Thursday, February 19, 2009

How to Stay Ahead of Hackers and Cybercriminals


My conversation with Jonathan Nguyen-Duy, Director of Product Management for Verizon, ended up being very thought-provoking. We were supposed to talk about a new security offering, a backbone-based solution aimed at stopping Internet-based attacks even before they hit a company's network. (I'd spoken previously to Nguyen-Duy about Verizon's risk-correlation service.)

Nguyen-Duy is a fount of knowledge about the changing landscape of international cybercriminals. Verizon is expanding its denial-of-service (DOS) detection and mitigation capabilities into eight network management centers serving 24 countries with new levels of scalability -- in part because of an increase in international cybercrime, according to Nguyen-Duy.

"Our customers are telling us that the frequency and complexity of DOS attacks has grown. We're now seeing cyberattacks based on social and political activism. We're also seeing less sophisticated hackers getting access to attack methodologies."

A case in point: consider the following related events.

Item: The Bureau of Alcohol, Tobacco, and Firearms, he says, recently arrested "the eBay of cybercrime" in Phoenix, Arizona which was selling automated attack programs, called botnets.

Item: A CIA official said at a conference that the recent power outages in South Florida were results of an unauthorized probe of the utility network originating from China.

Item: Crime syndicates are more frequently attacking financial services firms, online retailers, and government agencies for extortion purposes, in countries where there may be no laws or no enforcement of the laws.

"If you're a global enterprise or agency with deep pockets and a brand to protect, the challenge is real," Nguyen-Duy says.

"This gives rise to a clear problem: If you have a DOS attack that floods a device with five times the normal amount of traffic, do you have the capacity on site to parse through it and separate the legitimate traffic, and can you do it in real time so you don’t have degradation in service?" Remember that typical consumers won't sit through a transaction if they experience latency of more than 10 seconds.

Protection: Around the Clock, Around the Globe
No, we're not trying to write the script for Die Hard V here. However, because globalization is increasingly driven by the ability to share information anywhere, companies that take advantage of it are also making themselves more vulnerable.

Unless you want to deploy high-priced security experts everywhere you do business, it would be prudent to consider how expanded managed security services can protect your multinational communications network. And, thereby prevent the unthinkable from becoming a reality.

No comments:

Post a Comment