Staying ahead of Internet threats from viruses to hacker attacks, while guarding against internal threats such as recreational Internet use and fraud, are some among IT’s biggest challenges.
Some Utah companies offer tools that can protect against Internet security risks and monitor the entire network for policy violations and other red flags.
Many businesses rely on a firewall and anti-virus software to protect their networks. But that often isn’t enough anymore, says Joe Lowry of Sandy-based Cymphonix.
“The ability to harm a machine—either by stealing information, taking over a processor or memory resources, or taking over a good name in order to spam—can take so many different formats that most people aren’t aware of how they can be attacked,” he says. “Most people continue to walk through the minefield blissfully unaware of how many mines are in the ground.”
Cymphonix’s solution, the Cymphonix Network Composer, sits right at the gateway from the server to the Internet. It enables IT staff to look across all ports and protocols in order to accurately identify Internet content, who requested it and how they did it. And all of that information is clearly categorized and reported.
“So much data can be collected that it’s overwhelming,” says Lowry. “We present it in a format that makes it very easy for someone to see what’s taking place.”
The Cymphonix solution also gives businesses flexibility in regulating Internet traffic. For example, some sites can be blocked entirely. Others can be allowed—but only after critical business functions are given priority access to the limited bandwidth.
“We allow for the shaping and prioritization of allowed applications, Websites, services, users and groups,” says Lowry.
Internal Websites, customer care sites, online banking, and payroll and vendor Websites will typically get top priority. “Even though those appear to most network infrastructures as just another Website, they’re not,” says Lowry. “They can’t be subjected to the same rules as the employee who is sitting at a computer on his lunch break watching a motorcycle scare a horse.”
Companies have long utilized “allow or deny” solutions to block certain Internet content, like peer-to-peer media download sites or social networking sites. But Lowry says too many employees know how to get around those blocks.
Members of Gen-Y, who are just entering the workforce, are often adept at bypassing usage policy mechanisms. “They have a background of easily getting around Internet usage restrictions since they were in seventh grade,” says Lowry. “They can get around the company firewall to get to their Facebook page. And yet the path they’re traveling to get there is riddled with infections and malware.”
The Cymphonix Network Composer can stop this kind of misuse—and report which users are attempting to get around Internet restrictions.
“Our product is designed for companies that have realized the Internet is now a simple extension of their network,” says Lowry.
Forensics and digital investigations are an increasingly important area of IT security. Digital forensics make it possible for companies to discover elusive security breaches and prevent similar breaches in the future.
“There’s always a way to get through the best defenses,” says Brian Karney, COO of AccessData, a Lindon-based company that specializes in digital investigations.
Attacks can come from outsiders trying to access intellectual property, classic hacker attacks, or in the prevalent form of viruses, malware, spyware and Botnet viruses.
Companies also face internal threats from employees who are engaged in fraud or who are disregarding company Internet and email policies.
“You’re probably getting compromised and you have no idea,” says Karney. “You’ve got to close the loop and defensive mechanisms only go so far.”
In fact, there are some shockingly simple ways for proprietary information to be leaked outside of a company. Employees can take it home on USB drives, for example. E-mail discussion threads can spread information and documents all across the network—and outside of it. Copies of proprietary information can end up stored in multiple inboxes and user hard drives.
And all of these various threats don’t flag traditional anti-virus software.
“Most companies have very few tools to find out if an attack has happened and very few tools to deal with an attack after it has happened,” Karney says.
AccessData’s Enterprise solution enables IT staff to find out if an attack happened, assess the overall impact of the attack and proactively check the entire network to see if the breach has occurred in other places.
“Our incident response and investigation solution can reach across the network and get to all the relevant data,” says Karney. “It helps to identify the unidentifiable.”
AccessData’s investigative capabilities include deep-dive memory analysis and password decryption and cracking capabilities.
“It’s like being able to take a vivisection of a live body,” he explains. The IT staff can see in real time what processes are taking place on the network, examine network traffic and peer into information silos like hard drives and network folders.
When a problem is flagged, companies can conduct remote investigations without alerting a suspected employee or co-workers and without tampering with evidence.
Every company is susceptible to internal threats, and younger companies in particular may not be as savvy when it comes to fraud. But Karney explains that hackers are most interested in companies that may store personal information or that process lots of credit card transactions.
Regardless, IT security impacts every business and organization. AccessData annually trains nearly 5,000 people globally in digital investigations, a number that grows as more companies search for the tools and resources to combat threats from innovative hackers and thieves.