An Ounce Of Prevention

The idea that a chain is no stronger than its weakest link is never truer than in the fight to keep computer systems virus- and worm-free. Security-focused VARs are finding that, more often than not, the weakest links happen to be the customers they're trying to help.

Between the MS Blaster worm, the Sobig mass-spamming worm and its copycats, and the SQL Slammer worm, an incalculable number of customers have been hit in recent months. The SQL Slammer worm, for example, temporarily shut down Seattle's 911 service and forced Continental Airlines to postpone or cancel some flights after its systems were infected.

Technology is doing a decent job of keeping up with the myriad ways in which organizations can suffer attacks. But VARs have long realized that good security is more about intelligent implementation, and a crucial part of their sales pitches lies in convincing customers they're at risk.

"Most customers are in a pretty reactive mode until they get hit," says Joseph Dell, CTO of Vigilar, an information security services company in Atlanta. "Then they realize they never want to go through it again."

Existing technology is powerful enough to defend an organization against all but the most insidious of these attacks--but only if customers deploy it properly.

"Some service providers think having a single box or solution will take care of it, but it's about having multiple processes that can respond to alerts," says Chris Ellerman, vice president of professional services for Meridian IT Solutions, Schaumburg, Ill.

Because some hackers ("white hats") are working with companies to help find vulnerabilities and protect systems before the "black-hat" hackers can exploit them, information about worms and viruses is usually available for days or weeks before an attack is actually launched. At that point, it's up to computer users to do something preventative, such as erecting a firewall or downloading a patch. For example, during the first two weeks of August, roughly 40 million Windows users downloaded a protective patch for the MS Blaster worm, according to Microsoft. Then again, millions didn't, and plenty of businesses suffered the consequences.

"Security is money," says Andrew Reese, national director of security consulting for DynTek, a security and management solutions provider in Irvine, Calif. "You can tell people what tools they need, but they might not have the budget for them. You have to show them the risks, but a lot of times people don't understand how to implement the technology or how to explain the need for it to their executive leadership."

Vigilar's Dell says the most secure systems use a combination of proactive solutions--which leverage existing technologies, such as firewalls and patch management--and reactive ones, such as host-based intrusion detection. According to Dell, vendors offering the most comprehensive solutions are Symantec and Cisco, which bolstered its product lineup by acquiring threat-protection software vendor Okena in April.

All told, worms and viruses have become somewhat easier to predict and track because of the increasing ability to stay informed about network vulnerabilities. But someone could still unleash an unpredictable attack on widespread computer systems, and the fear of such an event is what helps keep VARs vigilant.

"A total surprise attack would definitely be possible if a black hat found a vulnerability and didn't report it to anyone," Meridian's Ellerman says. "But the cost of prevention is much less than the cost of being attacked, and anyone with solid policies in place to know what's on their network wouldn't be hit. It's up to the VAR community to tell customers the entire story about what each product will and won't prevent."

Tweet

   

More Security