is to be trusted,” said X-Force Director Kris Lamb. “There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We’ve reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity.”n

NOVEMBER 2009

of competence and expertise with Microsoft technologies, and have the closest working relationship with Microsoft. “First, we would like to thank our customers, who have endorsed us for this certification. Getting the highest level of certification from Microsoft reiterates our determination and capabilities in providing good security solutions to our customers. This partnership will help us in delivering faster solutions for upcoming Microsoft technologies too,” explained Govind Rammurthy, CEO and Managing Director, eScan. Rohini Sonawane, Chief Operating Officer of eScan, who played an instrumental role in obtaining the certification added, “These certifications drive us to develop innovative technologies that can help our customers secure their desktops and networks in this ever-expanding threat scenario. Being a part of the select gold circle makes us proud of our accomplishment and we are looking forward to accomplishing many more certifications.” n

The 2009 Midyear X-Force report also finds that: n Vulnerabilities have reached a plateau. There were 3,240 new vulnerabilities discovered in the first half of 2009, an eight percent decrease over the first half of 2008. The rate of vulnerability disclosures in the past few years appears to have reached a high plateau. In 2007, the vulnerability count dropped for the first time, but then in 2008 there was a new record high. The annual disclosure rate appears to be fluctuating between six and seven thousand new disclosures each year. n PDF vulnerabilities have increased. Portable Document Format (PDF) vulnerabilities disclosed in the first half of 2009 already surpassed disclosures from all of 2008. n Trojans account for more than half of all new malware. Continuing the recent trend, in the first half of 2009, Trojans comprised 55 percent of all new malware, a nine percent increase over the first half of 2008. Information-stealing Trojans are the most prevalent malware category. n Phishing has decreased dramatically. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets. In the first half of 2009, 66 percent of phishing was targeted at the financial industry, down from 90 percent in 2008. Online payment targets make up 31 percent of the share. n URL spam is still number one, but image-based spam is making a comeback. After nearing extinction in 2008, image-based spam made a comeback in the first half of 2009, yet it still makes up less than 10 percent of all spam. * Nearly half of all vulnerabilities remain unpatched. Similar to the end of 2008, nearly half (49 percent) of all vulnerabilities disclosed in the first half of 2009 had no vendor-supplied patch at the end of the period.

radar check

S E L E C T

WatchGuard XTM-1050

atchGuard XTM builds on the powerful UTM foundation of integrated firewall/VPN with virus and intrusion blocking, but extends security to provide spam blocking, spyware and bot protection, and URL filtering. It also includes enhanced suppor t for business technologies such as Voice over IP (VoIP), and is the only XTM product on the

market that offers inbound and outbound HTTPS inspection to increase content security coverage and close the HTTPS loophole. The XTM 1050 delivers strong security, high performance, flexible management tools, and advanced networking features, with integrated SSL and IPSec VPNs to ensure secure connectivity for remote workers.n

Matrix launches a range of security products

atrix recently launched a comprehensive range of security products designed to ensure effective safety, security and higher productivity for various organizations. The products encompass finger print and card based Access Control System - a hardware for access management; Time and Attendance System - a powerful software package for time and attendance management; and automated Fire alarm and Control System - a control panel to detect and warn against fire. H i g h l i g h t i n g t h e ke y considerations that went into the designing of the new Access Control System, Sajeev Nair, Product

Manager of Matrix Telecom, said, “The idea was to design a unique solution that offers foolproof security, flexibility, as well as reduces the implementation cost drastically. Its modular design offers unique scalability option and supports up to 5 million users. Unlike traditional solutions, Matrix Access Control Solution is based on IP back-bone and master-slave architecture. This ensures that installation is no more a pain area for integrators.” Among the new products is Matrix Cosec Sigma, a state of the art Access Control System designed to provide comprehensive access control and time & attendance solution for medium and large enterprises. This versatile product comes with a Web-based Management Software that can monitor and control up to 1000 locations, 75,000 Door Controllers and 5 million users in real time.n

Quick Heal 2010 series

uick Heal Technologies has announced the launch of new 2010 computer security series, including Quick Heal AntiVirus 2010, Quick Heal Internet Security 2010 and Quick Heal Total Security 2010. Focused on giving the best user experience, Quick Heal 2010’s series is much lighter, faster and smarter than its previous versions. Lighter in terms of lesser memory usage during operation and an enhanced engine that performs faster scanning and quicker updates. Advanced technologies implemented in the enhanced scan engine help in deeper scanning of threats which was not possible in earlier versions making it smarter and ready to fight latest threats. “Quick Heal’s 2010 product line will give more advantage to users in fight against cyber criminals” says Kailash Katkar, CEO, Quick Heal Technologies. “Quick Heal 2010 series

DIGIT CHANNEL CONNECT

NOVEMBER 2009

will also be compatible to Windows 7 and make optimal use of this new operating system from Microsoft” Quick Heal 2010 has new features like advanced memory scanning, pen drive protection, browsing protection and entertainment mode. New advance memory scanning now scans the system memory deep at kernel level which makes sure even Rootkit drivers get detected at user mode. In this new release Quick Heal’s new unique feature automatically stops all kinds of malware from getting executed when an infected pen drive is plugged into the computer. Quick Heal 2010 – browsing protection feature helps prevent browser from visiting infected websites. Additionally, the Firewall is enhanced to protect users from hacking etc.n

S E R I E S

ZyWall USG 100

yWall USG (unified security gateway) series products have integrated IPSec VPN (starting 25 tunnel till 2000 tunnel) and SSL VPN (starting 2 tunnel till 750 tunnel) technologies to allow the establishment of a Virtual Private Network (VPN) for SMBs as well as large businesses. The application patrol, for managing the use of IM/P2P applications and HA (High Availability) features, provide a new level of security for all businesses needs. The USG products come with multiple WAN settings from Dual WAN to Hex WAN. In addition to this, you may even integrate Dual 3G adapter as WAN on the same product. With a market customer price of Rs 62,000, ZyWall USG 100 is available at ZyXel regional distributors, including Usha Infotech in North India and Ransys Bios in Tamil Nadu.n

Security, governance products from CA CA Inc recently announced new product releases and integrations designed to help strengthen IT security, lower costs of managing compliance, and improve enterprise-wide IT risk management. The products and integrations include: n CA Access Control 12.5 with new features to deliver comprehensive privileged user management and enhanced host access control; n Improved integration of CA Identity Manager 12.5 and CA Role & Compliance Manager 12.5 for more streamlined identity lifecycle management, including innovative Smart Provisioning capabilities; n CA DLP 12.0 with extended discovery, protection, and control of sensitive data, and new integrations to complementary solutions; demands; and n CA Governance, Risk & Compliance Manager 2.5 with new features to further strengthen its role as the primary platform for management of IT risk and compliance information and initiatives. “The explosion of data growth and the increase in regulations have created unprecedented security and compliance challenges for organizations,” said Dave Hansen, corporate senior vice president and general manager, CA Security Management.

radar check

S E L E C T

S E R I E S

QUICK VIEW

Cyberoam launches endpoint data protection solution

yberoam, a manufacturer of Identity-based Unified Threat Management (UTM) solutions, announced the launch of its End Point Data Protection suite to secure corporate data and manage IT assets. This suite extends Cyberoam’s security protection from the gateway to the endpoint, marking its presence as a complete security provider. The extensive use of removable storage devices and file sharing applications makes end points the most vulnerable areas with research statistics showing more than 50% data loss incidents originating at end points. The average total cost of a corporate data breach stands at $6.3 million and lost business accounts for 65% of breach costs, according to a study by the Ponemon Institute. End point data protection is thus increasingly being recognized as the critical immediate step in cutting data losses and delivering immediate ROI. Cyberoam’s End Point Data Protection suite fills the gap for a dedicated end point security solution with available solutions being highly priced and targeted at the enterprise segment. Supporting up to 3000 users, Cyberoam meets the data protection requirements of SMB and enterprise segments. Tushar Sighat, Vice-President – Operations, Cyberoam, said, “Blended threats do not distinguish between the gateway and the end point to gain entry. With the launch of the end point data protection suite, Cyberoam will secure organizations at the gateway and the desktop, offering a single, complete security cover for organizations.” Cyberoam’s End Point Data Protection suite consists of four modules - Data Protection and Encryption, Device Management, Application Control and Asset Management. With its policy-driven data protection and asset management, the suite delivers Identity and group-based policy control as well as activity logging to provide comprehensive control and visibility of data transfer over removable devices; applications; chat applications such as Skype, MSN and more; network sharing and printers.

DIGIT CHANNEL CONNECT

Speaking about opening of new opportunities for channel partners, Sighat said, “Cyberoam is the first in India to offer Data Protection and Asset Management in a single solution, meeting customer demand for a comprehensive, easy-to-manage solution. Our end point solution opens a whole new opportunity for channel partners for revenue generation and expanding the customer base. In fact, a poll of our global partners revealed that 59% wanted end point data protection including asset management from Cyberoam in their portfolio.” Even as Cyberoam offers com-

Tushar Sighat, VP-Operations, Cyberoam

prehensive control with role-based access to removable devices and applications, its real benefits come in the form of high granularity in defining customizable whitelists and blacklists. User identity-based control over file handling, granular controls over data transfer based on user, group, time, file name, type, size, location, extending its controls outside the network in addition to creation of shadow copies ensures that Cyberoam delivers effective data security. Encryption and decryption controls of the file or removable device prevent data leakage through loss of device or malicious transfer of data to unauthorized end points. The Asset Management module for Windows enables organizations to take automated hardware and software inventory in addition to automating patch management, handling bug fixes across the network irrespective of the geographic location.n

NOVEMBER 2009

73% OF INDIAN COMPANIES FEAR THAT A SERIOUS DATA BREACH CAN PUT THEM OUT OF BUSINESS.

47%

INDIAN ORGANISATIONS SUFFERED MORE THAN 20 SECURITY INCIDENTS IN THE PAST ONE YEAR.

