8 Security Opportunities for Partners

IT security is having a banner year, and channel partners are reaping the benefits. From protecting Macs and PCs to securing the cloud, there's no shortage of great channel opportunities based on emerging threats, surging technologies and vendor momentum. Here are a few of them.

There have been surprising bright spots in IT security in the last year.

Spam, an occasional carrier of security threats (in addition to being a general annoyance), plunged from 62 billion messages a day to 42 billion messages a day, according to the 17th annual Symantec Corp. "Internet Security Threat Report" published in April. The drop followed successful takedowns last year of huge botnets, which are the networks of infected computers that spammers use to distribute much of their e-mail. Microsoft and U.S. law enforcement took down the Rustock botnet in March, the U.S. Federal Bureau of Investigation shut down the Coreflood botnet in April, and Microsoft shut down the Kelihos botnet in September.

Overall new vulnerabilities also experienced a pause, according to the Symantec report. During calendar 2011, Symantec logged 4,989 new vulnerabilities, each defined as "a weakness, such as a coding error or design flaw" that gives an attacker an opening into a system. That represented a 20 percent drop from 2010.

Spam and new vulnerabilities aside, security is like a game of whack-a-mole. Knock down one problem and a new one emerges -- and in a second or two, the problem that got whacked pops back up with a slight twist. Sure enough, there are plenty of security issues that enterprises and small businesses alike need help with from their channel partners.

Here are eight of the hottest areas in security -- where customers either are or will soon be looking to their channel partners to help with mitigating emerging types of threats, locking-down surging technologies or implementing hot vendor solutions.

1. Mobile Security Accommodating the consumerization of IT and the bring-your-own-device (BYOD) trends are some of the biggest opportunities in IT, but all the iOS and Android devices also represent some of the biggest openings for attackers and one of the most important areas for channel partners to be ready to help.

Looking to the example of PC malware, the Symantec report notes that the smartphone ecosystem now meets the three main criteria for threats to proliferate: a widespread platform (especially the relatively open Android platform), readily accessible development tools and sufficient attacker motivation. On Android, malware had a breakout year in 2011. High-profile malware included Geinimi, Pjapps, Rootcager and Bgserv.

In the small to midsize business (SMB) market, where smartphones and tablets are proliferating as quickly as everywhere else, there seems to be a particular lack of awareness of the potential security issues the devices present. A recent survey by AVG Technologies for its "SMB Market Landscape Report 2011" found that "almost three quarters of SMBs do not agree that the use of mobile phones in business represents a threat to IT security."

Summarizing the 2012 RSA Conference recently, Kathryn Lodato of Websense Inc. blogged about the real mobile security opportunity for the channel. "At the moment vendors are inundating the market with security offerings with MDM [Mobile Device Management] add-ons because most of the more-established MDM players are focused mostly on IT ops problems rather than security issues," Lodato wrote. "Just like in any developing market where point products have yet to fully merge, partners need to be able to step in and provide their integration expertise to act as the glue that binds those products into a meaningful solution."

Those mobile security offerings inundating the market recently include Websense Triton Mobile Security, which takes MDM features and adds device data-loss prevention technology, browsing protection, app security features, reporting and mobile malware blocking for multiple platforms. At the RSA show (and just before its acquisition by Dell Inc.), SonicWall supplemented its Mobile Connect lineup -- which already included iOS -- with an Android client app. Anti-malware vendor ESET last month released an Android-specific version of ESET Mobile Security, with real-time protection and device loss or theft mitigation features. Also last month, Juniper Networks Inc. added features to its Simply Connected portfolio that help secure mobile device access through policy enforcement.

[Click on image for larger view.]

2. Targeted Attacks An IT security-related issue that's crossing over into mainstream media coverage is the phenomenon of attacks on critical infrastructure and on the Web sites of governments and big businesses. These attacks vary from the Stuxnet exploits, apparently driven by intelligence agencies on Iranian nuclear weapon-related infrastructure, to the Anonymous and LulzSec hacking group assaults on Web sites of businesses and government agencies involved in controversial activities.

Known in the industry as targeted attacks or advanced persistent threats (APTs), these types of attacks are of special concern for partners whose client lists include high-profile government agencies or companies in the manufacturing, chemical, petroleum and finance industries.

