All Together Now

By Peter Coffee  |  Posted 2003-01-20 Print this article Print

All Together Now

Both internal and external threats must be considered from an international and multidisciplinary point of view. Internally, Symantecs Weafer told eWeek Labs, "you used to see an anti-virus desktop team, an IDS team, a firewall team; the blended threats of Nimda and other modern attacks have changed all that."

Externally, he continued, "you need to be talking with people at other sites who can notice common patterns, where the same five steps take place at 10 different sites. Thats where someone has passed the stage of trying the doorknob and has a foot in the door."

There are many reputable online resources for discussion of threats against widely used products, but its worth the effort to also seek out sites serving particular industries.

"I recently met with five banks in Canada," said iDefenses Kelly. "Theyre curious as to what theyre seeing, compared to what their sister banks are seeing. If someone is probing a port at one bank, and they can find out that the same probe is being seen by the others, thats probably important as an indicator of a possible attack."

With marketing firms offering directories of tens of thousands of trade associations, eWeek Labs is not able to give industry-specific advice. But association leaders should seek to lead in this area rather than finding themselves in a reactive posture after a high-profile incident.

Like other techniques, this collaboration across multiple sites offers opportunities for automation and therefore more consistent protection at lower cost.

"Taking the knowledge of which PCs are being secured, and spreading that knowledge to other PCs in cooperative enforcement, keeps systems that are potential vulnerabilities from being exposed to other systems," said Frederick Felman, vice president at San Francisco-based Zone Labs Inc., whose Integrity 2.0 product offers cooperative enforcement measures designed to be feasible for deployment to remote users.

United Labor Banks Schwedhelm is in favor of cooperative approaches but feels that smaller companies such as his are at a disadvantage because top-tier tools come at top-tier prices.

"Were a $125 million bank but have only 30 employees," Schwedhelm said. "We outsource a good deal of our processing, but we keep network security in-house. Getting our hands on the newest tools at prices that wont break the bank is next to impossible. We need cheaper intrusion detection products and better log analysis tools that can see through all of the clutter and tell me if Im at risk—and where that risk is originating."

Only with the broad participation made possible by more affordable security products will the community have the number of data points needed to spot threats quickly—and only with that ability to detect and recognize threats will a Department of Homeland Security be able to play any role in securing enterprise IT.

Technology Editor Peter Coffee can be reached at

Peter Coffee is Director of Platform Research at, where he serves as a liaison with the developer community to define the opportunity and clarify developersÔÇÖ technical requirements on the companyÔÇÖs evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter companyÔÇÖs first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel