Keeping Up With The Hackers

*Editor's Note: This is the fifth of 10 installments of our 5 Hot-Button Issues series, in which we spotlight five things solution providers should keep an eye on over the coming year in various IT and channel categories.

Gone are the days when hackers would attack networks and Web sites simply to make a name for themselves. These days, it's all about hacking for profit.

The U.S. government has mandated that companies protect themselves from attacks by implementing stronger security measures in their network infrastructure as well as in applications. But in many cases, the bad guys are one step ahead of the game. Here are five issues at the forefront of the ever-changing information security landscape.

1. Regulatory Compliance
Enterprise security solution providers focusing on regulatory compliance-oriented security solutions have been enjoying solid growth, as the federal government has gotten serious about requiring organizations to safeguard sensitive corporate data on their networks.

Compliance was a hot-button issue at Symantec's annual partner conference in June, where Jeremy Burton, senior vice president of enterprise security and data management at the Cupertino, Calif.-based security giant, discussed the risks for companies that don't have clear policies for compliance.

"If you don't have a compliance story, learn how to tell one," Burton told partners at the event.

2. Network Access Control
Over the past year, the growth of the NAC market has accelerated dramatically as key vendors have clarified their plans.

Although there are different approaches to the technology, the central idea of NAC is to protect corporate networks from threats by scanning all PCs for malware each time they attempt to connect. This ensures that patches and software -- such as antivirus and desktop firewalls -- are up-to-date before allowing users to access the network, and quarantining infected or noncompliant machines.

NAC especially helps to combat the threat of malware being introduced to the network by mobile workers bringing in infected notebook PCs, said Brian Haboush, vice president of business development at Intelligent Connections, a Royal Oak, Mich.-based solution provider.

"The borders of the network have become so fuzzy with contractors and guests coming in and out, and NAC provides a way to secure those fuzzy borders," he said. 3. Application Source-Code Analysis
Application security vendors such as SPI Dynamics have recently rolled out tools that identify cross-site scripting and code-injection vulnerabilities in Web sites. The tools also examine source code during the software development process in order to minimize glitches that could be exploited by attackers.

SPI uses techniques commonly employed by hackers to assess and audit Web sites, said Caleb Sima, CTO and founder of Atlanta-based SPI Dynamics. "We emulate how a hacker would look at your Web site, which allows us to be faster and extremely accurate," Sima said, adding that the software's false-positive rate is "close to zero."

Terry Kurzynski, managing partner at Remington Associates, a solution provider in Schaumburg, Ill., estimates that about half of his clients have a "significantly high" number of vulnerabilities in their Web applications.

"Source-code analysis saves companies a lot of time by finding problems early and [enabling] them to put out more secure applications and code," said Kurzynski.

4. Web Services Security
Hackers frustrated with improvements in Web application security have begun shifting their attentions to Web services. Vendors such as Watchfire have developed tools that companies can use to ensure their Web services applications are impervious to attack.

Watchfire's recent release of AppScan 6.5 addresses the growing trend of attacks targeting the application layer by giving companies a way to test this critical part of the enterprise infrastructure, said Mike Weider, founder and CTO. Now that companies have learned how to defend their network infrastructure and Web applications, hackers are beginning to target Web services, he said.

"As people get better at securing Web applications, attackers are looking at the next level down in their search for the easiest way to compromise an application," Weider said.

5. Pharming
While phishing attacks use social engineering tactics to deceive Web users, pharming targets vulnerabilities in DNS server software. That enables attackers to acquire the domain name for a legitimate Web site and redirect its traffic to a bogus Web site with an identical design.

Pharming is a rapidly emerging identity-theft tactic and is difficult to detect because companies need to monitor traffic inside the organization as well the larger Internet to detect it. For this reason, managed security service providers such as Deerfield, Ill.-based Catbird Networks believe they're uniquely equipped to defend against pharming.

Catbird's network of globally distributed sensors located at major Internet traffic aggregation points enables the MSSP to continually monitor customers' networks to identify patterns of behavior that indicate fraudulent activity, according to Doug Michels, chief security officer.