Secure at all layers

Secure Computing advises regional enterprises to use proactive security on top of existing legacy systems to properly guard against new-age internet threats.

  • E-Mail
By  Sathya Mithra Ashok Published  October 14, 2007

Reputation based security is fast gaining traction as the nature of threats change worldwide. According to Mike Smart, EMEA product manager for Secure Computing, the company is well positioned to tap into the market with its solutions.

"We are one of the largest independent security vendors in the world. We focus on security specifically and we constantly innovate to add to our solutions. One of them is the reputation system. That is a fairly new trend in security - the idea of looking for what is being sent as well as who is sending it," says Smart.

The way we use the net has changed. It is now a kind of platform and the browser is like the OS. This brings a lot of new vulnerabilities that users don’t know of.

According to Smart, Secure has systems around the world that constantly gather experiences of web hosts. These are collected, crunched up and a reputation is developed for every IP address.

"That means, when a customer connects to a host, even if it is the first time for him, it won't be for us. We already know the risk for the user and they can make a decision based on the quality of the host. They can accept or block users from visiting that particular IP address without seeing the content. This is a proactive approach that even helps users save their bandwidth," says Smart.

As more and more threats are being developed to bypass signature-based security, reputation analysis helps enterprises avoid zero-hour threats.

"That's not to say that antivirus is gone. People would continue to use it as much as they would continue to use firewalls. But they can build an additional level with such proactive defence mechanisms," says Smart.

Behavioural analysis of content is another area that Secure is building expertise in and has solutions for. According to Smart, the company's products can analyse content for what it is meant to do within any network and block it based on its intent. This also helps regional enterprises in tackling zero hour threats.

"The reason for the growth of Web 2.0 is that the way we use the net has changed. It is now a kind of platform and the browser is like the OS. This brings a lot of new vulnerabilities in the background that users don't know of. Companies still keep buying legacy systems like firewalls and antivirus. Its not that you shouldn't buy them but you need something else on top of it as well," states Smart.

While SMBs have become eager adopters of consolidated security offerings such as UTM devices, enterprises still tend to buy separate boxes with high capacity and performance levels to ensure best-of-breed security. However, Smart points out that they would still need to look at consolidation to achieve higher efficiency from products.

"Enterprises do want to consolidate to reduce the expense of managing all these individual products. It can be a nightmare. With Secure's four major product groups, enterprises can bring security together and reduce complexity and risk - the risk of support, the risk of management and integration. People here are beginning to realise that while 90% of them have firewalls and antivirus, 60% to 80% of them still get affected by threats. That's because of zero hour attacks and we have solutions to address that," says Smart.

Smart believes that being an independent vendor of security allows Secure to invest properly in R&D to counter the changing nature of web-based threats. A security division within a larger IT player would not be able to bring the same dedication and commitment to research.

"There is no silver bullet. I don't believe any vendor who promises that they can fix every threat. There are elements of different technologies that can work together and we have a good set of those," says Smart.

"Technology is a part of security, but policies are big too. If you have a load of employees you need to talk to them about the risks of getting e-mail. Even if you have an e-mail solution that blocks phishing, some might get through. You have to teach them about the elements of social engineering and that there is a huge difference between receiving e-mail and clicking on the links. These things are critical - training and awareness," he concludes.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code