TROJANS ACCOUNT FOR MORE THAN HALF OF ALL NEW MALWARE. CONTINUING THE RECENT TREND, IN THE FIRST HALF OF 2009, TROJANS COMPRISED

55%

OF ALL NEW MALWARE, A NINE PERCENT INCREASE OVER THE FIRST HALF OF 2008. SOURCE: IBM X-FORCE 2009 MID-YEAR TREND AND RISK REPORT

Kingston’s DataTraveler Locker+ allows portable security at lower cost

ingston Digital Inc, the flash memory affiliate of Kingston Technology Company Inc, has announced the release of the DataTraveler Locker+ USB flash drive. The DataTraveler Locker+ allows companies of any size to secure mobile data with the ease and confidence of knowing that their data is encrypted and safe. The DataTraveler Locker+ also comes at a lower cost in times of shrinking IT budgets, making it ideal for budget-conscious companies. “Kingston created this drive to address the rise in data loss and theft which has been a growing problem with expensive consequences. This device gives companies a solution that is not only affordable but provides peace of mind in securing mobile data,” said Nathan Su, Flash Memory Sales Director, APAC Region, Kingston. “The DataTraveler Locker+ encrypts 100 percent of the contents and is available at a price point that is very attractive for all entities looking to comply with corporate security policies.” Data on the Kingston DataTraveler Locker+ is secured with 256-bit hardware-based AES encryption. Access to the drive’s contents is through a simple to use interface requiring a complex password. The likelihood of successful brute force attacks on the DataTraveler Locker+ is reduced as the drive locks down and reformats after 10 incorrect password attempts. The 100 percent encr ypted DataTraveler Locker+ ships in up to 32GB capacity. For companies in need of a partitionable area on the USB drive for public sharing (e.g., within an office setting), Kingston offers the DataTraveler Locker which allows both a public and encrypted zone. Kingston also ships the DataTraveler Vault – Privacy Edition for enterprise and government customers requiring a speedier, more robust Flash drive. It is also waterproof and Trade Agreements Act-compliant. Kingston DataTraveler USB drives are backed by a five-year warranty and free tech support. T h e f l a s h d r i ve s are available from HCL Infosystems, Compuage Infocom, Transtek Infoways, Shree Pati Computers and Sunrise Infosolutions.n

S E L E C T

S E R I E S

survey

TAKING PULSE THE

To find out what the solution providers who sell and implement security products think about the opportunities and trends in this segment, DCC conducted a survey

across India. Of the hundreds of responses received, a total of 92 respondents were shortlisted whose answers were found to be complete in all respects. The results are compiled and presented here. Look out for some interesting insights.

DIGIT CHANNEL CONNECT

NOVEMBER 2009

top view

S E L E C T

THE

Protecting information is not only necessary, it is also an ethical and legal responsibility of every business. An organization owes it to all its stakeholders, including itself, to protect all forms of proprietary and confidential information from both internal and external breaches. And since information is useless unless it is accessed, you can’t securely hide it behind a lock and throw away the key. Information has to be shared

DIGIT CHANNEL CONNECT

NOVEMBER 2009

and used – but only by those who are authorised to do so. Information security is becoming ever more difficult due to heterogeneous IT environments, an increasing number of endpoint computing instruments such as laptops, mobile phones, PDAs and the like, and a rise in the number of people who want to make quick bucks by supplying unauthorized information and misusing it. According to the latest Symantec

S E R I E S

report on Internet Security Threats, more electronic records were breached in 2008 alone than in previous four years. But we can’t put all the onus of information security breaches on the attackers. Of more than 35 million data records that were breached in 2008 in the US, a majority of the lost data was neither encrypted nor protected by a password, says a 2008 report of the Identity Theft Resource Centre. Further, the Symantec Internal Security Threat Report XIV of 2008 says that of the 5,491 vulnerabilities documented by its researchers, 80 percent could be classified as easily exploitable. Another report by Symantec and Ponemon Institute, in which employees who either lost or left their jobs in 2008 were surveyed, reveals that 59 percent of them admitted to having stolen confidential company information. This means there’s a gap between “want to protect information security” and “none, barely or actual” deployment of information security solutions in organizations. Because of the growing number of threats and breaches – and a growing awareness of the same among enterprises – there’s still a huge demand for information security solutions, the recent economic conditions notwithstanding. According to the “Global IT Security Market Forecast to 2013” released by ReportLinker, the global market for IT security grew in 2008 despite recession. It estimates the global IT security

top view market to be more than $54 billion in 2008, which is expected to grow at a CAGR of about 11% from 2009-2013. According to an IDC May 2009 survey of IT Executives and CIOs in Australia, India, Korea, China and Singapore, more than two-third of respondents indicated that security software will be a key focus in order to address threats and improve compliance. Besides software, another key component of the overall security market is going to be – no surprises here – the most-talked-about Unified Threat Management (UTM) appliances that provide layered, unified security at the network level. UTMs will make up 33.6% of the total network security market by 2012, as per another IDC report. In the Indian market, much of the growth and volumes in the informa-

tion security market is expected to be contributed by SMBs – who are finding it increasingly essential to secure their data and systems if they want to pursue their growth ambitions. It is estimated that a major information security threat to businesses and government agencies will come from the remote workforce using home/public PCs, PDAs and mobile phones. While the flexi-benefits of a remote workforce is only going to make more companies empower their employees to work away from their desks, the phenomenon also forces an organisation to relinquish some of its information security control. Add to this the use of sites and apps such as Facebook, Twitter, Google Apps, LinkedIn, etc, by businesses, and you have a scenario where an organi-

Of more than 35 million data records that were breached in 2008 in the US, a majority of the lost data was neither encrypted nor protected by a password.

zation is saddled with unmanaged PCs and smartphones, as well as unmanaged social media networks. In view of these new developments, layered, centralized security solutions that provide multiple touch points within as well as around the network will be necessary. With wider adoption of cloud computing, social media networks and virtualization, data will become more vulnerable to unauthorised access. Which is why information-centric security, rather than container-centric security, will be the pressing need of organisations. Needless to say, over the next few years, security vendors are going to rely more and more on channel partners to sell, implement and support a diverse mix of products and services. n

SECURITY VENDORS DIRECTORY Vendor Name

Site

Solutions Provided*

AEP Networks Inc

www.aepnetworks.com

Secure Voice and Multi-service Datacom Solutions, Encryption and Authentication, Hardware Security Modules

Alwil Software a.s.

www.avast.com

Antivirus Software, Data Recovery Tools

AVG Technologies

www.avg.com

Antivirus, Antispyware, Internet Security

Barracuda Networks

www.barracudanetworks.com

Content Security, Antivirus, Antispam, Firewall, SSL VPN

www.ca.com

Access Control, Identity Management, DLP, Mainframe Security, Antivirus, IPS, SOA Security, Security Management

Cenzic Inc

www.cenzic.com

Application Security, Risk Management

Check Point Software Technologies Ltd

www.checkpoint.com

Security Appliances, Security Gateways, Security Management, Endpoint Security, Software Blades

Elitecore Technologies Ltd

www.elitecore.com

UTM Solutions

FaceTime Communications Inc

www.facetime.com

Security solutions for Web 2.0 apps such as social media, instant messaging, P2P networking, audio/video sites

Fortinet Inc

www.fortinet.com

Network Security Software, UTM, Business Network Security

F-Secure Corp

www.fsecure.com

Internet Security, Mobile Security

IndiaAntivirus

www.indiaantivirus.com

Antivirus, Antispyware, Content Security

K7 Computing

www.k7computing.in

Antivirus, Antispam, Firewall

Kaspersky Lab

www.kaspersky.com

Antivirus, Antispam, Internet Security, Mobile Security

McAfee Inc

www.mcafee.com

Antivirus Software, Intrusion Prevention Solutions

MicroWorld Technologies Inc

www.mwti.net

Antivirus, Content Security Software, Firewall

Panda Security

www.pandasecurity.com

Antivirus, Internet Security, Cloud-based Security

PGP Corp

www.pgp.com

Encryption Software, Enterprise Security Solutions

Quick Heal Technologies (P) Ltd

www.quickheal.co.in

Antivirus, Antispyware, Antispam, Internet Security

RSA Security#

www.rsa.com

Secure Access, Identity Management, Encryption, Authentication, DLP, Digital Certificates

SafeNet

www.safenet-inc.com

Content Security, Encryption, Authentication

SonicWall Inc

www.sonicwall.com

UTM, Antispam, Email Security, SSL VPN, Backup and Recovery

Sophos plc

www.sophos.com

Antivirus | Security Software | Data Protection | Encryption Software for businesses

Symantec Corp

www.symantec.com

AntiVirus, Anti-Spyware, Endpoint Security, Backup, Storage Solutions

Trend Micro Inc

www.trendmicro.com

Antivirus, Content Security Software

Unistal Systems

www.unistal.com

Antivirus, Data Recovery, Anti-theft and Tracking System

Verint Systems Inc

www.verint.com

Video Analytics and Management, Communication Interception and Analytics, Public Safety Solutions

VeriSign Inc

www.verisign.com

Internet infrastructure services for the digital world, SSL Certificates, Domain Name Services, DDOS Mitigation, Identity Protection

WatchGuard Technologies Inc

www.watchguard.com

UTM, VPN Security Solutions, Content Security

Websense Inc

www.websense.com

Web security, email security, data security

Note: Not a comprehensive listing; some big names are missing from this list because it focuses on players for which security is a primary or significant business. Others may have been left out due to space constraints. * Compiled from vendor websites; only indicative of solutions and does not show entire portfolio # Started as an independent vendor but now a division of EMC Corp

DIGIT CHANNEL CONNECT

NOVEMBER 2009

authentication and idp

I The growing complexity and severity of online threats imply that enterprises large and small will have to look beyond simple firewalls

t is truly said that the past teaches good lessons. In the olden days, kings used to defend their assets by building high walls around their castles and putting heavily-armed soldiers at the top. Today’s enterprises guide their information assets just as zealously – albeit with the use of modern data security technologies rather than the stout sentinels. With the pace at which online threats are getting complicated and fierce, enterprises are bound to opt for mechanisms/solutions that can help them detect and prevent the everincreasing attacks. Authentication and Intrusion Detection and Prevention (IDP) are two key measures companies are looking at to keep their data safe from security threats and intruders.

alerts the network administrator and the IPS stops potentially dangerous data entering the network. The two are often termed an IDPS. With the help of an IDPS, users can monitor activities for malicious or unwanted behaviour and can react, in real-time, to block or prevent those activities. Furthermore, IDPS help monitor and analyse both user and system activities; assess system and file integrity; has the ability to recognise patterns typical of attacks and even track user policy violations. IDPS solutions are primarily focused on identifying possible incidents that can occur with accessing websites, logging information about these accidents, attempting to stop them, and reporting them to security administrators. In addition, organisations use IDPS for identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies.

