State of Technology: Beating Back Hackers

At one point, Jeanson James Ancheta, a 21-year-old California hacker, had more than 400,000 compromised computers at his command. He and his "botmaster underground" cohorts would sell access to their "botnet" to third parties, which would use it to launch massive distributed denial-of-service attacks, disseminate a torrent of spam and install adware on unsuspecting users' machines.

Earlier this month, Ancheta became the first person successfully prosecuted for building and using a botnet for malicious purposes. He'll spend three years in prison, pay a fine of $15,000 and forfeit the proceeds of his crimes--more than $60,000 in cash, a BMW and assorted computer equipment.

While the G-men got their man, there are thousands of other Anchetas on the Internet, each using innovative attack tools, techniques and technologies to compromise networks and steal their way to more bandwidth, information and money. Ancheta's use of botnets is just one example of the arms race in which security VARs are engaged. The attackers are equally as innovative, if not more so, than their white-hat counterparts.

Fortunately, security VARs have a wide range of innovative technologies to protect their customers' IT infrastructures. And resellers that are trying to stay ahead of the curve may find that some of their most innovative solutions come from a surprising source: their customers.

The quarterly VARBusiness State of Technology survey shows just how complex the security market is. A plurality of small (31 percent) and midsize VARs (27 percent) see network connectivity as the most innovative security area. Among large VARs, 20 percent cited identity management. But network access, identity management and threat management are viewed as being creative in their own way.

Meanwhile, small VARs (23 percent) are anticipating the most innovative gains to be made in threat management in the coming year, while midsize (21 percent) and large VARs (27 percent) see identity management as the hotspot. One thing resellers of any size generally agree on is that the most useful new security features are ease of updating and automated responses to threats, and the majority of them also feel that the most innovative solutions arise from vendors and solution providers working closely together.

The trick for resellers is to figure out what counterthreats they have in their arsenals.

"The root of all innovation involves sorting through what you have vs. what's new," says Don Jackson, executive vice president and owner of SunTel Services, a solution provider in Rochester Hills, Mich. "With some of the newer products, we're poised to be more innovative than we have been in the past. Where you have to be clairvoyant is in anticipating how upcoming products will impact what people are buying now."

That's an important consideration in the security space, because the product cycle is much like the networking market: New technologies emerge and get hot but eventually become commoditized as they're phased out or folded into other products. This is an unusually intricate process in security, because there's a debate over whether it's best to have single-box solutions or multiple specialty implementations that work in concert. A single device that has all of a company's software for firewalls, antispam, antivirus, SSL VPN and content-filtering may be easier to manage, but it also presents a single target and, potentially, a single point of failure.

"We're waiting for convergence at the gateway on things like antivirus and antispam," says Ryan Guzal, SunTel's manager of security services. "As we add more services, the customer can take advantage of having a single box."

But as Guzal's colleague points out, there may not even be a consensus within the same company about whether this is a pursuable goal. "Larger companies are wrestling with this," Jackson says. "They're hesitant to bring multiple applications onto a single box because they want to have a multivendor strategy to keep the price competitiveness in place."

NEXT: Security VARs create innovative solutions.