Low-profile and small may not mean no risk, though. "It is, however, a mistake to assume that only large companies suffer from targeted attacks," the Symantec report states. "While many small business owners believe that they would never be the victim of a targeted attack, more than half were directed at organizations with fewer than 2,500 employees; in addition, 17.8 percent were directed at companies with fewer than 250 employees." Symantec goes on to speculate that smaller companies may be targeted as a stepping stone to larger organizations in their supply chain. As an example, Symantec notes that 29 companies in the chemical sector were attacked in 2011 with a backdoor Trojan disguised as a meeting invitation from known suppliers.

Trend Micro Inc. is one of several security firms productizing solutions aimed at addressing targeted attacks and APTs. Calling APTs and targeted attacks "the new norm," Trend Micro in late February announced a third generation of its Deep Discovery threat-management solution with a focus on these attacks. At the same time, M86 Security (which has since been acquired by Trustwave) launched a cloud-based Targeted Attacks Service for its M86 MailMarshal Secure Email Gateway.

Focusing on hacktivists' affinity for distributed denial of service (DDoS) attacks, Fortinet Inc. introduced a family of appliances in late April to defend corporate and government servers. The FortiDDoS appliances are scheduled for availability this month.

Next Page >>

3. Defense in Depth While the overall number of new vulnerabilities declined in 2011 from 2010, attacks based on existing vulnerabilities became more sophisticated. One of the more alarming trends is polymorphic malware. As described in the Symantec report, "the polymorphic technique works by constantly varying the internal structure or content of a piece of malware ... [making] it much more challenging for traditional pattern-matching-based anti-malware to detect." At the same time, easily found attack toolkits, such as Blackhole, make it easy for less-skilled attackers to assemble multilevel attacks without coding.

The Symantec report recommends that businesses "emphasize multiple, overlapping and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method." This is precisely where security VARs come into the picture to help customers with the big picture.

Fortunately for VARs, vendors are ratcheting up the layers of security in single products to bring more depth to offerings. Recent examples include Check Point ThreatCloud from Check Point Software Technologies Ltd., which processes attack information from across Check Point's customer base of security gateways in real time to configure the rest of the security gateways for widespread attacks. Nor is defense-in-depth limited to customers with enterprise-scale budgets. Earlier this year, WatchGuard Technologies Inc. released two unified threat-management appliances, the WatchGuard XTM 25, starting at $440, and XTM 26, starting at $635. The devices are designed for small businesses, wireless hotspots and branch offices.

4. Mac Security Even as Apple Inc. enjoys explosive growth for its iPhone and iPad devices, the older Macintosh platform is experiencing solid gains. Along with attention from customers and competitors, Macs are garnering the unwelcome notice of attackers.

Outspoken security guru Eugene Kaspersky, CEO and founder of Kaspersky Lab, caused a stir in April when he said that the Flashback/Flashfake botnet-generating malware heralded a new wave of Mac security exploits.

"[Apple] will understand very soon that they have the same problems Microsoft had 10 or 12 years ago. They'll have to make changes in terms of the cycle of updates and so on, and will be forced to invest more into their security audits for the software," Kaspersky told Computer Business Review in an interview at Info Security 2012.

To Kaspersky -- and as Microsoft and its supporters have been arguing, to derision, for years -- Microsoft's security profile versus Apple's was more a matter of market share, not technology. As Apple gains market share, Kaspersky said his company is seeing more malware targeting Macs because "cyber criminals have now recognized that Mac is an interesting area. Now we have more -- it's not just Flashback or Flashfake. Welcome to Microsoft's world, Mac. It's full of malware."

Keeping Macs malware-free is about more than the vulnerability of the Macs alone, as security firm Sophos Ltd. showed this spring. On a network with Windows computers, incompletely scanned Macs can serve as a repository for Windows malware.

In a scan of 100,000 Macs running Sophos antivirus software, Sophos discovered that one in five machines was a carrier of Windows malware. About 2.7 percent of the systems were running Mac malware.

"Some Mac users may be relieved that they are seven times more likely to have Windows viruses, spyware and Trojans on their Macs than Mac OS X-specific malware, but Mac malware is surprisingly commonly encountered," Graham Cluley, senior technology consultant at Sophos, said in a statement accompanying the research. "Cybercriminals view Macs as a soft target, because their owners don't typically run antivirus software and are thought to have a higher level of disposable income than the typical Windows user."

In addition to Kaspersky Labs and Sophos, other security vendors are emphasizing Mac protection. For example, ESET in April released betas of ESET Cybersecurity and Cybersecurity Pro with new Mac features.

