Preservation and perseverance

NME asks some experts to round up the main security developments over the year, to find out what is yet to be done in this region and what dangers and developments we can expect from IT security in 2010

Tags: AntiVirusCisco Systems IncorporatedFVC - First Video Communications IncorporationFortinet IncorporationKaspersky LabMalwareUnited Arab Emirates
  • E-Mail
Preservation and perseverance
More pics ›
By  Julian Pletts Published  December 14, 2009 Network Middle East Logo

This year has been an interesting, yet perhaps very worrying year, for those that are charged with protecting sensitive corporate and customer information.

The financial crisis has seen the so called underground economy, the ever growing group of criminals and online mercenaries around the globe that are trying to make money by exploiting networks and network information, up their efforts and, to a certain extent, gain ground on those fighting them. Also, with people being dismissed from their jobs at a rate not remembered in recent times, a new plague has reared its ugly head - data leakage and theft from disgruntled employees.

CIOs and IT managers have been challenged this year as never before. Not only are they having to upgrade, maintain and boost the protection of their networks, but they have also been asked to do so at fraction of the cost that they were doing before. So NME decided it would be a good idea, as we prepare for the new year and whole new round of new challenges, to ask spokespersons from the market to take a look back at the state of security over the past twelve months in the Middle East, highlight the lessons that can be learned and then to lay before us a path to secure networking over the coming year. Here is what they had to say:

What do you think have been the major threats to surface and potentially affect enterprises in the Middle East region over 2009?

Costin Raiu (senior anti-virus expert and head of EEMEA Virus Lab, Kaspersky Lab): During 2009, we've been monitoring two worrisome trends that could potentially affect enterprises in more serious ways. The first trend is the wide adoption of mobile computing environments without considering the security implications. This includes smartphones such as those based on the Blackberry platform, but can also include netbooks, low power laptops which are cheap and are generally regarded as expendable. The second worrisome trend is the increased prevalence of malware that is spreading through Windows' AutoRun feature, in practice, through the use of memory sticks.

Judhi Prasetyo (regional channel manager, Fortinet Middle East): According to our FortiGuard research team, which is specialised in identifying and countering Internet threats, Conficker was definitely the threat of the year. This computer worm, targeting the Microsoft Windows operating system, perform dictionary attacks (brute-force) on passwords of network-shares to propagate and potential cripple the complete network of the enterprise. Over 10 million PCs and hundreds of thousands of enterprises have been infected so far across the world. 2009 also saw the explosion of scareware across the cyberspace, with threats such as the Bredolab botnet, a Trojan downloader linked to rogue security software. This is a great example of the growing trend in broad distribution of fraudulent software through fake mailing campaigns titled from DHL, UPS, Facebook, etc. If opened, the machines are then recruited into a network of zombies. At last, the most sophisticated threat of the year would be Asprox. Asprox is a botnet, which leverages Google to identify vulnerable web servers and attack their databases, so that it can grow by in turn infecting the PCs of the users of those websites. With millions of attacks coming from hundreds of thousands of zombie computers, and the hacking of major websites such as MTV or the national Defense of Canada, Asprox remains the most aggressive threat of the year.

What have been the most significant vendor and manufacturer developments and milestones this year in fighting cybercrime and threats to enterprise networks?

Guru Prasad (general manager, networking, FVC): Significant advances in solutions addressing Intrusion Prevention, DPI, DLP, PKI, NBA, Compliance and Configuration management have made key impacts on simplifying the task of security management in enterprises. Products have been more innovative and pre-emptive in their approach of handing stealth and for-profit attacks on corporate networks which are inherently more complex to detect and thwart. Zero day is another significant initiative from some vendors that has been quite successful in blocking upcoming and new threats successfully.

JP: I won't comment for other vendors but I would say that, at Fortinet, the most important development has been the new release of our operating system: FortiOS 4.0. This major firmware upgrade integrates hundreds of new features to help customers secure their network by removing the malicious traffic that is reducing available bandwidth and, at the same time, accelerate the clean traffic for optimal network performance.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code