Looking to ride the publicity wave generated by the SQL Slammer worm that wreaked
havoc on networks worldwide, some of the biggest names in the software
security industry are rushing to hawk early detection and warning systems
for Internet attacks.
Dueling announcements from Symantec and Network
Associates outlined the importance
of detecting and warning about hacker attacks in the early stages to avoid
widespread propagation, but one analyst believes many security firms are
helping to create fear and uncertainty to bump up software sales.
John Pescatore, a security analyst at Gartner, told
internetnews.com the incessant warnings about cyber-terrorism
don’t “make a lot of sense.” He said many software vendors are
overstating the threat in the wake of the mainstream media’s reporting on
the Slammer worm.
“There is value in this publicity for security firms like
Symantec and Network Associates. It has helped put a greater emphasis on
the need for increased spending on enterprise security and now they are
looking to cash in on that fear,” Pescatore said.
Cuptertino, Calif.-based Symantec rolled out Symantec DeepSight Threat Management System 4.0, a tool that promises customized warning, analysis and counter-measures to deal
with hacking attacks.
The company is styling the software upgrade as an early warning system
that provides “a comprehensive birds-eye view of global Internet attacks in
a timely manner.” It said the DeepSight Threat Management System would
track security threats as they occur on a global basis by gathering data
from firewalls and intrusion detection systems (IDS) in more than 180
countries.
While early-detection and warning systems from security vendors aren’t
new (competitors like Computer Associates and Network
Associates offer similar products), Symantec said its
DeepSight Threat Management System was enhanced to feature data integration
and alerts reporting.
“For example, (our software) discovered the Slammer worm hours before it
began rapidly propagating. Symantec’s DeepSight Threat Management System
then delivered timely alerts and procedures, enabling administrators to
protect against the attack before their environment was compromised,” the
company boasted.
The Symantec announcement comes just a day after rival Sygate
Technologies released a comparison test showing its Secure Enterprise 3.0
software to be superior to the comparable product from Symantec. The company
said research from ranked Sygate higher
than Symantec in all categories tested.
Santa Clara, Calif.’s Network Associates also joined the public relations
push. The company unveiled the InfiniStream Security Forensics tool from its
Sniffer Technologies unit, calling it the “most powerful and fastest
forensics analysis solution on the market that allows enterprise customers
worldwide to reconstruct, understand and prevent harmful network activity
and security events.”
Network Associates said InfiniStream features greater storage capacity
and speed to allow enterprise clients to capture, store and analyze
up to 2.9 terabytes of data across a network. The tool lets customers
identify, investigate and verify the exact source of network and security
problems, reducing the risk of financial fraud, intellectual
property theft, virus threats, and network sabotage.
The increased activity from the vendors comes as no surprise to Gartner’s
Pescatore.
“This business thrives on fear, uncertainty and doubt. To sell
burglar alarm services, you have to show crooks breaking into old ladies’
homes. That’s what we are seeing here,” Pescatore explained.
“People spend money on security after something bad happens so we have
the companies hyping up the threat of cyber-terrorism. The reality is that
cyber-terrorism hasn’t happened and doesn’t make a lot of sense,” he
argued.
He described the media-driven fear of cyber-terrorism as “total hogwash,”
arguing that hacking attacks on Internet networks should not be put in the
same class as terrorist attacks on physical targets. When the political
strife in the Middle East escalated last year, Pescatore said cyber-attacks
against Israeli and U.S. financial institutions did increase but he argued
it was “pure hypesmanship” to put those kinds of cyber-attacks in the class
of a suicide attack by a terrorist.
But, Pescatore sees some value in the underlying fear. “What this
publicity has done is shorten the window between when an attack starts and
when enterprises find out about it and act on the information. It has helped
to generate awareness and gives the system administrators some ammunition in
their quest for increased budgets for security,” he said.
Pescatore said Gartner statistics showed Internet security spending to be
a mere 3 percent of an enterprise’s total budget but, because of the
increased attacks, that figure was expected to climb to 5.4 percent by the
end of 2003.