Paying Attention The rise of security intelligence services indicates that e-businesses are finally turning their full attention and their budgets to security. Industry analysts and consultants have long bewailed that companies often consider security only as an afterthought. "Its been kind of like putting the cart before the horse," said The Yankee Groups Zeus Kerravala. "But over the last few years, customers have had a lot more things to pay attention to, like Y2K [year 2000] and building out an Internet infrastructure."IDefense turned heads in April when it predicted and tracked numerous hack attempts against U.S. corporations as a result of the controversy over a U.S. spy plane that made an emergency landing on Chinese soil April 1. Luckily for companies attacked during the China-U.S. diplomatic skirmish, most of the hacks were Web site defacements, a relatively inexpensive exposure to alleviate especially when compared to the latest fad in hacking, distributed denial-of-service (DDOS) attacks. DDOS attacks, and the ease with which they can be launched, have changed the way corporations approach Internet security. A DDOS attack can quickly overwhelm a Web site with hundreds or thousands of simultaneous requests. Beforehand, hackers would have loaded software on unprotected PCs across the Internet that render them "zombies" to be used as agents in an attack, which also masks the identity of the original hacker. "The main concern I have is how readily available various exploitations are," Kelly said. "Ten years ago, a hacker had to be pretty sophisticated in understanding network technologies and be proficient in programming scripts." Today, hacking scripts are not only readily available on the Internet, they also have graphical user interfaces and are frighteningly simple to operate. Whats more, DDOS attacks typically were only launched against large organizations, but now small businesses and even individual users are being attacked. Recently released products from Arbor Networks, Asta Networks, Captus Networks and Mazu purport to handle the problem by detecting the offending traffic and blocking or limiting only those requests, but these solutions have yet to be proven in wide-scale deployments. Security intelligence services claim they are able to provide early warning of impending attacks. Just before Christmas 1999, for example, AtomicTangerines security team began noticing discussions among hackers about how they were going to "take down the Internet mall" Internet retail stores at the apex of the retail sales cycle, Worstell said. As events unfolded, Worstell sent messages to colleagues to check out the message boards where these discussions were taking place, which, she admitted, was probably a mistake, because then the hackers noticed a spike in traffic. "We were watching them, and then suddenly they were watching us watching them," she said. AtomicTangerine analysts then witnessed an interesting change of heart, as hackers agreed they didnt want to ruin Christmas because it could create a lot of negative sentiment about hackers. They decided to hold off all attacks until February 2000, Worstell said, which was the month several major sites, including eBay and Yahoo!, were taken down by DDOS attacks.
Conceptually, Internet security intelligence services are modeled after the governments military intelligence-gathering apparatus. "The government understands how intelligence works and how it feeds into operational decision making," said Brian Kelly, CEO of iDefense. When it comes to intelligence, the "private sector doesnt think about it as much," Kelly said a situation that gave birth to companies such as his.