CyberSight: Security

What about resilience?
How is this technology different to my standard IDS systems?
Are firewalls a valuable tool?
What is your impression of the security marketplace?
Has hacking changed over the last few years?
Are we being well protected by the security marketplace?
Are security companies prepared for the future?
How can companies be proactive?
Are security systems secure?
How quickly am I being protected?





What about resilience?

CyberSight v7 supports an unlimited number of failover servers - if a server dies, control is directly moved to the next in a chain of failover servers

How is this technology different to my standard IDS systems?

Unlike other IDS systems, CyberSight v7 does not monitor network traffic. We consider this to be reactive, only finding some threats which have already been activated internally or events that may be false positives due to the fact a remote connection has been requested to an internal hacking tool which is not present. Again this would be reporting a hacking attempt to which you are not susceptible.

Network based IDS systems can also be attacked by hacking tools which send out streams of false signatures which can flood any network based IDS systems with false positives. A common technique used by hacking tools is to implement some kind of protocol encryption which may pass undetected by a network based IDS.

Are firewalls a valuable tool?

Yes. However they do have significant limitations. Again they work at network traffic level and if not implemented on a client to client basis they would be missing all the internal client to client hacking tools which are in abundance these days. They also do not tell you what is going on, they blanket block protocols,reducing functionality. There are a number of new techniques which are currently threatening the firewall community by tunnelling through locked down ports.

Of course the more and more network bandwidth available the more and more work is required to process the information. Larger and larger systems would be required to process the increasing amount of network bound information.

What is your impression of the security marketplace?

There are hundreds of different solutions around, most of them are too focused in small areas of security. Many of them have vulnerabilities of their own which can be utilised by today's hackers.

Has hacking changed over the last few years?

Yes - the most significant step has been the automation and distribution of hacking tools to the general public. Hacking used to be a black art - this is no longer the case. Your average man in the street with limited IT knowledge can use some quite sophisticated tools to break into remote systems.

Are we being well protected by the security marketplace?

There is no other way to put this - NO - most security systems work on an alarm basis, this is that they detect threats which they have seen before. Unseen threats typically go undetected.

Are security companies prepared for the future?

Research we have done shows that within the next 2 years the availability of hacking tools will increase by over 1000%. This will put a significant strain on the databases of legacy security systems. As you have probably seen there are security tools which companies are turning off as they are beginning to slow down systems with only a few tens of thousands of threats in their databases.

How can companies be proactive?

By understanding their systems in more detail, gather more information in the correct areas relating to the risk they have. Undertake more research into the threat, don't believe what security companies tell you - there are more hidden techniques for hacking which are not talked about - why raise a problem if you have no solution?

Are security systems secure?

Some are better than others. One technique used by hackers is enumeration. An example of this would be a port scanning tool. A remote tool which looks for systems which have listeners (services which listen for an outside connection). These listeners can be susceptible to attack or spoofing. A remote system could connect to these listeners and pretend to be a valid connection.

There are also examples of vulnerabilities in security tools which by the process of installing a security product may open a system up for attack.

How quickly am I being protected?

With most legacy security products you are at the mercy of the vendor, you typically don't have the ability to add threats or files to the detection engine itself. For example, it is unlikely that your virus checker provider will add files to their detection engine that you request, especially if it is not a virus.