NO TRESPASSING CHARU KHERA

Intrusion Detection and Prevention

An Intrusion Detection and Prevention System (IDPS) comprises an IDS (Intrusion Detection System) and an IPS (Intrusion Prevention System). An IDS detects suspicious activities, whereas IPS is designed to take immediate action on such activities (such as blocking a specific IP address). The IDS

DIGIT CHANNEL CONNECT

NOVEMBER 2009

Growth drivers Recent breaches in security have shown that having an antivirus or firewall solution alone is not sufficient for an organisation’s security. Providing insights on the same, Vishal Dhupar,

feature MD, Symantec India, says, “IDPS complements various security mechanisms (adopted by enterprises today) by offering significant detection and prevention capabilities against external attacks and internal policy abuse. This has well been accepted by enterprises – both large and small – and they are adopting IDPS solutions to ensure an integrated security strategy for multi-tiered protection.” As per industry watchers, the most crucial factor driving the growth of IDS/IPS solutions among Indian enterprises is the constant onslaught of new worms and viruses that exploit vulnerabilities of a system. Apart from this, as end-point devices become more and more sophisticated and diverse, large enterprises as well as SMBs will have to provide an effective way to address risks emanating from employees taking data from their workstations to their personal devices using Bluetooth, USB or CD/DVD. An IDPS is the way out.

Challenges IDPS solution providers have seen high revenue growth but challenges remain. Says Govind Rammurthy, CEO and MD, MicroWorld Technologies, “We expect to see a lot more of mergers and acquisitions, leading to consolidation of technologies and products into single platforms. Challenges for vendors will be to educate the SMBs on various emerging threats and ways

A QUESTION OF TRUST As per a recent survey done by Forrester in association with VeriSign, out of 324 global IT security decision-makers, 70 percent reported that their current authentication methods are related to their customers’ degree of trust in their offerings. 80 percent of respondents said that line-of-business managers believe that the establishment and retention of customer trust is a business requirement. Moreover, given the importance placed on securing trust, it is not surprising that 60 percent of those surveyed reported that this objective was supported with a specific technology or policy implementation. These investments included everything from more user-friendly and robust front-end application to new server, and overhaul of databases and customer education and usage safety ethics, as well as easier-to-use authentication processes.

to protect against them.” Both IDS and IPS are very complex in nature - both come in various configurations, each designed to address a particular intrusion-protection need. According to Saket Kapur, CEO of Delhi-based Green Vision, “IDPS as a technology has undergone a lot of enhancements over the years and the scenario will continue to be the same. That is why enterprises generally tend to have misconceptions in terms of expectations from IDPS.” Another crucial challenge that most enterprises face is lack of skilled manpower. More often than not, organisations do not have well laid-out response plans for the instance when an intrusion is detected and reported by the IDPS.

Channel opportunities Layered security is the key to protect any network – and addition of the IDPS tier will provide high growth opportunities to solution providers. Most partners believe that IDPS is a rapidly growing field and is the logical next step for many organisations after deploying firewalls at their network perimeter. Moreover, the success of an IDPS implementation depends, to a large extent, on how it has been deployed, which in turn provides great opportunities for channel players.

Authentication No business today is immune from phishing attacks and its devastating ef fects. A recent repor t by AMI indicates that close to 10 percent of all global phishing activities specifically target India. Another report by AntiPhishing Working Group (APWG) stated that in the first half of 2008, over 47,000 phishing attacks targeted over 26,000 unique domain names. As phishing attacks increase in effectiveness and present a real threat to the online community today, especially e-banking and e-commerce sites, strong authentication is needed to make these attacks ineffective. As per Wikipedia, authentication is the process of determining if a user or identity is who they claim to be. It is achieved with the help of either a password, a security token or biometric. Authentication has today largely become a measure for many large enterprises, SMBs as well as banks against fraud and identity theft. More often than not, people associate

authentication with passwords, but there are several mechanisms for authentication, including multi-factor authentication, website verification, security certificates, etc.

Business opportunities

Intrusion detection systems complement other security solutions.” VISHAL DHUPAR, MD, SYMANTEC INDIA

WITH THE HELP OF AN IDPS, USERS CAN MONITOR ACTIVITIES FOR MALICIOUS OR UNWANTED BEHAVIOUR AND CAN REACT, IN REAL-TIME, TO BLOCK OR PREVENT THOSE ACTIVITIES. A recent report by AMI indicates that close to 10 percent of all global phishing activities specifically target India.

Authentication is a very big market and experts believe that online banking and e-Governance are going to drive the future of this segment. Explaining the benefits of authentication, Rana Gupta, Business Head, India & SAARC, SafeNet, says, “Authentication solutions ensure that only authorised individuals access an organisation’s sensitive information - enabling business, protecting data, lowering IT costs, and boosting user productivity. With authentication, users can even strengthen VPN security for remote access and simplify password management and protection.” Authentication services provide enormous opportunities for channel. For one, Mumbai-based Allied Digital Services has tied up with Australiabased ValidSoft to offer authentication solutions in India. Says Bimal Raj, CEO of Allied Digital, “With the increase in the number of security breaches and transaction frauds, the need for authentication has become crucial for any enterprise today. Thus, it is the best avenue for channel to foray into.”

Market trends The pace at which online threats are increasing, a password-only approach provides a relatively low level of trust for consumers. Thus, two-factor authentication (known as 2FA) is being adopted by enterprises, which helps them add another layer of security and represents a higher level of trust between consumers and online businesses. Recent Reserve Bank of India guidelines calling for all online transactions to have an additional layer of security are speeding up the use of two-factor authentication among banks and e-commerce sites.

Challenges Most partners are of view that while the complexity of online threats is increasing, most companies find it challenging to understand and upgrade their existing systems. In many cases, despite its importance in maintaining customer trust, authentication remains a challenge due to the difficulty involved in the implementation and execution phase. n charu.khera@9dot9.in

DIGIT CHANNEL CONNECT

NOVEMBER 2009

authentication & idp “AUTHENTICATION MECHANISM SHOULD BE GIVEN HIGH IMPORTANCE BY DECISION MAKERS” Rajiv Chadha, Vice President, VeriSign India

Explaining the need for strong authentication policies in Indian enterprises, Rajiv Chadha shares with Charu Khera the outlook for the Authentication and IDP (Intrusion Detection and Prevention) market in India. Excerpts: DCC: What are some of the crucial factors driving the growth of authentication as well as IDP solutions in the Indian market?

The world we are living in today is an era defined by immediate access to information and services, irrespective of the connection—from our desk at work, our desk at home, or even when there’s no desk at all. People are collaborating, communicating, and interacting like never before. From e-commerce to financial services to healthcare, consumers are using the Web to accomplish everyday tasks online. But transmitting confidential, personal, or financial information over the Web can be risky, making businesses responsible to better protect their consumers’ digital identities. With the variety of individuals and businesses on the Internet, and the prevalence of online fraud, it is critical to know and trust the parties that you are doing business with. Hence, strong identity and authentication mechanism must be attached high importance by the decision makers in any organisation. Every day, identity thieves are getting smarter at tricking people into revealing their account numbers, passwords or financial information. Last year, 9.9 million fraud victims were tracked who lost an average of $4,849 in each incident. DCC: What is the current level of awareness on phishing attacks in India? How can it be raised?

Cur rently, the awareness level of Indians with regard to phishing

DIGIT CHANNEL CONNECT

attacks and other cyber threats is significantly low. As per a recent survey commissioned by VeriSign, 76 percent of Indian web users are unable to spot phishing sites. Hence, as the first recommended step, awareness needs to be built-in. This can be accomplished by engaging with the mass base of Internet users via information that helps them understand their vulnerability and threats online. The Indian Internet users must be made to realise that only when armed with the right information and simple precautionary measures, consumers can freely and rightfully surf and transact on the Internet and keep their valuable personal information intact. VeriSign has recently launched ‘TrustTheCheck.com’, a website devoted to helping consumers keep safe as they surf the web. The website presents the tips and techniques consumers need to safely shop, bank, trade stocks and book travel online. DCC: RBI has issued guidelines that all online transactions should have an additional layer of security apart from the one already present. How does this provide a business opportunity for VeriSign and its partners?

More than an immediate business opportunity, the RBI guidelines have certainly highlighted the need for more secure transactions on the Internet. It is a guideline in the right direction, and helps in raising the trust on the Internet, an imperative for enabling e-commerce to flourish in India. However, it is too

NOVEMBER 2009

Last year, 9.9 million fraud victims were tracked who lost an average of $4,849 in each incident.

76% OF INDIAN WEB USERS ARE UNABLE TO SPOT PHISHING SITES.

early to say whether the technology implemented is correct or not. The password put in place is static, which again is risky if a fraudster is able to lay hands on someone’s password. There is a need to bring dynamic passwords in picture, because static passwords cease to be secure once stolen. DCC: What are some of the key challenges in creating awareness among channel partners?

We must constantly focus on imparting value addition to the knowledge base of channel partners about the need for strong authentication tools that hold preference among business houses across sectors. We believe training the partners and helping them understand the threats and solutions in the area of online security will help them secure better business and assist them in achieving their growth objectives. DCC: Do you think the lack of a large and active e-commerce base is holding back the market for authentication solutions?

Authentication services are now a must for not only the e-commerce space but across verticals on the Internet, wherever an identity creation is required - even at a Social Networking site. An unrelenting demand for real-time information from employees, partners, and customers has put an enormous pressure on businesses and IT organisations to adopt the strongest authentication solutions. n charu.khera@9dot9.in

data storage & loss prevention

ACHIEVING

TOTAL PROTECTION Changing work environment and evolving malware necessitate a comprehensive approach to data protection.

or any company - from startup to large enterprise - information is a main corporate asset. However, the globalized and open nature of modern business also means that corporate information and the intellectual property that it contains - exists in more formats, is more accessible, and more exposed than ever before. No longer is data confined within the physical walls of a company, it is now easily copied, shared, and stolen. Corporate information is typically managed in structured databases and documents. However, the majority of information resides in unstructured form, such as emails and images,

DIGIT CHANNEL CONNECT

NOVEMBER 2009

making it much harder to know where sensitive data is actually located throughout the enterprise. In addition, dramatic changes in the way people communicate and collaborate are changing the way in which information is being created and accessed. For example, increasing numbers of wireless and mobile users with portable storage devices pose challenges for IT in controlling how and where information is used. These highly portable devices can be lost or stolen more easily, placing valuable information in the hands of external parties. Technologies such as P2P, streaming media, social networks, and instant messaging have further broadened the

amount of unstructured information being transferred in and out of the enterprise. For example, users can inadvertently reveal sensitive information from images posted on their profile pages. All these changes mean that IT management requires a more effective approach towards data protection in the enterprise. And while digital trails can help determine how a data breach occurred, it is more important for enterprises to have preventive measures that actively safeguard against such breaches from happening in the first place.

