Security giants team up to defeat virus threats

19 Nov 2003

LONDON: Network security hardware and software leaders Cisco, Network Associates, Symantec and Trend Micro have joined forces to share technology, processes, research and software to combat the increased threat and impact of worms and viruses to networked businesses.

The firms, which together represent 92pc of the world’s installed base of corporate security systems and software, say they will eventually open up their knowledge to the rest of the software industry to help combat the rise in security threats.

“The magnitude of threats will continue to grow,” said Jeff Platon, senior director of advanced technologies at Cisco. It took 11 minutes for the Blaster worm to infect more than 55m computer servers when it exploited a vulnerability in Windows last August, despite the fact that a patch had been posted by Microsoft. Among the companies hit around that time was Air Canada, which lost all of its reservations for a day and a half because of the virus attack. “That’s more than 24 hours of lost business that could not be recouped,” explained Platon.

The aim of the alliance is to boost responses to security threats by creating admission accreditation solutions as well as automating companies’ ability to update virus protection software and implement patches. The initiative is part of what Cisco terms the Self Defending Network. “The plan is to automate responses to threats and create an end-to-end, seamless system that enables companies to contain threats before they cause damage,” explained Cisco’s EMEA channels and alliances marketing manager Mark de Simone. “This initiative between the four companies will see knowledge shared on servers and client systems and enable us to come up with faster response technologies and bring more value and trust to the applications.”

Quoting research from the UK Department of Trade and Industry, Tom Scholtz, vice president of security and risk strategies at the Meta Group, said that the average impact of a security attack on a UK firm was between £20,000 sterling and £30,000 sterling. However, in the US, he said, the FBI puts it at US$900,000. “The reality is that firms are reluctant to disclose the real damage. What is needed is a process-based approach whereby the prevention measures are taken along with reactive measures to contain the threat once it occurs,” Scholtz said. “Patch management is one of the more effective ways of doing this. But at present it is quite difficult. Companies are often very slow to manage their antivirus defences let alone getting into the business of responding to and managing patches for holes that crop up in networks and operating systems.”

Jeff Platon said that the Cisco-led alliance of the four companies was a collaborative effort to address the broad and growing concern among enterprises about the remediation costs resulting from worms and viruses.

“Recent worm and virus infections have elevated the issue of keeping insecure nodes from infecting the network and have made this a top priority for enterprises today,” explained Mark Bouchard, senior programme director at the Meta Group. “Many organisations were successful at stopping recent worm attacks at their internet boundaries, yet still fell victim to the exploits when mobile or guest users connected their infected PCs directly to internal local area networks. Eliminating this type of threat will require a combination of strengthened policies and network admission control systems.”

Dharma Bains, business development manager at Trend Micro, said that five of the most prevalent viruses to hit corporate networks during 2003 were known by security firms and companies more than 18 months ago. “Even when identified, viruses still have the ability to infect and it is particularly hard for companies with customers, employees and suppliers in remote offices to stop the infections.”

Platon added: “This is why we are pushing for better collaboration amongst the key systems and software vendors to co-ordinate our product development and research to help automate response to worms and patches. Between the four of us we have access to 92pc of end users and are keen to develop the elements of technology that will need to be distributed to contain future threats.”

Platon confirmed: “We plan to eventually bring this body of work to the whole open community to contain future virus attacks. It is a community initiative.” He confirmed that the company was in discussions with Microsoft to include it in future developments.

Cisco CEO and president John Chambers, who unveiled the initiative simultaneously in the US, said: “As the network continues to be a mission critical business system for organisations of all sizes, a top priority for customers is securing their information assets and minimising the impact of viruses and worms. Cisco’s Network Admission Control programme is designed to address a pervasive customer concern by helping organisations contain security threats before they cause damage.”

By John Kennedy