Print
Discuss
Send to friend
RSS feedsIT Week: As a security consultant at McAfee, how do you think the dangers to firms have changed?
Sal Viveros: Threats are a lot more sophisticated now; there is actually some money behind them. Before, attacks would have been one-offs, people in newsgroups swapping viruses, hacker methods and information. Yes, they would have been creating viruses and breaking into banks - but it would have been for their own gain. Now, organised criminals are involved, and are hiring script kiddies.
Can you offer an example?
Protection rackets from Eastern Europe are holding sites - betting sites for instance - to ransom, and these sites know that if they are taken offline for several hours then they will lose a lot of money. With traditional firms, the big enterprises seem to be aware of the risks, but small and medium-sized businesses still think, "so long as I have antivirus in place I'll be alright". They are wrong.
What other defences are popular?
We are seeing lots of demand for intrusion detection, access control and authentication systems - but trying to manage every seat in an enterprise is very difficult. For example, we've seen an explosion in wireless networking. But here workgroups will go to a computer store, buy a WLAN, plug it in and go. Often, the IT manager will not know anything about it. We did tests in London, Paris and Berlin where we drove around "sniffing" for networks. Incredibly two-thirds were wide open.
So this is a big weakness?
This is a goldmine for hackers in the City. Most are looking for free access ports but once in they can look for other information. With the prevalence of compliance and data protection laws you have to be secure.
What is the role of consultants?
We offer risk management tools, and will go into an enterprise and analyse the environment, finding the most vital areas to protect. Interest is growing among IT managers for these types of services as most IT departments are understaffed, and it is very difficult to be proactive if you do not have tools in place.
There is a lot of talk about USB devices being used to steal data...
There are lots of issues around these devices, but you can protect against them. Any enterprise scanner would be able to keep a virus from getting onto the system. But keeping your data secure is a whole different ballgame. We've seen "packers" that can hide on your system and morph themselves, infecting other pieces of software. These can be very difficult to detect, and we've seen one with as many as 100,000 differentiators. You need technology to detect those sorts of things.
How big is the spyware danger?
Although it can be seen as a consumer concern, we educate firms that spyware is a serious threat. Unfortunately, when they are dealing with it, firms tend to use freeware tools. These are not centrally managed and are difficult to administrate. Because of this it is impossible to say whether you are protected or not. So many sites have some sort of adware on them now. If you let workers use the internet in any way, you have to be protected.
About Sal Viveros
Sal Viveros joined McAfee in 1997 and launched McAfee Active Virus Defence, the McAfee VirusScan Security suite, McAfee VirusScan 4.5 and the WebShield E-ppliance.
He has also worked at Network Associates, and helped launch Trend Micro, the third largest antivirus company, into the US.
del.icio.us
Digg this
reddit!
