Print

Comment

Email

Digg

Del.icio.us

Reddit

Network security is still a strong driver for IT spending in India, as security does not cease, not even during recession. In fact, during a recession, companies view security as even more important due to the increased market competition and blended threat scape.

The large spike of activity observed between September-November 2009 was a familiar trend to that of 2008, when the first large wave of scareware hit cyber space. Scareware was also a major component detected during this wave in 2009, though overall volume had significantly increased to record levels over 2008.

As we are already in 2010, the rest of the year should see organizations focusing well on security, as the recent security attacks in the world (with a recent dose of Gumblar attacks in Japan) do echo a strong need for both the private and public sectors looking back at their security set-up. Security, particularly network security, is one fundamental area of technology that enterprises and governments alike cannot neglect.

The Primary Route
The web is now primary route by which computers get affected, mainly due to the fact that increasing numbers of organizations have secured their email gateways. As a consequence, cyber criminals are planting malicious code on websites. These codes simply lie in wait, and infect visiting user computers. The industry has witnessed sophisticated threats: cross-site scripting (XSS), SQL injection, zero-day exploits.

Increase in the number of networked portable devices and extensive usage of network on a day-to-day basis are resulting in increased vulnerabilities.

In recent years, the number of threats spread via email attachment has declined. Social networking websites are used to spread malware. Identity theft-hackers have found value in compromising user accounts, and then using the profiles as a launching pad for mass distributing malware attacks and spam.

Some of the methods cyber criminals used effectively were the use of fake anti-virus software, also known as scareware or rogueware. Such attacks prey on IT security fears and unaware users into believing their computer has a problem when it has nothing of that kind.

The Three Trends
Some of the trends witnessed in network security in recent times are:

UTM's: Beginning with IPS and firewall services, the security market and fast adopting Indian customers now show a drift towards overall network security services like UTMs. Following the trend the security market will be dominated by UTM products.

End-to-end Security: Not only at the gateway level, but right up to the end point as the end point is the weakest link. In many cases, computers outside company's security are the weakest links. These computers are often infected with worms and spyware, presenting an opportunity for attackers. Enterprise security is no longer confined to external threats alone, internal incidents of data loss are on the rise and enterprises need to seriously evaluate the impact of such incidents.

Multifunctional Router: Hybrid VPN demand is stronger than ever. Its annual revenue would be even greater than double within four years. With technology evolution, such as 3G and IPv6; and technology convergence, including WiFi, security, and triple-play, etc; brings traditional router into another level of 'services router'.

Green Security Solutions
There are multiple product vendors who offer 'green' approach in their solutions. Consolidation and virtualization have been the key approach for these vendors and they offer critical services based on this. 'Security as a service' also has been adopted by multiple vendors, who now also offer services directly through their virtual solutions. These are environment-friendly solutions, and at the same time meet customer's requirements. The concept of 'green data center' and 'DC as a service' are based on these solutions and frameworks offered by these vendors. This has created increased interest in the CXO community and more enterprises are now opting for these solutions.

Growth Drivers
Increased mobility, Internet, and web 2.0 have been adding to the vulnerabilities of organizations of all sizes. IT networks are continually growing, more applications are becoming web-enabled, threats are turning more sophisticated and regulatory requirements are demanding adherence to complex requirements and procedures-all this making security a complex issue. This has resulted in rising awareness for the need of an integrated security solution in India among both SMEs as well as enterprises as corroborated by leading analysts and research groups across the security industry.

Network perimeter is evolving with more entry and exit points emerging in the network architecture of any organization. While earlier, firewalls and IDP solutions did the job of securing the gateway, today organizations need a more encompassing security solution that protects them against blended attacks on their extended perimeters.

Enterprise & Challenges
Carriers and enterprises of all sizes are facing an increasingly sophisticated blended threat scape, with threats coming from beyond the traditional network perimeter. One of the key challenges is increase in database attacks to steal information, as enterprises look for ways to protect their databases from both external and internal breaches.

Another significant one includes the need to protect the network against web 2.0 centric threats, as the definition of 'network' expands and the popularity of social networking sites and in-the-cloud computing (such as SaaS) rises. This drives a greater need for web application firewalls and data leakage prevention mechanisms to prevent employees from bringing back tainted data and inadvertently releasing proprietary information.

Another need is that of enabling 10GbE security protocols to work at the speed of the network, as it is essential for maintaining the integrity of high-speed networks, which also, allows threats in the network to increase, as the good, bad and ugly find their way into enterprises.

Finally, carriers and large enterprises also face 3G driven threats, as smartphones continue to rise in adoption rates. 3G networks enable operators to offer more advanced mobile services and also presents more opportunities for virus infections, hence presenting the need for better security.

Upcoming Trends
In the security space, each challenge brings in more opportunities for vendors in 2010.

Information-centric security will be necessary in the next decade as access to data will continue to evolve outside the traditional network. The definition of 'network' has moved much beyond the traditional LAN to encompass distributed networks, cloud-based networks, social-media networks, wireless networks, virtual networks, etc.

Data now needs to protect itself via a networking infrastructure that positions a security control at every data touch point or internal network segment rather than just at the perimeter. Information-centric security is a more granular, intelligent and multi-layered security approach that guards against penetration of the entire network through the weakest point in the armor.

Adoption of cloud based services will create many opportunities for data infection or theft. Securing the cloud will be hotter than ever in 2010 as more and more companies adopt services such as storage for rent, software as a service, virtual IT, and application hosting.

The concept of protecting data-at-rest vs data-in-motion comes into play, forcing organizations to examine various security mechanisms to secure their data, including encryption, SSL inspection, data leakage protection, anti-virus among others.

A natural evolution with the trend in consolidating network devices is to integrate more network functionality into security devices.

Moving into 2010, additional consolidation of network services will find continued acceptance with budget-conscious customers. Switching and VoIP capabilities might be other network services to be integrated into consolidated security devices in the future.

Akhilesh Shukla
akhileshs@cybermedia.co.in

Page(s)   1