Need for new safeguards The occurrence of data breaches can be classified under two scenarios. The first involves breaches triggered by an external source. This may include direct network intrusion, phishing scams delivered via spam email or social networks, as well as delivery of malicious software in the form of viruses, worms and

white paper Trojans to compromise the organization’s IT infrastructure. The second scenario occurs from within the organization (whether accidentally or deliberately), such as the exposure of sensitive corporate data contained within files and communications sent by employees, or lost hardware that contain portable storage media (e.g. laptop hard drives, CDs, USB drives). In a typical enterprise, technologies already in place, such as firewalls, intrusion detection and prevention (IDP) systems and virtual private networks (VPN) focus on preventing outside threats from entering the enterprise network. However, these systems fail to protect against internal threats that originate from infected employee machines or outgoing communications from inside the network. In addition, security solutions such as Network Access Controls (NAC) only focus on initial posture assessment and authentication of the employee’s endpoint. Once a user is authenticated, he or she is no longer monitored and can act in ways harmful to the network.

Multiple loss vectors Data can end up in the hands of unauthorized users through the following channels: Data Stealing Malware. Endpoint solutions and pattern file deployments alone are inadequate to protect businesses. Today, data-stealing malware circumvents industry-standard enterprise security solutions by exploiting their weaknesses with sophisticated methods of attack that evolve rapidly and make use of multiple modalities. Various methods employed by cyber criminals include hiding malicious programs within intriguing emails, redirecting users to fake websites that ask for login details, and sneaking data-stealing malware into corporate networks where they can remain undetected for months. Te c h n o l og i e s s u c h a s i n t r u sion detection (IDS) and intrusion prevention systems (IPS) monitor behaviour with the objective of identifying unusual or suspicious activity or network anomalies. But these methods can evade detection by “hiding” commands in regular port 80 traffic or TCP/IP packets. Upon gaining entry, hackers can then install sniffer programs that allow it to intercept keystrokes and other data being transmitted over the

network. This method can avoid detection for an extremely long time, provided the hacker does not become overzealous in bandwidth utilization. According to TrendLabs, Trend Micro’s global network of research, development, and support centres, there was a 1,731% increase in web threats between 2005 and the first quarter of 20082. Based on this, an organization’s defences will need to detect over 26,598 new threats every hour by 2015 to keep up (see graph). Stolen and Loss of Equipment. As it is easy to copy and carry critical enterprise data using to laptops, USBs, and other portable storage devices, one of the most significant sources of information loss comes from employees who misplaced their hardware. Even the most stringent firewall, IPS, or VPN cannot protect these corporate data assets when they can be simply carried beyond the physical boundaries of the enterprise. Equipment theft is a major concern with 28% of data breaches due to stolen equipment such as laptops and computers. Accidental Exposure from Within. Email systems, file transfer systems, instant messaging systems, blogs, wikis, Web tools, and other applications are now used as part of everyday business communications. However, without proper controls over what can and cannot be sent, confidential information such as trade secrets, designs, proprietary processes and other knowledge assets can be easily exposed to outsiders. In addition, disgruntled employees may even actively seek to remove data that they consider to be useful such as customer lists and emails.

According to TrendLabs, there was a 1,731% increase in web threats between 2005 and the first quarter of 2008.

EQUIPMENT THEFT IS A MAJOR CONCERN WITH

28% OF DATA BREACHES DUE TO STOLEN EQUIPMENT SUCH AS LAPTOPS AND COMPUTERS.

Damages from data breaches Data breaches could have serious consequences for enterprises. Besides the lost data itself, the results could be downtime, reduced productivity, and costly clean up, with immediate damage to a company’s reputation and customer loyalty. Taking all these follow-on costs into account, a 2007 study by the Ponemon Institute found that the loss of customer records costs an organization an average of $197 per lost record, and that the average business loss for a large organization that suffers a data breach is as high as $4.1 million. According to Gartner, “organizational costs of a sensitive data breach will increase 20 percent per year over the next two years through 2009.” In light of these alarming numbers, it should be obvious that the cost of a data breach can far outweigh the investment in advanced security solutions designed to prevent them from happening. Yet, many firms still do not have the right level of data protection technologies in place. According to a survey conducted by Osterman Research during April 2008, only 49% of organizations have deployed these capabilities.

Strategy for total protection Trend Micro recommends a fivestep process that will serve as a useful starting point for incorporating data protection solutions:

Classify:

What digital assets do you want to protect? Speak with line of business owners to understand what information they want protected, watched, and ignored as they have the knowledge of how data is used on a day-to-day basis. However, sensitive data may differ by business segment or region. Identify escape methods: What are the channels from which sensitive information might escape? Identifying channels of escape is really a function of how data is used in an environment. How data is moved around in an organization and the business processes the organization has created around that data, both give an idea of how data may escape. Discovery: Once sensitive data (and escape methods) have been defined for your organization, automated scanning technologies can be deployed to locate the data itself, whether it resides in file shares, databases, emails, content management systems, laptops, USB drives, CDs, and more. Data can then be marked according to the level of sensitivity. Develop policies: What are the remediation steps needed when sensitive data is encountered? What data should be ignored? While government regulations provide a baseline policy for sensitive data, additional allowances and restrictions will need to be put in place depending on unique business processes. For enterprises starting out with DLP solutions, certain policies can be made to start in a monitor-only mode. Monitor/Report/Refine: Long-term effectiveness relies on a process of monitoring, reporting on events, and refining policy. Initial rules for endpoint policies may be adequate, but they may result in some unintended consequences, as some legitimate events may be identified inadvertently as violations. Monitoring the company’s networks, systems and users can help flag these events to enable policy refinement. n Courtesy: Trend Micro

DIGIT CHANNEL CONNECT

NOVEMBER 2009

data storage & loss prevention

“UNSTRUCTURED DATA IS THE WEAKEST LINK IN ANY ORGANISATION” Surendra Singh, Regional Director, SAARC, Websense

Surendra Singh foresees a consolidation of the data loss prevention (DLP) market in India in the next few years, besides promising growth in the adoption of various DLP tools. Excerpts from an exclusive interview to Soma Tah: DCC: How mature is the DLP market in India currently?

The DLP market is gradually getting mature in India. Though businesses were wide awake of the repercussions of their sensitive and confidential data getting leaked earlier also, still they did not have the right tools which could help them put a stop to that. But now they have the right technology available to handle those confidential data, and they know exactly what to secure, how to secure, what tools to deploy and how complex is the deployment and the associated costs. We have been working on few large projects at present, which I consider to be a very positive sign of recovery considering the economic depression causing very slow adoption last year. DCC: What are the factors driving growth in the DLP space?

Today people’s notions towards data have changed drastically and I can see it has become an important element of both the reactive and proactive security measures taken by the companies to protect their business critical data. In fact, that there are different objectives behind the adoption of data protection measures by different organizations. There are organizations that would not wait for some data seepage to happen and would not like to see their names getting flashed in the newspapers before going for a dedicated solution. While some

DIGIT CHANNEL CONNECT

companies would use it as a tool to instill some best practices among their employees, some would use it as a tool to prevent further damages. To sum up I would say there are three major drivers –first, the strategy not to let the confidential information out of the organization and go in the wrong hands; second, the compliance with laws and other regulatory requirements (the latest has been the IT Act 2000 Amendment); and third is a purely tactical reason, as some companies use it as a forensic tool to differenDLP can tiate between good and bad employees. DCC: What do you think are the major concerns of businesses in terms of storing, managing and protecting their business-critical data? How effective is a DLP solution in addressing them?

Customers have already implemented the identity and access management to protect their stored data, as the technologies in this field are matured enough. The real challenge is to make these tools widely available and accessible for the businesses and dealing with unstructured data which is probably the weakest link in any organization. These unstructured data in the form of e-mails and Word documents need to be managed carefully to prevent data leaks and DLP solutions can be very effective in dealing with such unstructured data. DCC: What are the new trends emerging in the DLP space and what are the most-sought-after features?

Vendors are taking a comprehensive approach towards data security and hence looking to integrate DLP with

NOVEMBER 2009

be very effective in dealing with securing unstructured data VENDORS ARE TAKING A COMPREHENSIVE APPROACH TOWARDS DATA SECURITY AND HENCE LOOKING TO INTEGRATE DLP WITH OTHER SECURITY FEATURES.

other security features, so that the customers can get maximum protection out of it. For example we have integrated DLP with web security to give data protection and I see aligning endpoint security with the DLP can bring a significant amount of growth. But the vendors need to strike a balance somewhere, as the solution can become increasingly complex and increasingly difficult to manage. May be the benefits would be high, but one has to keep it in mind that the costs would also go so high that the solutions would not be worth having. Automated data identification and classification is another emerging trend which will ensure the ROI from the day one of the installation. Among the other features, the accuracy of the data identification system and the robustness of reporting are the two very important factors that the customer needs to consider before investing on any DLP solution. DCC: What kind of business opportunities are there for partners and what are the main challenges ahead?

Partners need to have a very sound understanding of technology. Partners should also have a very distinct skill set which can help them engage different departments for an effective DLP deployment, so that businesses can reap the benefits across the board. n soma.tah@9dot9.in

firewall and antivirius

S E L E C T

S E R I E S

The Indian firewall and antivirus market is currently dominated by companies such as Symantec, Kaspersky, AVG, K7 Computing, McAfee, Quick Heal and Trend Micro, among others. These companies are taking active steps to educate users on the necessity of antivirus and firewall.

Market trends

THREATS =

Opportunities Antivirus and firewalls are the most simple and effective ways to prevent systems from everincreasing online threats. For partners, this means a continuous string of opportunities. CHARU KHERA

he Internet today has become an integral part of personal and business communication, entertainment and productivity. But the increasing sophistication, complexity and functionality of the Web has created many new opportunities to exploit its users. According to Peter Baxter, Vice President – Business Development, AVG Technologies, “Today, 60 percent of all technological threats are web-based.” “A threat landscape once dominated by e-mail borne spam and viruses has now been replaced by fast-moving attacks, which infect even legitimate websites and pages,” explains Baxter. Moreover, cyber-criminal activities are continually growing. Gartner recently reported that new threats have increased from 30,000 to 50,000 on a single day. As per another research conducted by AVG research labs, on any given day, 8-14 million unique users worldwide are exposed to social engineering scams. As the Internet percolates deeper into our lives, this number will continue to rise. Furthermore, Web 2.0 applications also make an organisation much more vulnerable to a host of risks.

