COMNET: Symantec: Net attacks down, but more sophisticated

The number of security attacks on the Internet seem to be levelling off after a rocket-like rise during the last decade, but the attacks still happening are more sophisticated, said the president and chief operating officer of security vendor Symantec Corp.

John Schwarz, speaking at ComNet Wednesday, said he didn’t have the company’s complete data from 2002 yet, but early indications were that the rise in the raw number of attacks has slowed in the last year. “What is happening is that the seriousness of the attacks is getting more aggressive,” he added. “The attacks are better designed, they’re less perpetrated by school kids that are playing around with scripts, more perpetrated by professionals who are actually targeting a specific commercial opportunity.”

Symantec recorded 323 potential e-mail virus threats in 2002, along with dozens of other computer security problems. Schwarz noted that one small customer of the company’s, owning a single firewall and intrusion detection system, records 9.5 million log events each month, resulting in 55 legitimate security risks and two urgent threats.

IT research firm International Data Corp. (IDC) estimates that by 2005, there will be 400 million Internet-connected set-top boxes worldwide, 2 billion Internet-enabled mobile devices, and 1 billion users of instant messaging, Schwarz said. That means companies will have a host of new technologies to protect against the spread of viruses and other security headaches, he said.

“This environment is bloody complicated, and it requires a lot of sophisticated management,” Schwarz added.

Despite worries about terrorism since Sept. 11, Schwarz said he hasn’t seen terrorism as a driving force behind most computer attacks. Most of the attackers are trying to steal things like credit card numbers or computer time. “It is pure and simple economic opportunism,” he said.

Schwarz spent most of his keynote address advising the audience on ways to improve security at their companies. He advocated a multilayered approach to security, with elements including early threat detection, protection technology installed on every machine, quick alerts and response to attacks, and an easy security monitoring and management service. Of course, Schwarz pitched his company’s products as solutions to those four key needs.

He advised companies to test their security vendors during times of attack. “Make sure your vendor is capable of doing what they say they can do when you’re under attack,” he said. “If they can’t handle the volume while you’re under attack, they’re no good to you.”

He also told companies to be aware of their wireless devices and actively scan for departments secretly installing wireless networks on the company system. Wi-Fi devices can open up holes in a company network, he said. He also noted that while hackers have largely ignored handheld devices so far, he’d bet “dollars to doughnuts” that attacks on such devices are on the way.

Companies should also consider hiring outsourced security vendors to monitor for attacks, he advised. Good security vendors, with their networks of clients, will often see an attack spreading a day or two before an individual company can.

During last weekend’s Slammer worm attack worldwide, Symantec started to notice increased activity late Thursday, with the build-up in attacks continuing through Friday. “By Friday night, Saturday morning, it was an epidemic,” he said. “It happens that fast, it’s that rapid.”