Stopping Attacks in Their Tracks

Interview: ISS CTO Christopher Klaus details his company's new strategy to tackling security threats.

ATLANTA—When Internet Security Systems Inc. began in 1994, it was one of the pioneers in the intrusion-detection and vulnerability-assessment markets. The companys Internet Scanner software, written by founder and chief technology officer Christopher Klaus, was one of the first applications to be able to find and fix software vulnerabilities. But security threats and attacks have morphed and become far more sophisticated in the last nine years, making such capabilities less effective. In response, ISS recently introduced its new Dynamic Threat Protection system, designed to identify and thwart unknown attacks while theyre in progress. Senior Editor Dennis Fisher sat down with Klaus at ISS headquarters last week to discuss the new technology and its application in the evolving security landscape.

eWeek: How did this strategy come about? Its obviously something youve been working on for quite a while.

Klaus: Its been kind of the missing link in this industry for a while. Patch management isnt working. People do vulnerability assessments and they get this huge book of vulnerabilities and dont know what to do with it. We just use vulnerability detection as a feedback loop in threat detection and assessment to say, where are you not protected? If you think about security as a car, most people just sell you one piece, like a transmission or an engine without telling you that you need the other parts. Were providing people a sports car to go from point A to point B. The customer needs to be educated at a higher level to say, Youre really buying a car and its not just all these little pieces. We wanted it all integrated as one protection system.

eWeek: Im sure youve talked to a lot of customers about this already. Is this something that they see the need for?

Klaus: The customers get it pretty quickly. Most companies are still at the manual protection stage where they have to actually go out and touch every machine in order to update it. And when you get that big book of vulnerabilities, its analysis paralysis. Where do I start? This stuff is best served as a platform.

eWeek: Do you see any direct competition for this already out there?

Klaus: Trying to glue it all together is extremely difficult. Weve really been working toward this since we started the company almost 10 years ago. Ive yet to see a very large rollout of best-of-breed that has all of this.

eWeek: Do you expect other vendors to try and duplicate it?

Klaus: I expect it, but dont know if its possible. To build all of these pieces in an integrated fashion is really hard.