DIGIT CHANNEL CONNECT

NOVEMBER 2009

Most experts in the industry advise that antivirus and firewalls are the most simple and effective ways to prevent PCs/laptops from these ever-increasing online threats. As per Wikipedia - an antivirus is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. A firewall, on the other hand, is a part of a computer system or network that is designed to block unauthorised access while permitting authorised communications. As Ajay Verma, Director Channels and Alliance, Symantec India, says, “A firewall is designed to provide proactive, enterprise-class network and application-level protection which enables faster and secure Internet connectivity. It protects the enterprise from both known and unknown attacks, due to its stringent standards-based approach. The solution integrates full application inspection, application-layer proxies, stateful inspection, and packet filtering into a unique hybrid architecture which protects against complex blended threats and denial of service attacks by default.”

Both firewall and antivirus segments account for an ever-increasing portion of the IT spend by enterprises as well as SMBs. The Indian antivirus industry has evolved over years to keep pace with a wide variety of threats, which a PC user faces, on a daily basis, when connected to the Internet. Online users have to fight different kinds of viruses such as Spyware, Trojans and other malicious contents, which can delete as well as damage data, and also lead to the loss of personal and financial (credit card/ Internet banking) information. Most laptops and desktops today come pre-installed with evaluation (90-days) versions of antivirus solutions. This means that at the end of the evaluation period, the customer has to either renew the license (using his credit card on the Web) or purchase a new antivirus. As per reports, in India, most customers end-up buying a new antivirus. However, there are many who download antivirus products which are available free of cost on the Internet (only for a limited period of time), which normally provides limited protection from various security threats. However, home PC users (mostly first-timers) lack the knowledge and awareness for having a good antivirus solution installed in their PCs/laptops. However, with regular usage and experience, most users realise the need for a good antivirus and end-up purchasing one. This is also similar in case of firewalls. Every Windows PC comes preloaded (by default) with Windows Firewall option. It provides a basic level of security to online users, but for stricter control, it is always good to adopt a third-party firewall. Organisations should be extra cautious while choosing a firewall as it saves its important data from all kinds of online attacks. “A firewall is a must-have safeguard for PCs, and most system integrators and vendors believe that firewalls will continue to be an emerging trend among Indian enterprises as well as SMBs. Though the level of threat in India is not as high as it is in the US,

feature organisations in India (large as well as SMBs) are waking up to various online security concerns,” says Saket Kapur of New Delhi-based Green Vision. Moreover, traditional firewalls are no longer sufficient protection against the evolved threats of today. As social engineering scams including phishing attacks become more sophisticated, firewalls of today have to keep up and keep threats at bay. “Today users value convenience and do not like a firewall that is obtrusive. Hence, vendors should develop a quieter, unobtrusive firewall that incorporates a new database of trusted sites and applications that allows the firewall to take decisions without users’ inputs,” explains Baxter.

Market challenges In India, most users generally are not abreast with the growing sophistication of web-threats and thus continue to use age-old and out-dated methods or antivirus trial products. This lack of user awareness and education are the biggest challenges that the industry vendors as well as channel partners are facing today. Besides, with limited knowledge, customers’ expectations from entry-level antivirus as well as firewall products are high, even though it is equipped to meet only the basic requirements.

GROWTH DRIVERS A few research analysts believe that with the evolution of many innovative technologies, antivirus software is dead. However, there is a counter argument that end-point security is evolving as a function of the changing online threat landscape. The growth in the firewall as well as antivirus market in India is fuelled by the ever-increasing volume and complexity of online threats. Another key driver is the growth in online transactions, especially in segments such as financial services, travel and hospitality. Many international vendors are cashing in on this opportunity by launching their solutions in the Indian market. Among the players that have already made a strong mark have been adopting innovative practices to attract a larger customer base. For instance, Symantec has launched an antivirus solution specifically targeted at gamers. For vendors and partners alike, the next few years will continue to yield ample scope for play.

Price of the software solutions is another issue. Although, lucratively prices are available for home users, the large organisations are charged heavily for the solutions. Moreover, most people – both first time and experienced users -- fail to understand the importance of a good antivirus as well as firewall. This is the reason why most organisations either take drastic steps such as locking the computer access for USB drives/Internet access, or handing over the entire network security to the IT department. “Antivirus and firewall are our prime focus/vision for the next five years. It is a vastly untapped area. Majority of effective firewalls are out of reach for small enterprises because of the price factor. We are planning to come up with concept-based firewalls, wherein the customer can choose what all features they require for their firewall. The price of these concept based firewalls would be one fourth the price of imported firewalls,” adds Kapur.

Opportunities for channel Selling antiviruses and implementing firewalls has always been a preferred option for most channel partners considering the growth opportunities that dominate the space. According to industry estimates, the broadband subscriber market in India is expected to increase to 30.1 million by 2013 with a growth rate of 8.9 per cent. As the PC and Internet penetration continues to grow at a steady pace, channel, system integrators and vendors can avail this opportunity to make the cyber-environment safer for Indian users. “As the Internet market in India continues to grow, vendors should focus on developing technologies and solutions; implementing firewall for SMBs and enterprises that will pre-empt the growing sophistication of cyber-crime. However, to reach out to the vast Indian market, these vendors will need a robust channel network, thus providing the community with enormous business growth,” asserts Baxter. He further adds, “Moreover, with an increasing number of users becoming aware of the dangerous threats that lurk in today’s online environment, the demand for effective firewalls will continue to grow. Thus, providing a huge opportunity for vendors and channel partners. AVG is working towards tapping a larger network of resellers in order to meet this growing demand for comprehensive Internet security.”

As margins keep shrinking in the hardware segment, selling and implementing antivirus and firewall products and solutions can be a lucrative option for channels GOVIND RAMMURTHY, CEO AND MD, MICROWORLD TECHNOLOGIES

Concurring with him is Govind Rammurthy, CEO and MD of e-Scan who believes that as margins keep shrinking in the hardware segment, selling and implementing antivirus and firewall products and solutions can be a lucrative option for channels. K7 Computing expects antivirus market to grow at 19-20 percent CAGR with over 16 million home PCs as addressable market segment. “The security market in India is driven predominantly by assemblers and system integrators. As per reports, Indians are among the top five global online spenders. This means they are using credit cards freely on the Web. Moreover, Phishing (fooling users into thinking that they are providing vital information to a legitimate e-mail) and identity theft are unfortunately part of everyday life of an online user. Thus, the security market in India is expected to provide immense opportunity to channel players in the years to come,” said John Devasahayam, Executive Director, K7 Computing. Stating the channel view, Bharat Bhushan, CEO of Delhi-based RR Systems, which deals in many Internet security software, believes that anti-virus is the need of the hour. “Everyone likes to buy genuine products but most often the price does not allow the customer to avail the facility, therefore he has to move towards the cheap and inauthentic software. This has provided channel players great opportunities with the threats that invades users’ PCs/laptops,” he says.

The road ahead GARTNER RECENTLY REPORTED THAT NEW THREATS HAVE INCREASED FROM

30,000 TO

50,000 ON A SINGLE DAY

India has an installed base of about 40 million computers and an Internet user base of 45 million people. The trouble is that viruses, trojans and other form of security concerns spread from one computer to another via other ways than network access. This could be via USB drives or through infected CD/DVDs. But new technologies are now emerging to meet all online threats. Most enterprises believe in integrating systems into the firewalls and are domain-specific. In addition, India has finally woken up to the need for antivirus and firewall solutions. Even though the government has issued strict norms for IT frauds and cyber crime, it is for organisations to take appropriate steps to safeguard their own interest. With ease of availability of security software and the varieties available, organisations and users have simpler and better ways for protection. n charu.khera@9dot9.in

DIGIT CHANNEL CONNECT

NOVEMBER 2009

firewall & antivirus interview

“INDIAN ENTERPRISES ARE INCREASINGLY LOOKING AT ADOPTING ANTIVIRUS AND FIREWALL SOLUTIONS” Ajay Verma, Director, Channels and Alliances, Symantec India

In an exclusive interaction with Charu Khera, Verma talks about the growth opportunity as well as challenges in the firewall and antivirus space in India. DCC: DCC: What, according to you, are the key drivers for antivirus as well as firewall solutions market in India?

The Internet threat landscape is getting murkier by the day. While the burgeoning Internet adoption is a good sign, it brings with it a closet full of threats. This is especially true for a country like India, which is increasingly becoming the hub to carry out malicious activities Accordingly to the recently released Internet Security threat report by Symantec, much like the trend globally, India saw a substantial increase in its proportion of malicious activity in almost every category. India had the fifth highest number of broadband subscribers in the APJ region in 2008 and the third highest volume of malicious activity, with 10 percent of the regional total. The main reason for this is that the security protocols and measures to counter malicious activities are not in place in spite of the rapidly growing Internet infrastructure and burgeoning broadband population. Another alarming trend for Internet users in India is the online threat landscape being heavily infested with worms and viruses. All these threats are the key reasons why Indian enterprises are increasingly looking at adopting antivirus and firewall solutions. DCC: Quite often, SMBs do not update their antivirus solutions or prefer to use trial versions. How can vendors and partners address this?

I believe that large enterprises as well as SMBs are today realising that

DIGIT CHANNEL CONNECT

information is the lifeline to their business from a technology perspective. Symantec, in association with its partners try and educate customers the benefits and ways to protect their critical information, ie, by using various firewall and antivirus products and solutions. According to a recent study by AMI Partners, India’s SMBs are boosting investments in Internet-related products and services such as antivirus and firewall and these investments are on track to reach $1.26 billion this year, up 35 percent from last year. Moreover, as more and more SMBs explore and grow their business, backup and restore are their biggest pain points for them. In addition, data availability and secure backups are critical for SMBs as they rely on their data to run their business. Thus, most vendors and channel are increasingly partnering and connecting with SMB customers. DCC: Symantec recently conducted a survey on ‘Security in SMBs’, which indicated that though SMBs are aware of various security risks, they are not doing all they can to protect information. How do you plan to address this particular issue?

As per the report’s findings, Indian SMBs are aware of the need to protect their data but fall short in deploying measures to safeguard it. This is due to various reasons, primarily being inadequate budgets along with ineffective information security management at the operational level. But the scenario seems to be changing as more and

NOVEMBER 2009

Customers often rely on trial versions without realising that it would not be able to secure the system if not upgraded.”

