All Together Now
All Together Now Both internal and external threats must be considered from an international and multidisciplinary point of view. Internally, Symantecs Weafer told eWeek Labs, "you used to see an anti-virus desktop team, an IDS team, a firewall team; the blended threats of Nimda and other modern attacks have changed all that."There are many reputable online resources for discussion of threats against widely used products, but its worth the effort to also seek out sites serving particular industries. "I recently met with five banks in Canada," said iDefenses Kelly. "Theyre curious as to what theyre seeing, compared to what their sister banks are seeing. If someone is probing a port at one bank, and they can find out that the same probe is being seen by the others, thats probably important as an indicator of a possible attack." With marketing firms offering directories of tens of thousands of trade associations, eWeek Labs is not able to give industry-specific advice. But association leaders should seek to lead in this area rather than finding themselves in a reactive posture after a high-profile incident. Like other techniques, this collaboration across multiple sites offers opportunities for automation and therefore more consistent protection at lower cost. "Taking the knowledge of which PCs are being secured, and spreading that knowledge to other PCs in cooperative enforcement, keeps systems that are potential vulnerabilities from being exposed to other systems," said Frederick Felman, vice president at San Francisco-based Zone Labs Inc., whose Integrity 2.0 product offers cooperative enforcement measures designed to be feasible for deployment to remote users. United Labor Banks Schwedhelm is in favor of cooperative approaches but feels that smaller companies such as his are at a disadvantage because top-tier tools come at top-tier prices. "Were a $125 million bank but have only 30 employees," Schwedhelm said. "We outsource a good deal of our processing, but we keep network security in-house. Getting our hands on the newest tools at prices that wont break the bank is next to impossible. We need cheaper intrusion detection products and better log analysis tools that can see through all of the clutter and tell me if Im at riskand where that risk is originating." Only with the broad participation made possible by more affordable security products will the community have the number of data points needed to spot threats quicklyand only with that ability to detect and recognize threats will a Department of Homeland Security be able to play any role in securing enterprise IT. Technology Editor Peter Coffee can be reached at firstname.lastname@example.org.
Externally, he continued, "you need to be talking with people at other sites who can notice common patterns, where the same five steps take place at 10 different sites. Thats where someone has passed the stage of trying the doorknob and has a foot in the door."