Espion and the future of computer security

8 May 2003

Starting up a business just before the 11 September attacks might not be the best timing ever but Espion has managed to weather the early uncertain business climate and, in less than two years, firmly establish itself on the computer security scene.

It is still a modest operation – its seven staff members operate out of small offices in Monkstown, Co Dublin – but Espion has earned a reputation for being progressive and pioneering in the area of information security.

Its profile has been helped considerably by the leading role it has taken, along with management consultant Deloitte & Touche and managed services provider Data Electronics, in managing and promoting the Irish Honeynet, a project aimed at measuring hacking activity against Irish internet domains. Espion clearly prides itself on having its finger on the pulse of the computer security. “We position ourselves as selling new and emerging technologies that satisfy a specific niche within IT security,” explains technical director Colm Murphy (pictured).

Its preoccupation with finding the Next Big Thing led it to the door of a security product vendor based in Waltham, Massachusetts, called Okena. Okena specialises in the new and fast-growing area of intrusion prevention systems. Rather than merely alerting a system administrator when a hacking or virus attack has happened, as intrusion detection systems do, intrusion prevention is about protecting a network or website from being attacked in the first place. The market is small but is expected to grow from US$62m last year to US$520m by 2007, according to analyst firm Yankee Group.

Driving the interest in the technology are the potential cost savings in IT security infrastructure and operational resources. “It is a new way of looking at security and is specifically suited to the Irish market,” Murphy observes. “Companies here don’t have Swat teams of eight guys jumping out of bed at four in the morning and dashing into work because there’s an alert on an intrusion detection system. We were looking for something that solves the problem of not having enough staff.”

Murphy believes that security weaknesses are partly caused by web applications and operating systems having more features and functionality than are necessary. Central to intrusion prevention is closing off these avenues of opportunity to hackers and virus authors. “What intrusion prevention does is prevent an application working above and beyond what it normally would,” he explains. “It ties down an operating system to such an extent that it will only do what you want it to do and no more.”

Espion was appointed as a distributor by Okena a year ago and since then Okena’s Stormwatch intrusion detection product has been sold to a number of unnamed Irish organisations, mainly in the financial services, telecoms and manufacturing sectors.

Though barely four years old, Okena was recently acquired by network equipment giant Cisco for US$154m, which gives some idea of the excitement the concept of intrusion prevention is creating in the industry.

The jury is still out on whether intrusion detection systems can help businesses win the battle against internet security breaches from viruses/hackers but it’s a battle that is unlikely to end at time soon. The reason, believes Murphy, is that computer security is still low on the list of priorities, particularly in smaller organisations.

“The large high-risk institutions are doing very well. It’s the SME [small to medium-sized enterprise] with 50-100 people that we find isn’t as aware of the issues as it should be,” he says.

Other trends noted by Murphy in the two years since Espion became operational include a rapid rise in the incidence of email harassment usually by one work colleague on another. He says the company is receiving more and more requests from organisations to use computer forensics to investigate cases of bullying. On a good month, Espion may carry out up to 10 of these investigations. The cases it deals with shows both the prevalence of electronic bullying and the naivety of some of the perpetrators. “People think if they send you an anonymous email from a hotmail account they can’t be caught. But the fact is they wrote it on their machine and regardless of how many times they deleted it, we’ll find it. It’s very easy to prove somebody did take a particular action.”

By Brian Skelly