10%

OF MALICIOUS ACTIVITY IN THE APAC REGION OCCURS IN INDIA

more SMEs conduct business internationally. Global competition will drive them to form symbiotic collaborative relationships and to improve efficiencies to access wider markets. DCC: What skill sets should a partner have to install and maintain firewall solution for its customers? How do you ensure adequate training for your partners so that they possess multidomain capabilities?

Awareness is a key to any challenge. Customers often tend to rely on trial versions of security solutions without realising that the solution would not be able to secure the infrastructure if there are any further upgrades in the system or new threats. Symantec usually offers trial packs of 30 or 60 days and on the expiry of the trial period the security solution becomes ineffective. At Symantec, we believe that our partners should have the following skill sets to install and maintain security solutions for its customers: Ability to educate customer s: Partners should be able to explain the benefits of using the upgraded version of security solutions to customers. They should also be able to establish the fact that a trial version is just created to demonstrate the functionality of a product and it needs constant upgradation for better functioning. Deployment of solutions: Partners should have the skill set to deploy solutions for customers and simultaneously educate them about the possible upgradation for better functionality. n charu.khera@9dot9.in

Unified Threat Management

rapidly changing threat landscape over the past few years has made businesses move on from a piecemeal approach towards security and look for a consolidated and comprehensive security measure instead. Unified security solutions like Unified Threat Management appliances (the term was originally coined by IDC) evolved as a logical way to tackle these increasingly complex threat vectors, especially blended ones that point solutions were unable to counter. Says Seepij Gupta, Analyst Software and Services Research, IDC India, â&#x20AC;&#x153;Enterprises are facing threats mainly at three levels - endpoints, networks and from insiders. Also, with the evolution of threats, the number of solutions required to guard the resources of an enterprise at all the three levels have also increased. This has led to consolidation of security offerings and led to the emergence of UTM appliance as a solution to the conundrum [of multiplicity of solutions].â&#x20AC;? A UTM appliance consolidates features of individual security tools, such as firewall, antivirus, antimalware, content filtering, intrusion

DIGIT CHANNEL CONNECT

NOVEMBER 2009

THE 360 DEGREE APPROACH TO SECURITY As businesses find themselves aching with multiple point solutions for security, UTM comes to the rescue as a single-box painkiller SOMA TAH

detection and prevention functions, etc, in a single rack mountable network appliance and thereby brings down the cost of buying point solutions. The cost-performance ratio works well for SMBs and branch office operations of

large organizations.

Growth across the spectrum Organizations these days require the highest level of gateway security because of an increasing usage of the

feature internet, hosted applications, Web 2.0 tools, and remote access. “While a user would use the internet for legitimate business applications, such as Sales Force Automation, CRM, Web conferencing, VOIP and HR applications, the same user may also be accessing P2P, Instant Messaging, Web mail and various social networking applications,” points out Mayur Trivedi, Regional Manager – Channel Sales, GajShield InfoTech (I) Pvt Ltd. Traditionally, UTMs used to be considered as a one-stop-shop offering for network security, typically for SMBs, which are exposed to similar kinds of threats as enterprises but who cannot afford to invest much on dedicated solutions. With its cost efficiencies and ease of manageability, UTM fits the requirements of SMBs very well. “Standalone appliances were the choice of many customers mainly due to the mindset that ‘all in one’ approach essentially provides a single point of failures. The Large enterprise segment with a high-performance and high-capacity requirement may ideally go for a software option that can be installed on their choice of hardware,” says Bhaskar Bakthavatsalu, Regional Director, India & SAARC, Check Point Software Technologies Ltd. But with rising performance and load balancing capabilities of UTMs through multi-core architecture, large enterprises have also started deploying UTMs in place of individual security solutions. “Even if some enterprises are hesi-

DRIVERS OF GROWTH E-business and e-commerce Regulatory compliance (CIPA, HIPAA, SOX, PCI DSS, etc) Convergence of system and network management Workforce is becoming more mobile as a result of corporate travel, which means more flexible work arrangements and thus an increase in end points Threats are migrating to newer technologies such as VoIP and instant messaging Focus shifting from “data in motion” to “data at rest” Drive towards reducing human interventions Vendors diversifying and extending products for different segments SOURCE: IDC

tant to put all of their security eggs in one basket, so to speak, consolidating just two or three functions can gain measurable benefits in both capital and operational savings,” says Vishak Raman, Regional Director-India & SAARC, Fortinet.

Factors driving UTM uptake UTM is witnessing a growing appeal among businesses across all sectors, mainly due to reduced total cost of ownership (TCO) as well as lower administrative burden of managing and upgrading legacy or outdated point security solutions. The economic downturn has also conditioned enterprises to be more conservative about investment in new solutions or infrastructure. “The value proposition offered by the UTM platforms has become more pronounced in the current economic climate,” says Bakthavatsalu. Compliance is probably the most important factor driving UTM uptake in the education, healthcare, BFSI, retail, IT and ITES sectors, as the device helps address the specific regulatory mandates. Among the other factors are the increased usage of convergent technologies as well as remote and Wi-Fi access among enterprises.

Opportunities for partners Market analysts predict strong growth for UTMs, especially in the SMB segment. According to IDC, the UTM appliance market in India is slated to cross $100 million by 2012, which will generate fresh business opportunities for solution providers. Sanchit Vir Gogia, Senior Analyst, Springboard Research, says, “The success of selling UTM appliances largely hinges on how effectively the reseller can act as a consultant and help the enterprise see value and real-time application to its IT environment.” Demand for UTM solutions has also been sharply increasing from tier-two and tier-three cities, which have a large proportion of SMBs and SOHOs. Both these segments are largely served by channel partners, and that’s why vendors have been actively recruiting and training partners in these cities. Outsourcing security to a trusted partner has also become a viable option for businesses, creating an enormous opportunity for managed security service providers (MSSPs). Lack of high-end security skills among smaller solution providers is

With rising performance and load balancing capabilities, UTMs are being embraced not only by SMBs but by large enterprises as well. ACCORDING TO IDC, THE UTM APPLIANCE MARKET IN INDIA IS SLATED TO CROSS $100 MILLION BY

2012.

UTM vendors are trying to add new features like content filtering, on-appliance SSL VPN, bandwidth management and data loss prevention.

also driving growth for UTMs, which are much easier to handle. Says Rishi Samadhia, Executive Director– Channel, ZyXEL Technologies India, says, “Since delivering security solutions for specific consumer requirements is a bit complicated and most of the SIs working in the lower segments of the market do not have enough trained manpower to successfully implement them, they look to implement smart and manageable solutions like UTMs.”

New breed of UTM Going beyond traditional security features, UTM vendors are now trying to add features like content filtering, on-appliance SSL VPN, bandwidth management and data loss prevention, which will make the solution more comprehensive and effective in an evolving threat scenario. An increasing demand for virtualized UTM solutions is also expected down the line. Another trend is identity-based devices. According to Tushar Sighat, VP-Operations, Cyberoam (India), “With the individual user being the weakest link in enterprise security, identifying the user and gaining visibility into their online activities has become a critical concern.” Nevertheless, despite making a major breakthrough in the SMB market, UTM does have its failings. Nitin Nistane, COO, Infospectrum India, says, “There are so many things already packed into one box, it often becomes a single point of failure. Therefore, the solution needs to be highly available and have a failover strategy as well as load balancing features in case of any breakdown. This is probably when things start going wrong. First, such a highly available solution is not available with all the vendors. Second, even if the vendor provides these features, it becomes increasingly complex to deploy. Third, integrating these features can be very expensive for an additional cost of subscriptions levied for the same set of software used in the standby box.” Some of these concerns are beginning to be addressed by vendors in new products. It may take another one or two years before large enterprises deploy these devices on a bigger scale than they are doing now. Meanwhile, as far as the SMBs are concerned, UTMs continue to be hot as ever. n soma.tah@9dot9.in

DIGIT CHANNEL CONNECT

NOVEMBER 2009

unified threat management “UTM SOLUTIONS LOWER COSTS AND MAKE IT EASY TO BUILD COHERENT SECURITY POLICIES”

Shubhomoy Biswas, Country Director – India, SonicWall

The Indian market is seeing an increasing uptake of UTM solutions in small and medium organizations. Shubhomoy Biswas talks to Soma Tah about the existing and new business opportunities for partners from the latest innovations in this space.

DCC: What do you think are the major challenges facing the network security market and how effective is the UTM solution in addressing them vis-à-vis standalone security solutions?

The continuing growth of networks and the constantly evolving Web threat landscape creates challenges for companies to stay up-to-date on every method and mode of protection. Separate security systems means different management consoles to configure each system. It can be very time consuming to make sure the different security policies on different systems work together and provide adequate protection. Also, the log information from each system will be stored in different formats in different locations, making detection and analysis of security events difficult. On the other hand, UTM gives system and network administrators the ability to configure and deploy network countermeasures from one centralized interface, thereby reducing the time needed to respond effectively to new threats from hours to minutes. DCC: What are the drivers of UTM adoption in India?

India is one of the biggest security markets in Asia. Manufacturing, government and service providers are the key adopters of UTM. Rise in prevailing Internet threats along with a g rowth in organizations using Internet-based business model, growth of the mobile workforce, w i d e n i n g ge og r a p h i c a l r e a c h ,

DIGIT CHANNEL CONNECT

increasing demand for simple solutions are some of the key drivers in this space. DCC: Why have UTMs not been able to make much of a dent beyond SMBs and branch offices of big enterprises?

UTM, with its cost efficiencies, comprehensive security against blended threats and ease of manageability, has emerged as the solution of choice for SMBs. Small organizations are increasingly deploying it as gateway security solutions and are showing keen interest in the UTM concept of all-in-one security. At the other end, with rising performance capabilities of UTMs through the efficient use of multi-core processors, large enterprises are deploying UTMs in place of individual security solutions for their easy manageability, cost-effectiveness and efficiency. However, increasing awareness on security among Indian SMBs is also a key driver for the rising popularity of UTM. DCC: Is UTM still considered a reactive security measure or is it becoming a part of proactive security strategy?

Yes, the changing mindset of customers towards security solutions from a need fulfillment to a strategic move plays a major role in this. Businesses need to map laws and r e g u l at i o n s t o c o m mu n i c at i o n technology in order to comply with various industr y standards and this has been one of the primary drivers behind the acceptance and implementation of UTM technology by the government, public and private

NOVEMBER 2009 DECEMBER

As server and desktop virtualization continues to proliferate, we will need better security tools for rolebased access control, virtual server identity management, virtual network security, and reporting/ auditing.”

organizations. A UTM solution makes it easy to build coherent security policies, simplifies administration tasks such as log file management, auditing, and compliance reporting, and lowers operational costs. DCC: What kind of opportunities lie ahead for the partners?