5. Windows 8 Windows 8 is right around the corner, with a release preview in testers' as well as attackers' hands. The next-generation OS sports many new and enhanced security features along with the revolutionary touch-first interface. Based on previous Windows releases, security experts believe the new Windows layer, called Windows Runtime or WinRT, will inspire a new class of attacks, and quickly.

"[WinRT] will also offer a new target for malware authors. We fully expect that we will see the first WinRT-targeted attacks well before the Windows 8 release, or shortly thereafter," Symantec noted in a late-2011 paper titled "Windows 8 Security."

6. Virtual Environments Virtualization technologies create complicated environments. There's evidence that customers may not be taking that complexity sufficiently into account when it comes to security.

In a survey to support sales of its new Kaspersky Security for Virtualization, an agentless anti-malware product, Kaspersky Labs found somewhat lackadaisical attitudes toward virtual security among IT professionals in the United States. Among respondents to the Kaspersky-sponsored survey:

  • 27 percent believed security risks in a virtual environment are lower than those for physical infrastructure.
  • 53 percent had no intention of implementing specialized security technology for their virtual environments.

Other vendors are also moving to provide tools for virtual security. In a move that overlaps with the defense-in-depth concepts, F-Secure in late April released F-Secure Email And Server Security. The product combines e-mail and server protection for Windows, Microsoft Exchange and Citrix, combining physical and virtual security in one package. The defense-in-depth elements include behavioral analysis, cloud-based white lists and blacklists, browsing protection and Web site reputation ratings. A few weeks later, WatchGuard Technologies announced the launch of its line of network security products in virtualized editions.

7. Cloud Security One of the hardest sectors to define is cloud security, partly because half the title is the buzziest of current buzzwords. Is an old-fashioned white list or blacklist that's bolted to an endpoint security product a cloud solution? Or does it have to be something more revolutionary? (See our special partner guide, "Partner's Guide to Cloud Security," for more detail.) Either way, there's no denying that the sector is busy and that vendors are doing some interesting and valuable work within the category.

Recent cloud overtures by security vendors illustrate the wide range of cloud and on-premises integration opportunities available to security-focused VARs. Gwava Inc. rolled out Gwava Cloud Services in late January, a product that represents a Software as a Service approach to security, archiving and disaster recovery. The security piece, called Gwava Secure Cloud Messaging Gateway, covers e-mail spam, viruses and cybercrime. In February, Webroot Inc. moved to relocate client protection to the cloud with Webroot SecureAnywhere Business - Endpoint Protection. Later that month at the RSA Conference, Qualys Inc. enhanced QualysGuard Cloud Platform, which includes a Web application firewall, a zero-day risk analyzer module and a malware-detection service, among other elements.

8. Training End Users As fast as the security landscape changes, one thing usually stays the same: The success of many attacks depends on end-user na├»veté. Effective end-user training may be more important for channel companies to provide now than it has been in recent years.

For more than a decade, what people did at work had been relatively stable. Training largely needed to cover encouraging users to leave suspicious e-mail attachments unopened, to avoid links to untrustworthy Web sites, to look for "https" in the appropriate places and other similar advice. None of that advice is out of date, but it's not enough anymore.

The BYOD trend and social networking have radically changed the work environment. Both because hardware and the cloud make devices more capable than older phones and slates, and because their owners view them as personal, devices are more likely to be used on social media and other potentially dangerous consumer sites than older, employer-supplied devices might have been.

AVG, in its quarterly threat report for January through March 2012, spells out the mobile threat: "As reported by comScore, 34 percent of mobile users access social-networking sites or blogs. Because mobile devices are easier to monetize, they're a popular target for cyber criminals. So it's to be expected that the combination of social networks and mobile platforms will be used by cyber criminals to launch attacks." Later in its report, AVG provides examples of methods used on both Twitter and Facebook to lure device owners into installing malware.

Symantec is advocating that end users be warned about the many new threats, including malicious URL-shortening techniques encountered on Twitter. The company also suggests that users should not provide information in status updates or other public profiles on Facebook and other social networks that might give an attacker an opening.

Training provides another important opportunity to inform users that some old practices have new pitfalls. Some examples include the significant problems among certificate authorities in the last year and the recent focus on so-called "drive by" downloads of malware, which infect visitors to popular but vulnerable Web sites after being placed on the sites by attackers.