Data Thefts Signal Security Shift

After a series of high-profile data thefts, enterprises are rethinking network security approaches.

The serial scandals at Bank of America Corp., ChoicePoint Inc., LexisNexis and now CardSystems Solutions Inc. are prompting a growing number of companies to turn to new technologies and services that spot compromised internal systems, low-level attacks, and fraudulent activity inside and outside their networks.

But experts warn that getting ahead of a new generation of online threats means rethinking network security from the inside out—and learning to think like hackers.

One company that has seen its business boom in the wake of the recent data thefts is Cyveillance Inc., of Washington. The company provides online risk management and Internet monitoring services for enterprises, including about half of the Fortune 50 companies.

Cyveillance makes money by pressing its ear to the hacker underground. It monitors shadowy IRC (Internet Relay Chat) servers, phishing Web sites and discussion boards where online criminals and identity thieves ply their trade.

The company uses automated scanning systems and about 20 people to scour hundreds of millions of Internet documents to give companies critical intelligence on data leaks before they or their customers are victimized, company officials said.

Part of the problem behind the recent data thefts is that most companies still rely on mainstream security products, including gateway and desktop anti-virus programs, IDSes (intrusion detection systems), and firewalls, said Jonathan Bingham, president of Intrusic Inc., of Waltham, Mass., which makes technology it calls a "compromise detection solution."

For example, knowledgeable hackers might canvas ISP networks for customers who are using VPN connections, then launch targeted hacks against those computers. With a compromised computer and VPN access, hackers gain entrance to a protected network as a fully credentialed user and can then do low-level surveillance to gather more credentials from systems on that network.

But IDS or IPS (intrusion prevention system) products wont spot the attack because, technically, the hacker isnt attacking, Bingham said. "They just do things that take advantage of the infrastructure thats in place," he said.

Companies such as Cyota Inc., Actimize Ltd. and 41st Parameter Inc. also provide anomaly detection services, but analysts say that traditional network security technology still has a role to play in preventing online fraud and attacks.

"If CardSystems had network IDS installed, they would have caught what was happening," said Avivah Litan, an analyst at Gartner Inc., in Stamford, Conn. .

But Bingham said the new threats facing organizations online are a paradigm shift in the world of network security and demand new thinking and new approaches.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.