Vendor s are coming up with advanced UTM appliances to meet the needs of enterprises and data centers, providing high level of security that has high performance, high throughput and low latency. There has been a major shift in the mindset of organizations: with budget restraints and other financial priorities, many businesses that were reluctant to replace their legacy network-security products are now ready to adopt better solutions like UTMs. DCC: What are the new trends emerging in the UTM space?

First is the virtualization of security. As server and desktop virtualization continues to proliferate, we will need better security tools for things like rolebased access control, virtual server identity management, virtual network security, and reporting/auditing. Virtualized UTM (vUTM) delivers the features of a fully integrated multithreat security device in the network “cloud”, enabling tremendous savings in recurring operational costs related to equipment maintenance as well as reducing admin complexities. Second is the emergence of managed security solution providers in this space. n soma.tah@9dot9.in

guest expression

PCI DSS :

systems and processes; and maintain an information security policy.

TIME TO GET

SERIOUS

The need to comply with Payment Card Industry’s Data Security Standard is growing every day ABHILASH SONWANE

he growing popularity of plastic over cash for online as well as of f line transactions has led to enormous volumes of confidential data traversing payment networks. A typical retailer, for example, generates hundreds of thousands of log messages per day amounting to many terabytes a year. From consumers’ point of view, the sophistication of cyber criminals digging into their credit card information is generating a lot of fear. It is no more about stealing passwords, but criminals are studying the consumer spending behavior and psychology to catch hold of information for a fraud attack. In India alone, banks across the country reported a loss of over Rs 42 crore to online banking and credit card frauds during April-December 2008 with the maximum amount being fraudulently withdrawn using credit cards, according to a report in The Times of India. Apparently, merchants are shelling out huge sums of money for fraud management, besides coughing up money for repair work after a data breach has happened. With such huge stakes involved, a standard that regulates processes and procedures in organizations holding cardholder data is a necessity for the security of sensitive information they have.

PCI DSS Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) aims to give cardholders the assurance that their

card details are safe and secure when their debit or credit card is offered at the point of sale, whether it’s over the Internet, on the phone or through mail order. The Compliance applies to any company that processes, stores or transmits credit card data and consequently affects merchants, hospitality industry as well as banks, bureaux and service providers.

Measures for Compliance The PCI Data Security Standard consists of twelve basic requirements – sometimes referred to as the “Digital Dozen” – segregated into 6 groups. PCI DSS Compliance requires that merchants and other service providers holding the cardholder data must build and maintain a secure network through use of a firewall and by changing vendor-supplied default passwords and other security parameters; protect cardholder data by protecting the stored cardholder data and encrypting data in transmission; maintain a vulnerability management program through use and regular updation of the antivirus software and developing and maintaining secure systems and applications; implement strong access control measures by restricting access to cardholder data on need-to-know basis, assigning a unique ID to each internal user and restricting physical access to data; regularly monitor and test networks by monitoring all access to network resources and cardholder data and regularly testing security

Compliance Requirements

ABHILASH SONWANE

BANKS ACROSS INDIA REPORTED A LOSS OF OVER RS 42 CRORE TO ONLINE BANKING AND CREDIT CARD FRAUDS DURING APRILDECEMBER 2008.

Build and Maintain a Secure Network: Install and maintain a firewall to protect cardholder data; Do not use vendor-supplied defaults for system passwords. Protect Cardholder Data: Protect stored cardholder data; Encrypt transmission of cardholder data across open, public networks. Maintain a Vulnerability Management Program: Use and update anti-virus; Develop and maintain secure systems and applications. Implement Strong Access Control Measures: Restrict access to cardholder data by business need-toknow; Assign a unique ID to each person with computer access; Restrict physical access to cardholder data. Regularly Monitor and Test Networks: M o n i t o r a l l a c c e s s t o n e t wo r k resources and cardholder data; Regularly test security systems and processes. Maintain an Information Security Po l i cy : M a i n t a i n a p o l i cy t h at addresses information security.

PCI DSS Acceptance in India

A standard that regulates processes and procedures in organizations holding cardholder data is a necessity.

The global credit card brand Visa has set two deadlines for businesses in the APAC region for complying with PCI DSS requirements – the September 30, 2009, deadline mandates that merchants, retailers and service providers cannot retain any credit card data like PIN, CVV data and more; the September 30, 2010, deadline mandates merchants and retailers to demonstrate full PCI DSS compliance. This is applicable for big as well as small businesses. There is an immediate need to spread awareness and benefits of PCI DSS among organizations in India and also facilitate them to protect cardholders’ data to remain compliant with PCI DSS. Identity-based threat management appliances enable organizations to protect sensitive cardholder data in storage or in transmission through their identitybased security features. These solutions facilitate PCI DSS compliance by keeping organizations up-to-date and help them maintain their information security policies. n Abhilash Sonwane is VP of Product Management, Cyberoam, a division of Elitecore Technologies.

DIGIT CHANNEL CONNECT

NOVEMBER 2009

white paper

S E L E C T

S E R I E S

Some statistics on Internet abuse: 33% employees surf with no specific objective; men are twice as likely to do this as women (www.emarketer.com)

70% malicious website hits occur between the

hours of 9am and 5pm, during office hours (Businessweek.com)

30% to 40% of employees’ Internet activity is not business related and costs employers millions of dollars in lost productivity (IDC research)

Men are 20 times more likely than women to view and download obscene content (www. emarketer.com)

1 in 5 men and 1 in 8 women admitted to

using their work computers to access malicious content online (MSNBC)

CONTENT SECURITY:

A PRIMER

This white paper provides information about content security, why it’s needed and recommends features that efficient content security software must possess

ontent Security refers to monitoring Internet access and e-mail activity in a person’s network. It broadly involves setting security policies that govern Internet use in your home or organization. A system administrator or parent can set guidelines for productive and safe use of the Internet in this case. It also involves control over e-mails and attachments sent or received by the employees or children respectively..

IMPACT OF INTERNET MISUSE

The impact of the misuse of the Internet would lead to productivity loss as the employees would indulge in checking personal emails, downloading movies and music for personal use and also

DIGIT CHANNEL CONNECT

NOVEMBER 2009

accessing malicious websites. Also, the primary concern these days is usage of networking sites and instant messaging devices which are free to download and use. Usage of these websites in turn leads to bandwidth loss and hence slows down the usage of Internet. Another concern is that using certain websites leads to insecure connection. Internet access is double sided. When you open a website, it also has access to your PC. If your network does not have the requisite security, then it falls prey to viruses, Trojans, hacking, theft of confidential data, etc. For example: When a user accesses his bank account, in the absence of content security software, a computer hacker can gain access to

cache information stored in the user’s computer and collect all your valuable bank account information including IPIN passwords.

LEGAL ISSUES

When employees visit malicious websites to access obscene content or post hate mails, they are committing a legal offense. The company in question is liable for legal action. Employees using the Internet at their workplace must remember that: n If an employee downloads objectionable materials and shows it to another employee (maybe a female colleague), the company could be liable for sexual harassment damages n IT managers face prosecution if their corporate networks are used to carry illegal material from the Internet. The law for online transport of information is the same as offline. (Computer Weekly) n E-mails are acceptable as evidence in courts. n Copyright infringement is a major threat of accessing malicious or insecure website. It can happen willfully or unintentionally. An employee can download and use a software program, a graphic image or a proprietary document unaware of its copyright and can in turn be committing a crime. Copyrights are extendable to the Web media too.

white paper WHAT A CONTENT SECURITY SOFTWARE SHOULD HAVE

A content security software should broadly address the following issues: n Control access to websites n Protect private information n Provide endpoint security n Control e-mail activity n Block spammer’s e-mail ID and issue warnings and notifications If your organization is large, then you need to assign uniform global security policies that govern all the machines.

CONTROL ACCESS TO WEBSITES

The software should allow one to selectively block and allow websites on the network. The following issues need to be addressed: Restricted words: Software should allow you to specify restricted words and phrases which are obscene and add them to the restricted words list. Access to any URL or page that has these words should automatically be blocked. List of banned sites: Software should allow you to add URLs of sites that you want banned in your organisation. Access to these sites is immediately blocked. Some adult-content sites like www.hustler.com or www.playboy. com do not change their names. Such known sites need to be blocked outright. Banned IP: Websites can be accessed by entering the IP (Internet Protocol) number. The software should be able to translate the IP number to its site name and block access if it contains restricted words or is on the banned list. Filter Category: The software should allow one to create category of filters for block and allow site. Sites related to the category can be listed there. It should be possible to add or remove sites from block and allow category with a click. Advanced Content Matching Options:

The software should allow one to set advanced content matching options that search for restricted words in different parts of the web page, set number of times a restricted word occurs in a page before it is blocked, allow to block page elements like images, applications, movie files, etc. Content Matching: After a list of restricted words is made, the software should automatically, search for such words in the accessed site. Words occurring in the following areas of the web page should be detected and denied access to - Site Name, HTML Tags, Page Title, Page text or body and Page description and keywords

Threshold Level Setting Bar: Obscene

words can be found in legitimate sites. Hence it becomes an issue in differentiating a malicious website from a secure website. In a website, if any three words from the list appear as a combination, more times than the threshold value, the site is blocked. The Threshold level bar allows one to set the threshold value number. Block Options: The software should allow you to choose options for blocking a website on the basis of images, applications (for instance, executable files), audio files and videos. Active X Control Blocking: Some web sites embed objects like applets and scripts in your browser when you access their Web pages. The software should allow you to bar this action. Safe Net Use Rating: For safe net surfing, organizations like RSCAi, ICRA, SafeSurf, etc, rate sites based on the use of obscene language.

PROTECT PRIVACY INFORMATION

The software should prevent private and confidential data being stolen from browsers, cache, cookies, Internet history, files and folders. It should act as a browser cleanup to clear all the unwanted files created on the system when browsing the Web as well as files created by other installed software.

PROVIDE ENDPOINT SECURITY

The content security software should prevent data thefts and virus infections through USB based portable storage devices such as flash drives, portable hard disks, etc. It should provide both application control and USB control which allows one to block or permit applications on the networks and personal systems. Suspicious files and applications can be detected. The security software should stop endpoints from becoming a doorway for security threats to enter and sensitive data to escape. Application c o n t r o l , wh i c h i s t h e p r i m a r y component of an endpoint protection solution, allows only authorized applications to run, so the endpoints are fully protected from malware and unknown threats. Application Control: The software should block computer games, Instant Messengers, Music & Video Player, P2P applications which are listed under blocked executables as well as lists defined by user.

