Cyber Security Is Getting Its 'Butt Kicked'

Companies selling network security technology typically boast about how well designed and effective their solutions are, whether it’s malware protection, intrusion detection or the latest-generation firewall. But John Vigouroux has been telling the security industry the rhetorical equivalent of "we’re doomed." He’s sharing a startling statistic from an FBI cyber-crime statistics report from 2011 (along with industry analysis) showing that while the amount of money spent globally on network security and the amount earned by cyber criminals were about even in 2007--between $21 billion and $22 billion each--by 2011 it wasn’t even close. Things will only get worse by 2013.

At RSA 2011, Vigouroux, the CEO of M86 Security, called the financial losses from cyber crime a "calamity," totaling $100 billion and dwarfing the security market in 2011 at $33 billion. At RSA 2012, he called the situation a "pandemic," amid FBI forecasts that proceeds from cyber crime will jump to more than $330 billion by 2013 while the network security market only grows to $43 billion.

The graph he uses to make his point could easily be overlaid onto a chart of the death toll from the Great Influenza Pandemic of 1918 (Source Wikipedia).

"Whatever number it is, it’s absolutely out of control," Vigoroux said as he looked across the exhibit floor at the Moscone Center in San Francisco during RSA 2012. "All these companies here compete for a purchase order, but we’re really trying to fight cyber criminals. And yet, we’re getting our butts kicked really, really bad."

The "what we’re doing isn’t working" theme echoed through the conference last week. Related comments included those from the company for which the conference is named. Art Coviello, executive chairman of RSA, said in his keynote address, "We are at serious risk of failing. New breeds of cyber criminals, hacktivists and rogue nation states have become as adept at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value."

He called for a defense-in-depth approach to network threats, as opposed to the siloed solutions that may tackle one threat but leave a network exposed to others.In his keynote, and in a news conference the night before his speech, Coviello promoted the idea of “intelligence-driven security”, which was elaborated upon by Bret Hartman, CTO of RSA, in an interview with Network Computing.

"We are moving from security mechanisms that are static, that are based on a simple check, to something that’s an ongoing process where you are pulling in information all the time to be able to make security decisions on an ongoing basis," Hartman said.

RSA demonstrated a context-aware access management product that would adjust the authentication required to provide access based on variables such as device and location. For example, a user had one kind of straightforward access when logging in on the company network but required additional authentication when logging on from a new laptop from a hotel room in Minneapolis.

"We as human beings do this all the time. We make different decisions about risk based on our understanding of the world around us," Hartman said.

M86 Security also offered intelligence-driven security in the form of its MailMarshal 7 secure email access gateway. Its cloud-based service scans incoming emails looking for links that may be suspicious. If they are tagged as likely links to malware, MailMarshal changes the URL in a way that blocks the payload, then sends the email on to the recipient, said Bradley Anstis, VP of technical strategy at M86. "That’s where we use that proactive technology to analyze the original destination URL, work out whether it’s good or it’s bad, and allow [the user] to go to that link or block it," he said.

And as good as attackers might be at tricking victims, some security companies are deploying a few tricks of their own. The week prior to RSA, Juniper Networks acquired Mykonos Software, a provider of what it called "intrusion deception systems."

"It serves as a decoy on the network," said Johnnie Konstantas, director of marketing at Juniper. "It triggers at the first signs of a hacking attempt."

When a hacker attempts to infiltrate the target network, the Mykonos application steps in and begins to engage with the would-be hacker, allowing him or her to essentially start to execute the steps of the desired attack. "[Mykonos] may give them things to work on that waste their time a little, but all the while, it’s collecting analytics," said Konstantas.

So while the threats remain significant, maybe overwhelming, security innovators are still coming up with ways to thwart them. The question is whether the efforts will be enough to stem the enormous tide of cyber threats.

Of comfort is the fact that the Great Influenza Pandemic of 1918 eventually subsided.

Learn more about Strategy: Mobile Device-Borne Malware by subscribing to Network Computing Pro Reports (free, registration required).