Poacher to gamekeeper

An open forum that encourages sharing and partnership among IPS and IDS vendors could help in increasing security knowledge and improving efficiencies of operations worldwide. According to Terri Forslof, manager of security response at 3Com's Tipping Point division, the IPS industry is still some time away from such an open partnership.

"The IPS/IDS industry has still not gotten where the antivirus community is. The latter has become a well-knit group, where information is shared freely about new threats among providers. But there are a lot of people who are working to build a sense of community," says Forslof.

 

While she states that the formation of such a group is at least two years away, Tipping Point's Zero Day Initiative (ZDI) is already taking small steps in the direction by forming specific partnerships with other security vendors.

ZDI was a programme created by Tipping Point, to track unknown vulnerabilities by rewarding security researchers who find them.

"The programme works in tandem with our own internal research team of 30 people. It brings together security researchers globally. The goals of the programme are to get any vulnerability information off the hands of potential hackers and submit it to the right vendor. This helps us in writing filters and enables us to protect our customers from new attack vectors," says Forslof.

The ZDI invites security researchers to submit any vulnerabilities that they come across. Tipping Point analyses the submission and picks the ones which fit certain criteria including that they are critical and high impacting. An offer of purchase is then extended to the particular researcher.

"We have around 600 researchers registered with us and contributing vulnerabilities. We have fixed more than 100 issues through the initiative. There are many Middle East researchers as well who are involved in the programme," explains Forslof.

Following purchase, ZDI develops a filter for the threat. The filter is sent as a regular update to subscribed clients.

"Previously, we did not inform the customers on what the vulnerability was or where it was located. However, we are in the process of revamping the process and we will soon be informing our enterprise clients, with whom we have established relationships, of the nature of the vulnerability. This will give them the additional information they would need to choose the right download options," says Forslof.

In addition, ZDI releases information on the vulnerability to a list of security partners, even competitors, one week before the vendor releases the patch, so that they can prepare for the vulnerability.

Forslof adds that inspite of the obvious benefits of the programme there have not as many security vendors joining in as could be ideally expected.

However, with evangelising efforts on the rise among industry experts and with customers demanding more from providers, Forslof expects increasing co-ordination among IPS vendors.

"Awareness among customers is on the rise. They are beginning to understand the need for multi-layered security to protect their data and information. They also know that these many technologies have to work together yet remain autonomous to be able to protect every level of data used in an organisation," she says.