MALICIOUS WEBSITE HITS OCCUR BETWEEN THE HOURS OF 9AM AND 5PM, DURING OFFICE HOURS The content security software should allow you to add URLs of sites that you want banned in your organisation

For safe net surfing, organizations like RSCAi, ICRA, SafeSurf, etc, rate sites based on the use of obscene language

USB Control: The software should block running /execution of any applications (programs) on the system via a USB Controlled device. This controls the execution of viruses / malware spreading through a USB device. With endpoint security, you can: n Identify all executable files and devices, collect profiles and organize into pre-defined file groups. n Assign permissions for applications to run based on executable, user, or user group attributes. Use an application white list approach to ensure that only authorized and legal applications can run on a computer. n Monitor the effectiveness of endpoint security policies in real time and identify potential threats by logging all application execution attempts and recording all policy changes and administrator activities.

CONTROL EMAIL

E-mails have become one of the prime sources for Internet abuse. Offensive mails, which include unsolicited junk mail, called spam, can be sent and received from your network. The content security software should have the ‘restricted phrase checking’ feature for spam. Spam mails often have enticing subject lines and alluring words like ‘deal of a lifetime’, ‘free your debts’, etc. The words may occur in the body, header, and HTML tags of the e-mail, and the security software should be able to detect them. The software should have a block list of such words and phrases. Any mail with the words as the subject should be automatically deleted or quarantined. You should also be able to add or delete words and phrases to the block list.

Block Spammer

Software with the following features effectively combats spam. n Add e-mail ID of known spammer to the block list. Any mails received from an ID included in the list are automatically deleted, without being downloaded into your server. n If required, the software should remove an e-mail ID from the block list and allow mails from it. n Software should allow a notification to be sent to the intended recipient and system admin. The notification should provide details of whom the mail came from and who it is for, subject, reason why the mail was deleted, etc. n Courtesy: Micro World Technologies

DIGIT CHANNEL CONNECT

NOVEMBER 2009

white paper

S E L E C T

S E R I E S

Security Trends TO WATCH IN

2010

Don’t be surprised if you find the old rogue programs still at work in the year ahead. But do prepare yourselves and your customers to tackle the threats.

he domain of security just keeps on getting broader and broader, what with increasing sophistication of threats, growing mobility and rising popularity of tools such as instant messaging and social networking. A few key trends to watch:

ANTIVIRUS IS NOT ENOUGH With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioural capabilities, are not enough to protect against today’s threats. We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analysing malware. Instead, approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2010.

SOCIAL ENGINEERING ATTACKS More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine. Social engineering is already one of the primary attack vectors being used today, and Symantec estimates that the number of attempted attacks

DIGIT CHANNEL CONNECT

NOVEMBER 2009

using social engineering techniques is sure to increase in 2010.

ROGUE SECURITY SOFTWARE In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.

SOCIAL NETWORKING With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure.

WINDOWS 7 WILL GET ATTACKED Microsoft has already released the first security patches for the new operating system. As long as

humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

FAST FLUX BOTNETS INCREASE Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious Web sites behind an ever-changing network of compromised hosts acting as proxies. Using a combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection, it makes it difficult to trace the botnets’ original geo-location. As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique being used to carry out attacks.

URL SHORTENING SERVICES BECOME THE PHISHER’S BEST FRIEND Because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking

white paper on. Symantec is already seeing a trend toward using this tactic to distribute misleading applications and we expect much more to come.

lack of stringent legal framework], weâ&#x20AC;&#x2122;ll see more organizations selling unauthorized e-mail address lists and more less-than-legitimate marketers spamming those lists.

MAC AND MOBILE MALWARE

In 2010, Symantec predicts that overall, one in 12 hyperlinks will be linked to a domain known to be used for hosting malware.

SPAM VOLUMES TO FLUCTUATE

The number of attacks designed to exploit a certain OS or platform is directly related to that platformâ&#x20AC;&#x2122;s market share, as malware authors are out to make money and always want the biggest bang for their buck. In 2009, we saw Macs and smartphones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX.Iservice Trojan targeting Mac users. As Mac and smartphones continue to increase in popularity in 2010, more attackers will target them.

Since 2007, spam has increased on average by 15 percent. While this growth in spam e-mail may not be sustainable in the long term, it is clear that spammers are not yet willing to give up as long an economic motive is present. Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software, the intervention of responsible ISPs and government agencies across the globe.

SINCE THE YEAR 2007, SPAM VOLUME HAS INCREASED ON AVERAGE BY

SPECIALIZED MALWARE Highly specialized malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of

SPAMMERS BREAKING THE RULES As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN SPAM Act [the Act applies in the US; in India the situation could be worse for

15%

malware targeting electronic voting systems.

CAPTCHA TECHNOLOGY TO IMPROVE This will prompt more businesses in emerging economies to offer real people employed to manually generate accounts on legitimate Web sites, especially those supporting user-generated content, for spamming purposes. Symantec estimates that the individuals will be paid less than 10 percent of the cost to the spammers, with the account-farmers charging $30-40 per 1,000 accounts.

INSTANT MESSAGING SPAM As cybercriminals exploit new ways to bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL. Courtesy: Symantec

Anti-Virus

Net Protector

Anti-Spyware

NP AV

Anti-Malware

Protectdyigoitual life!

Anti-Spam

AntiVirus

Anti-RootKit

Keeps your Data, OS,& PC Safe

Anti-Hijack

Email Backup

FireWall

Admin Console for LAN

URL Filtering

PC-Optimizer

STOP VIRUS

Browser Repair

fic

Internet Security

si Bu

Detects, Removes, Prevents Viruses, Trojans, Worms, Spywares & Malwares

Mobile Scanning

Wanted Dealers

antivirus

AntiVirus

Scanning Started

(020)

24466222

com

india

Net Protector

NP AV

Web secure

09272707050

Net Protector Maximum Security

2010

sales@indiaantivirus.com

Daily Updates

DIGIT CHANNEL CONNECT

NOVEMBER 2009

guest expression

The UTM LANDSCAPE

A unified threat management device may seem like a one-box-does-all solution but there are performance issues to consider.

nified Threat Management (UTM) is a very vague and meaningless term to most. Unless, of course, you are a small to medium sized enterprise that has been looking into the best way to protect your network – take the next step beyond just a firewall and have a holistic approach to protecting your perimeter, your email servers, your endpoints and everything in between. For a term that is a bit nebulous to many, UTM represents a market space that is growing by more than 20 percent according to many information technology industry analysts. Many organizations that are recognizing how complex the online threats are today are also recognizing that they may have holes in their network security deployments. If you are relying exclusively on a firewall to protect your organization, there are other technologies available via a UTM appliance that can significantly reduce the risk associated to being in a world that relies on connectivity. Some of the additional technologies include intrusion prevention systems, anti-malware engines, anti-virus gateways, access control systems like URL filtering engines, and even global reputation systems. Unified threat management appliances can do a great job filling the gaps in a security platform by leveraging one or more of these technologies. There is a problem though that many don’t necessarily see up front. To put it simply, these devices can easily be overloaded. Here

DIGIT CHANNEL CONNECT

is a simple analogy. I’ll use my friend’s souped up SUV as an example. What a great vehicle. It can drive 180 kilometers per hour, tow 5,000 kg, and even climb some of the roughest terrain you have ever seen – without tipping over, but there is no possible way it can do all of these feats at the same time. This same issue applies to most of today’s UTM appliances – at least on the lower end devices. A significant amount of processing power and resources are needed to be able to do a good job of many of the UTM features that are available. A UTM device is great at being used as a firewall, a VPN device, load balancing, and maybe a few or so more of the hundreds of features packed into these appliances. The result of recognizing this is that you will need to either prioritize your security concerns, or purchase an appliance with enough actual ‘UTM’ throughput to handle your environment, and if you have to purchase such a large appliance to meet your needs, one may begin to wonder if the cost savings and simplicity goals associated to purchasing a UTM is overtaken by the need for such powerful hardware appliances. Typically the answer is still yes, but consideration should be taken, especially for those within growing organizations.

Cloud to the rescue To alleviate the load on UTM devices you will see some of the leading UTM vendors begin to leverage cloud services. Software-as-a-service (SaaS) has the potential to lower hardware

NOVEMBER 2009

To alleviate the load on UTM devices, some vendors have begun to leverage cloud services DAVE BULL

YOU MAY NEED TO EITHER PRIORITIZE YOUR SECURITY CONCERNS, OR PURCHASE AN APPLIANCE WITH ENOUGH ACTUAL ‘UTM’ THROUGHPUT TO HANDLE YOUR ENVIRONMENT

costs, lower electricity usage and bills, increase the protection layer by implementing near real-time signature and reputation updates, and eliminate the management of devices on site. A typical UTM device will see a significant performance hit when implementing an effective anti-virus, anti-malware, or intrusion prevention profile. These resource intensive processes are great examples of technologies that could leverage what really become an infinite amount of horsepower at a datacenter. One of the most common configurations we are seeing in this type of environment (called a hybrid solution) is to run the firewall and intrusion prevention system locally with the on-premise device, while running anti-virus, anti-malware, and Web filtering in the cloud. In addition to being able to utilize an infinite amount of headroom to do the heavy processing of anti-malware and such, other benefits come into play when the UTM manufactures begin to tightly integrate the configuration of the cloud services with the UTM appliance itself. One should be able to go to one location and configure the entire protection scheme seamlessly. There are definitely hurdles to overcome. A common theme with some administrators and businesses is that the idea of redirecting all of the company’s data through a transparent proxy to a cloud service is a bit daunting. Are there any security holes to concern themselves with when routing every bit and byte to one location not entirely under their control? While an interesting and appealing idea to many organizations, thus far, this author has seen really what I will refer to as ‘emerging enterprises’ begin to pick up on these difficulties and solutions. These are organizations again, that have seen the complexities of what they are trying to fight and are willing to dive into what could very well be the next generation of UTM deployments. Generally smaller in size, they recognize the need for the most comprehensive protection, with the least amount of maintenance. And when a datacenter is taking care of the technologies that need to be monitored and updated more often than others, they see immediate benefits. While today’s UTM offerings are very effective in what they do, I’m glad to see alternatives come alive with some of the lesser known issues that arise out of allin-one devices. n Dave Bull is Product Marketing Manager - UTM Firewall, McAfee.