SDA Asia's Indu Britto spoke to Ken Low, Security Lead / Marketing Director, Asia Pacific TippingPoint, a division of 3Com, to find out about the new and emerging trends of security threats that Asia Pacific businesses face, and the steps to be taken while evaluating and selecting security solutions.
SDA: Can you tell us about the changing security landscape in Asia Pacific? What are the current and emerging trends, both in terms of threats and the technologies available to counter them?
Ken Low: Security is a moving battlefield where new digital attacks and vulnerabilities are constantly emerging from anytime and anywhere. The biggest challenge for security vendors and customers is to protect their system vulnerabilities targeted by new attacks. In the last 2 to 3 years, security vendors and customers have moved their emphasis from passive technologies such as firewalls, intrusion detection systems (IDS), antivirus systems and patch management systems to more proactive intrusion intrusion prevention systems (IPS) which protect system/application vulnerabilities before exploits are launched to target these vulnerabilities. A zero day attack is the successful exploit of a network or application vulnerability before a software patch or anti-virus signature for that targeted vulnerability is available. A zero day attack can be a new computer virus, spyware, trojan, worm, rootkit, denial of service attack or a previously unknown method of attack.
SDA: New and unseen hacking paradigms emerge each year, taking advantage of new features in software and which circumvent newly deployed security mechanisms. We have also witnessed a rising trend in hacking in Singapore. Can you provide our readership with some statistics on this trend, and most importantly the role of Intrusion Prevention Systems in addressing these problems?
Ken Low: According to the 3Com Asia Pacific Cyber Threat Research, a total of 1757 web server intrusions have been reported from January 2001 to May 2006. 342 of such incidents were reported in the first 5 months of 2006 alone is higher than the yearly average. Many organizations rely on network firewalls, antivirus and IDS to stop such attacks. Unfortunately, the hackers have proven that they can frequently circumvent these passive security technologies as our research has shown. On the other hand, with IPS, a wide range of known system and application vulnerabilities can be protected, in many instances before system/application patches and antivirus signatures are available. In this way, attacks targeting protected vulnerabilities can be detected and blocked by the IPS.
SDA: How important is automation of Intrusion Prevention Systems? How does that effectively help wage the war against infrastructure, application & performance attacks today, and most importanly in the future?
Ken Low: The IPS is central to the automation of information security of any organization because this approach can enable any network to detect and control a wide variety of known and new attacks confronting any network. The IPS protects your network against attacks affecting infrastructure (e.g. switches, firewalls), applications (e.g. operating systems, web servers, VoIP) and performance (i.e. abuse/misuse of bandwidth e.g. non-critical peer-to-peer traffic, denial of service attacks). 3Com’s Auto-Protecting Networks, powered by TippingPoint Quarantine, will enable any organization to secure their network irregardless of the software any device connecting to the network is using and without requiring any change to its existing network.
SDA: Can you talk us through Quarantine protection and why you believe it is the fundamental building block of a complete end point security strategy? Very quickly, what are the other blocks that build up a complete end point security strategy?
Ken Low: Auto-Protecting Networks, powered by TippingPoint Quarantine, offers a radical new approach to LAN security. By extending the protective power of the IPS down to every endpoint, TippingPoint Quarantine blocks insider threats and walk-in worms, then communicates with switching infrastructures to isolate offending endpoints with remediation VLANs that prevent network infection. Unlike cumbersome client-based solutions which merely check for endpoint configurations on Windows PCs, TippingPoint Quarantine Protection offers an agentless solution that constantly monitors all endpoint activities, instantly eliminating LAN-based threats automatically.
SDA: 5. What are the main areas of operation of TippingPoint division in 3Com? How is 3Com consolidating its security strategy around a foundation of intrusion prevention system (IPS) technologies since its acquisition of TippingPoint last January?
Ken Low: Unlike the other major acquisitions in the security market in recent times, 3Com’s acquisition of TippingPoint has been a very successful one. This is justified by the exponential growth of the TippingPoint division, in terms of revenues, market share and product development in the last 12 months since the acquisition took place. Leading market analysts such as Gartner, Infonetics and Frost & Sullivan have confirmed TippingPoint’s leadership in terms of market execution, technology vision and global market share.
SDA: Can you tell our readership about 3Com TippingPoint Quarantine Protection? Can it be integrated into existing networks and/or multi-vendor environments? Also, who are the peer competitors in the market and what do you believe makes 3Com's product stand out?
Ken Low: TippingPoint Quarantine is a revolutionary world’s first in IPS-based network access control (NAC). Host-based NAC methods face many difficulties such as the need for customers to adopt proprietary standards and components, install endpoint software and limitations in detecting new network and application attacks. These challenges do not apply to TippingPoint Quarantine because it supports open standards (i.e. it can be integrated into any network and/or multi-vendor environments), does not require endpoint software and based on proactive IPS technology which specializes in the prevention of new network attacks. The most valuable proposition is TippingPoint Quarantine can be deployed in any network easily, with or without host-based NAC implementations, to upgrade any network to an Auto-Protecting Network.
SDA: What are the latest UTM products in APAC? Is their appeal limited to only the small and medium-sized companies? What is their technical depth of pre-emptive protection?
Ken Low: The UTM products in APAC are typically based on firewall or antivirus technologies. The main driver for such products is the cost reduction achieved by consolidating different standalone security products into a single platform. The deployment of UTM products can simplify management and reduce maintenance cost. However, UTM products do not necessarily provide better security because UTM products provide only limited intrusion prevention capabilities (if at all, many UTM products do not provide IPS functionality) i.e. detect few attacks as traditional UTM products do not specialize in intrusion prevention. On the other hand, a leading IPS such as TippingPoint IPS, can detect and control thousands of different types of network and application attacks. The other shortcomings of UTM products are its inability to support large throughputs (e.g. gigabit traffic) and operate in transparent/invisible mode (i.e. hide IP/MAC address), Last year, TippingPoint launched the world’s first integrated security platform based on IPS, the TippingPoint X-Series, with extended security functionalities such as firewall, VPN, content filtering and traffic management, at very affordable prices. This new product is re-defining what customers are looking for in an UTM or integrated security platform.
SDA: Tell us about the book you are writing on security trends and best practices of Asia-pacific governments, universities and enterprises? How do you think it can be related to the contemporary issues of Security?
Ken Low: In my opinion, technical literature outnumber business writings on the subject of information security by a ratio of 100 to 1. There is a huge gap in security awareness and capabilities between technical and managerial staff, among different industries and more seriously, among governments and countries. My book seeks to address these issues.
SDA: According to IDC, Security spending in the Asia-Pacific region is set to double by 2010. What advice would you hold out (in some detail) to our decision-maker audience in terms of evaluation, spending prioritization, and purchasing of Information security solutions, services, and products?
Ken Low: Around the turn of this century, there has been excessive interest in intrusion detection and security management. Millions of dollars have been poured into these technologies but not only do these technologies not stop attacks at all, they also waste precious human, financial and material resources of an organization. My advice to all decision makers is to focus on proactive security technologies (e.g. IPS) which protect their networks against new digital threats and Auto-Protecting Networks to maximize the return on security investment (ROSI). |
