His job: predicting cyberstorms

Alfred Huger sees security threats approach organizations in much the same way meteorologists predict storms – but even after years on the job, he says he’s still surprised “on a weekly basis” by what he finds.

Today Huger is senior director of engineering with Symantec Corp.’s security response operations in Calgary.

The division oversees the vendor’s DeepSight line of software. It was in Calgary that Huger founded SecurityFocus, a firm that specialized in threat management software.

He ultimately sold the 51-person company to Symantec last August.

DeepSight works like this – Huger and his team work at a monitoring center that gathers data from an estimated 19,000 sensors worldwide, each tracking Web traffic using an organization’s intrusion detection systems as a perch. The data is gathered in near real-time and Huger’s team runs statistics analysis on them.

With years of data now amassed, Huger has been able to piece together a long-range “weather” pattern of Internet threats, information that gets passed along to Symantec’s customers.

For instance, if a bank knows that a large portion of its IT staff will be taking holidays during the summer months, Huger can tell them what types of attacks a company that fits its profile (location, industry) can expect, what kinds of servers are typically hit and what they’re attacked with.

Despite years in the business, Huger says he’s constantly learning new things when it comes to the volume and timing of attacks. “It goes down on the weekend globally, and the volume of attacks is busiest for North America during work hours,” he said.

Symantec’s data has also helped to set the record straight on some commonly held misconceptions, such as the notion that groups of hackers have launched attacks on each other as part of patriotic or nationalistic campaigns, which he says has proven untrue.

But Canada has earned a dubious distinction. “The U.S. is the single largest launching pad (of attacks). Canada is a really close second,” he noted.

While the most compelling threat differs according to industry, the average large companies still face the biggest threat from disgruntled employees. “Which is not to take away from external threat…they’re both very dangerous. But you end up with a steel door on a grass hut.”