“Attacks are becoming more sophisticated with each passing day”

Geoff Haggart, VP, EMEA and APAC, Websense Inc. spoke to Dominic K about various security trends and on the fact that security policies will not help much unless backed by automated tools and solutions.

Geoff Haggart

In the ever changing landscape of security what are the areas of concern ?

Traditionally Websense has been involved with Web filtering and helping our customers manage their core competencies. Our solutions help organisations block access to bad sites such as gambling sites, and sites that does not hold value based on the organisational policies and values.

These sites include from gambling and pornographic sites and also stock trading and online shopping portals. We have also observed that due to broadband connectivity individuals at various organisations irrespective of their vertical tend to use the facilities for personal use. Our focus is solely on managing Web-based threats and increase productivity and in turn also enhances corporate security.

What are the various trends and patterns you observe in attacks?

The trend is that the attacks are becoming more and more sophisticated with each passing day. The days are gone when individuals receive viruses over e-mail. When was the last time you got an e-mail with an ‘I love you’ type of virus? The current trend is of Phishing or for that matter automated Phishing more commonly known as Pharming. The only objective of such a attack is to lure you into committing some kind of error, which might result in the leakage of your personal information.

Today malware such as spyware and Trojans along with keyloggers can be blended into one threat vector. The current trend as mentioned earlier is becoming more sophisticated and blended.

What are the various threats that will be felt in 2007?

In 2006, cybercrime and the evolution of new cyber-criminals increased. 2007, Websense expects underground cybercrime to become more organised and run a better economy. As part of that growing economy, the market for zero-day attack code will be more competitive. This will result in an increase in the number of zero-day attacks and better attacks on both the client and server-side.

In 2007 organised criminals will join forces with the hacker community to form a more organised cybercrime economy, which buys, sells and trades hot commodities such as ready made cyber-attack toolkits and exploits utilising zero-day vulnerabilities. We also feel that Web 2.0 security issues will escalate as these technologies are being rolled out en masse with security as an afterthought. It is important for organisations to have preventive measures in place to protect themselves from the next wave of increasingly covert and targeted attacks.

The BOT evolution will continue and evolve again with countermeasures. Distributed command-and-control and the use of other protocols other than Internet Relay Chat (IRC) or HTTP will be used to control BOT networks. Increased use of encryption and custom packing of BOTs will also occur.

CERT in Australia has revealed that about 70 percent of malicious code will get past anti-virus software today because it just won’t be noticed and also because most solutions are not equipped to check the malicious contents and codes.

Like anti-virus we do not fix the problem but discover the problem and block it so that it does not become a problem for a customer’s daily business operations.

Tell us about the PortAuthority Technologies acquisition.

We acquired PortAuthority Technologies last year for approximately $90 million. The combination of PortAuthority’s information leak prevention technology and Websense’s ThreatSeeker malicious content identification and categorisation technology should help us strengthen our stand on content security platform.

The result will be a new best-of-breed security software company with the capabilities to help organisations across verticals to prevent unauthorised use or disclosure of confidential data while simultaneously protecting users and data from external malicious threat or attacks.

Through an existing OEM technology alliance established in September of this year, Websense has been working with PortAuthority to enhance Websense Deep Content Control technology to deliver comprehensive security solutions that protect users and data from internal and external threats, both known and emerging.

With knowledge of Internet destinations, protocols and applications, along with detailed fingerprints of internal data, Deep Content Control technology can help protect information flowing through the network, including outbound, internal and Web-based e-mail, Web postings, instant messaging, file transfers and network printing.

Additionally, both technologies will use an integrated policy engine to give organisations the unique ability to manage and protect information by individual user rather than by device.

What suggestions would you like to give to organisations?

I feel that having a corporate IT policy and telling people about it is absolutely useless. You also need to have something that automatically monitors and administers. This is beacuse people don’t know the seriousness of some of the Web sites that they surf or the attachments they may download or for that matter click on the link mentioned to them to execute certain updates. To my mind i feel that the processes should be automated as far as possible.

How did you do in India in 2006?

We continue to see India as one of our high growth markets and also one the the biggest growth markets for us. We have eight people on our Indian team and look forward to expanding based on business need.