State of Technology: Beating Back Hackers

At one point, Jeanson James Ancheta, a 21-year-old California hacker, had more than 400,000 compromised computers at his command. He and his "botmaster underground" cohorts would sell access to their "botnet" to third parties, which would use it to launch massive distributed denial-of-service attacks, disseminate a torrent of spam and install adware on unsuspecting users' machines.

Earlier this month, Ancheta became the first person successfully prosecuted for building and using a botnet for malicious purposes. He'll spend three years in prison, pay a fine of $15,000 and forfeit the proceeds of his crimes--more than $60,000 in cash, a BMW and assorted computer equipment.

While the G-men got their man, there are thousands of other Anchetas on the Internet, each using innovative attack tools, techniques and technologies to compromise networks and steal their way to more bandwidth, information and money. Ancheta's use of botnets is just one example of the arms race in which security VARs are engaged. The attackers are equally as innovative, if not more so, than their white-hat counterparts.

Fortunately, security VARs have a wide range of innovative technologies to protect their customers' IT infrastructures. And resellers that are trying to stay ahead of the curve may find that some of their most innovative solutions come from a surprising source: their customers.

Sponsored post

The quarterly VARBusiness State of Technology survey shows just how complex the security market is. A plurality of small (31 percent) and midsize VARs (27 percent) see network connectivity as the most innovative security area. Among large VARs, 20 percent cited identity management. But network access, identity management and threat management are viewed as being creative in their own way.

Meanwhile, small VARs (23 percent) are anticipating the most innovative gains to be made in threat management in the coming year, while midsize (21 percent) and large VARs (27 percent) see identity management as the hotspot. One thing resellers of any size generally agree on is that the most useful new security features are ease of updating and automated responses to threats, and the majority of them also feel that the most innovative solutions arise from vendors and solution providers working closely together.

The trick for resellers is to figure out what counterthreats they have in their arsenals.

"The root of all innovation involves sorting through what you have vs. what's new," says Don Jackson, executive vice president and owner of SunTel Services, a solution provider in Rochester Hills, Mich. "With some of the newer products, we're poised to be more innovative than we have been in the past. Where you have to be clairvoyant is in anticipating how upcoming products will impact what people are buying now."

That's an important consideration in the security space, because the product cycle is much like the networking market: New technologies emerge and get hot but eventually become commoditized as they're phased out or folded into other products. This is an unusually intricate process in security, because there's a debate over whether it's best to have single-box solutions or multiple specialty implementations that work in concert. A single device that has all of a company's software for firewalls, antispam, antivirus, SSL VPN and content-filtering may be easier to manage, but it also presents a single target and, potentially, a single point of failure.

"We're waiting for convergence at the gateway on things like antivirus and antispam," says Ryan Guzal, SunTel's manager of security services. "As we add more services, the customer can take advantage of having a single box."

But as Guzal's colleague points out, there may not even be a consensus within the same company about whether this is a pursuable goal. "Larger companies are wrestling with this," Jackson says. "They're hesitant to bring multiple applications onto a single box because they want to have a multivendor strategy to keep the price competitiveness in place."

NEXT: Security VARs create innovative solutions.

Building Stronger Walls

While vendors work away in their labs to create new products, security solution providers are finding that they can be most innovative by creating services for their customers that knit together disparate technologies, whether from one vendor or several different ones.

CSCI, a networking and security solution provider in San Diego, has spent the past few years aggressively building its managed-services practice to complement its product business. The VAR is teaming up with Juniper Networks, among others, in efforts to expand within its geographical region.

One project that Juniper has fleshed out is a sort of matchmaking system in which it pairs VARs with other technology partners wherever they identify a potential fit. Recently, the vendor introduced CSCI to security-services powerhouse VeriSign, allowing the two to create an SMB security-services suite.

"I'm not sure many partners do managed services over a wide area, but Juniper is teaching us to be better at this," says CSCI president Rich Tear. "They introduced us to VeriSign so we could craft SSL VPN authentication services around a VeriSign front end, and now we have a feature-rich solution for companies that can't do it themselves."

Projects such as these show how solution providers can be innovative without having to wait for new silver-bullet technologies. SunTel has undertaken such projects by providing virtualization services for Juniper's Internet Security Gateway devices and creating "demilitarized zones" to handle security transactions with vendor partners such as Cisco Systems, Nortel and Mitel. Products and services built around security-event management, intrusion prevention and network intelligence are also mentioned often as exciting areas.

"It becomes a matter of deployment innovation--how you deploy the technology on the customer network to fit with the technologies they already have," Guzal says. "For something like network access control, there's an opportunity to be innovative about how to deploy enforcement points."

The Ties That Bind

According to the State of Technology survey, security innovation is a collaborative process that often involves solution providers, vendors and end users working in concert to build better defense systems with new and existing technology. Many VARs feel that this three-way collaboration is key to winning the hacker arms race.

"We have a wide enough customer base so we can sense which way the wind is blowing, and we see a lot of activity by taking the consulting approach," says Dan Wilson, vice president of partner relations at Accuvant, a security solution provider in Denver. "Customers start to sniff around new technologies, and our smaller customers have taken the lead on demanding things like WAN acceleration."

When trying to find ways to be innovative, there are numerous ways for partners to take the initiative.

"If you have a unique solution, you can't just ask the vendor, 'Where are my leads?'" says CSCI's Tear. "If you spend time investing in the solution, the right vendor will push you through."

Most Innovative Security Vendors: Cisco and Symantec