Security software’s fight against malware

29 Jan 2004

When it comes to protecting your company, barbed-wire fences and padlocks on all your doors are all well and good, but if someone carrying the flu comes into the building and infects half your staff, all the security measures in the world won’t help you.

So it is with IT; up to now, much of the emphasis has been on guarding the gate by means of firewalls. Looking to 2004 and beyond, perimeter security, though still very necessary, will not be enough by itself.

Check Point Software Technologies, one of the world’s leading security vendors, has been around for 10 years. The market has evolved to a point where nearly everyone now has a firewall, Niall Moynihan (pictured), its EMEA technical director, explains.

For the time being, however, he optimistically doesn’t foresee a fall-off in sales of the company’s core product, but single products alone will no longer be sufficient to secure IT infrastructures. “Will we sell more firewalls in 2004? Yes. But there will be more of a focus on security solutions,” he asserts.

The reason for this is that downtime, and not hacking, will be one of the important issues for the coming year, Moynihan predicts. As computer worms become more prevalent, burying their way into organisations, security providers face the challenge of getting ahead of these viruses and their variants.

“A firewall is required because it protects your network and that will always have to be there, but how most of the worms are attacking is that they haven’t come in through the firewall. They were brought in by individuals within the company whose laptops have been infected,” says Moynihan.

Such users bypass all of the usual perimeter security checks because they are considered ‘friendly’, although if their systems have been unknowingly infected, they’re anything but. According to Moynihan, this is happening all the time. It’s likely to continue as more organisations move away from having users with fixed desktops to greater amounts of mobile computing and hot-desking.

So what’s the solution? Moynihan makes an analogy with how the foot-and-mouth disease outbreak was handled: those suspected of being infected can be quarantined, minimising the chances of the virus becoming widespread. Check Point is developing technology that will break up the network into sections to allow this to happen. “You will be able to put software in so that if one part of the network is taken down, we can confine it there and fix it, so it doesn’t run through the entire network.”

Check Point is also working on a product designed to stop worms at source and prevent their attack. According to Moynihan, many worms have similar characteristics and some of the most high-profile attacks in 2003 came from variants on the same malicious code. Stop one, so the thinking goes, and you can stop many.

By Gordon Smith