Security Threats Are Becoming More Frequent but Less Visible
It's a scary world out there, and that's good for business at ForeScout Technologies, a provider of network access control.
Jack Marsal, director of marketing, said ForeScout enjoyed 49% growth in the first half of this year. ForeScout's CounterACT NAC is aimed at warding off both malware attacks and insider fraud and also assisting with regulatory compliance.
Marsal acknowledged there were reports three or four years ago that NAC was hard to deploy. It doesn't need to be that difficult, he said.
He also gave an example of an institution joining a ForeScout product with software from another vendor. A large bank already using ArcSight's security incident and event manager linked it to CounterACT. The objective was to avoid having to use five or six different products to piece together security information. The SIEM platform now includes endpoint compliance status information gathered by CounterACT.
"The idea is to immediately identify the perpetrator's physical location," Marsal explained. "When they get the alarm data has been accessed that shouldn't have been they can tell the security guards where to go almost in real time-building three, second floor, southeast corner, cubicle 19."
ForeScout lists five key uses for NAC in preventing fraud-controlling access to sensitive resources, ensuring employees' computers are secure, ensuring employees are following security policies, detecting abnormal behavior and reacting appropriately, and reporting compliance.
CounterACT is invisible unless the administrator wants to display certain information. Suppose a new employee learns during training that no removable storage device is allowed. Nine months later, planning to work at home over the weekend, the employee inserts a memory stick into his computer in order to download some files. The employee may immediately receive an e-mail reminding him he has violated company policy and asking him to click on the message to confirm he received it.
When outside contractors need access, the company can decide whom to approve. If a vendor arrives and plugs in a laptop to work on the network, CounterACT can recognize the computer, the user and his authorized access boundaries. An unauthorized person would see a message on his screen asking him to fill out a form in order to request a visitor pass for access. The company retains control over who can get on the network and where they can go.
The Identity Theft Resource Breach Report covering 2009 shows malicious attacks and insider threats are up 36.4% with 354 reported data security breaches last year, compared to a 27% increase in incidents of accidental exposure or lost data.
Marsal said financial institutions now have to contend with threats that weren't even on the radar screen a few years ago.
"The world of threats has changed and continues to change," he said. "At the most recent Gartner Security and Risk Management Summit analysts covered extensively the fact threats used to be more visible. Virus developers were trying to damage computers and gain notoriety.
"Now more and more people are out for profit, and of course go where the money is. Financial institutions are heavily targeted for all kinds of fraud."
Marsal added that NAC providers such as ForeScout can help against botnets, short for robotic networks, malicious programs that can be remotely controlled.
Cybercrime is a sophisticated industry, Marsal said. Just as an auto manufacturer turns to vendors for products such as steel and electronic components, crooks turn to specialized providers for botnets. A criminal can go to a botnet supplier and ask for help getting inside a specific company, such as British Petroleum. Experts say anywhere from 4% to 7% of the computers in large enterprises are infected with malware.