Return-Path: <sentto-279987-4862-1024665843-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 21 Jun 2002 06:26:07 -0700 (PDT) Received: (qmail 7395 invoked by uid 510); 21 Jun 2002 13:24:02 -0000 Received: from n39.grp.scd.yahoo.com (66.218.66.107) by all.net with SMTP; 21 Jun 2002 13:24:02 -0000 X-eGroups-Return: sentto-279987-4862-1024665843-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.198] by n39.grp.scd.yahoo.com with NNFMP; 21 Jun 2002 13:24:03 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_2); 21 Jun 2002 13:24:02 -0000 Received: (qmail 68892 invoked from network); 21 Jun 2002 13:24:02 -0000 Received: from unknown (66.218.66.216) by m5.grp.scd.yahoo.com with QMQP; 21 Jun 2002 13:24:02 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 21 Jun 2002 13:24:02 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g5LDOnN04606 for iwar@onelist.com; Fri, 21 Jun 2002 06:24:49 -0700 Message-Id: <200206211324.g5LDOnN04606@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 21 Jun 2002 06:24:49 -0700 (PDT) Subject: [iwar] [fc:New.Security.Software.Gets.Jump.on.Cyberattacks] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=3.2 required=5.0 tests=RISK_FREE,FREE_MONEY,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: *** New Security Software Gets Jump on Cyberattacks Joab Jackson Washington Technology Wednesday, June 19, 2002; 4:45 PM <a href="http://www.washingtonpost.com/ac2/wp-dyn/A13114-2002Jun19?language=printer">http://www.washingtonpost.com/ac2/wp-dyn/A13114-2002Jun19?language=printer> In 2001, the Federal Computer Incident Response Center was notified of 6,683 attacks, ranging from defacing Web sites to break-ins of an agency's central "root" servers. In 2000, the agency that monitors malicious attacks on federal systems was notified of only 586; in 1999, that number was 580. These numbers have many industry and government officials worried whether agencies have enough manpower to keep up with the increasing number of attacks on their computer systems. Although the federal government has increased spending on information security - from $1 billion in 2001 to $2.7 billion in 2002, according to market research firm Input Inc. of Chantilly, Va. - the amount of information passing through government systems and the evermore complex nature of security threats guarantee that even these additional dollars will be spread thin. Addressing this problem are software companies that have produced solutions that attempt to foresee threats sooner and simplify the workload for administrators. "Traditionally, many of the technologies are reactive in nature. We have more of a proactive solution," said Dave Hammond, director of marketing at Okena Inc., a Waltham, Mass., firm that sells about 50 percent of its security software to government agencies. Industry observers are seeing pressure on systems administrators from two areas: increasing network capacities and more complex threats, both of which strain traditional security components. "Government agencies are requiring one gigabit networks, whereas 100 megabits were adequate two years ago," said Randy Richmond, group manager within the federal network systems unit of Verizon Communications Inc., New York, which provides managed network services. As network throughput grows, Richmond said, firewalls and intrusion detection systems struggle with an increasing number of data packets. Add to this the changing nature of the threat. According to David von Vistauxx, managing director of a Silver Spring, Md.-based security practices coalition called the Organization for Infrastructure Security, agencies may be more "prepared to fight the last attack, not the current one," he said. For example, a June 10 General Accounting Office report criticized the Army Corps of Engineers for not adequately securing its financial management system, even though the corps had addressed many problems called to its attention by an earlier GAO audit. Among the new problems identified was the corps' failure to correct "continuing and newly identified vulnerabilities," the report said. Increasingly, security software providers are gearing their solutions toward anticipating future threats, ones whose methods of attack may be new, rather than just guarding against the kinds of attacks that have already occurred. Okena, for instance, sells software called StormWatch that monitors computer applications to ensure they don't perform any activities outside their boundaries. "We're defining policies for appropriate application behavior," Hammond said. Network Associates Inc., Santa Clara, Calif., also has developed a proactive approach through the release of its McAfee ThreatScan software. Brian McGee, group product marketing manager for Network Associates, said this product is "designed to help a security administrator find vulnerabilities in the network that might be attacked by viruses or other malicious code." "It is specifically targeted at the vulnerabilities that get exploited by viruses," McGee said, in contrast to virus protection software that checks for the presence of malicious programs themselves. In May, NFR Security Inc., Rockville, Md., released a version of its intrusion management system that includes a forensic analysis tool that mines security data for pertinent characteristics that could be used to guard against future attacks. "Security must be considered a process rather than a single technology," said Jack Reis, chief executive officer of NFR Security. Advanced detection systems such as these can be valuable tools, but agencies need knowledgeable systems administrators who know how to use them, said Ira Winkler, chief security strategist for Hewlett-Packard Consulting, a unit of Hewlett-Packard Co., Palo Alto, Calif., during a June 6 Washington Technology conference on information assurance. Otherwise, the data about possible break-ins will just go unused. And this is where administrators need the most help, officials said. "There's a ton of data out there. You look at those logs from intrusion detection systems and firewalls that are millions of lines long. No one has time to look through all of them," said Albert Turner Jr., a senior vice president for SilentRunner Inc., a subsidiary of Raytheon Co., Lexington, Mass. Raytheon spun off this business unit to address the growing customer base for more visually oriented tools to help system administrators track threatening behavior. In May, the company released a new version of its analysis tools. "SilentRunner's customers have the power to [expedite] network security decision-making efforts," said Jeff Waxman, chief executive officer of the company. Also looking to lighten the administrator's load is Symantec Corp., Cupertino, Calif. In April, the company signed an agreement with Defense Information Systems Agency, which oversees the Defense Department's cyberinfrastructure, to supply personnel onsite to help install and manage Symantec's Internet security solutions. Staff Writer Joab Jackson can be reached at jjackson@postnewsweektech.com. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Free $5 Love Reading Risk Free! http://us.click.yahoo.com/3PCXaC/PfREAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT