[ISN] Security elite form SWAT teams to attack viruses

From: mea culpa (jerichoat_private)
Date: Sat Jan 23 1999 - 15:16:25 PST

  • Next message: mea culpa: "[ISN] Clinton to Ask Congress for $2.85 Billion for Terrorism Prevention"

    Security elite form SWAT teams to attack viruses
    by Matthew Nelson from InfoWorld
    (IDG) -- As malicious network viruses increasingly resemble terrorist
    attacks, the security industry is developing its own version of SWAT teams
    that aim to swiftly diffuse crises and get hostages out of a jam. 
    Recently, security vendor Network Associates Inc. (NAI) was faced with a
    difficult virus to eradicate when its customer MCI WorldCom contracted the
    Remote Explorer virus, which affects Windows NT machines and encrypted
    To combat the virus, NAI called on its anti-virus researchers in the
    United States, Japan, and England to fix the damage. The company even
    recalled a team manager from vacation in Mexico. 
    "That is the job. The guy carries a beeper. The customer has a problem,
    and the customer wants it fixed now," says Peter Watkins, general manager
    of the Net Tools Secure division at Network Associates, in Santa Clara,
    Calif. "The guy we had to pull back from Mexico was the manager of the
    lab. This is the guy that has to determine the priorities. We just pull
    them in. You have to." 
    No longer is it enough to purchase anti-virus or intrusion-detection
    software and install it on a network. Users must now evaluate security
    vendors' capability to address a new virus or attack and quickly respond
    with a fix to the problem. 
    "As the networks become ever more intertwined and the code becomes more
    self-replicating and vicious, the amount of damage is growing
    exponentially," says Jim Balderston, an industry analyst at Zona Research,
    in Redwood City, Calif. "The key, now and into the future is shrinking
    response times so the damage can be limited or minimized." 
    As customers evaluate possible security solutions, most SWAT teams point
    to several key points of differentiation of which to be aware. 
      * What is the size and availability of the team?
      * What kind of turnaround time does the group usually have on
      * What is the ease of attaining updates for products?
      * Do they provide the services you need to keep up and running?
      * Which platforms do they support?
      * What is their virus-detection track record?
    "I love my job," says Vincent Gullotto, manager of Anti-Virus Emergency
    Response Team at Network Associates, in Beaverton, Ore.  "It's definitely
    what we live for. Most of these people are hard-core anti-virus people. A
    lot of them eat, sleep, and breathe these sort of things." 
    "I love my job a lot," says Carey Nachenberg, chief researcher on Symantec
    Anti-virus Research Team, or SARC, at Symantec, in Santa Monica, Calif. "I
    look forward to every day. It's actually quite challenging." 
    Users dealing with security issues, however, expect this level of
    commitment when it comes to getting networks back online after a virus
    "Any kind of company that deals with the ongoing threat of viruses would
    have some system in place where if we came to them with a virus they would
    come to us with a fix," says a virus security administrator at a large
    software publication company in California, who wished to remain
    anonymous. "You don't hear a lot of stories about viruses, but our company
    has been passing a lot of viruses lately. Thankfully none that have been
    very malicious." 
    The simple fact is, however, if a major virus hits, the first thing most
    administrators will do is remove their systems from a network. 
    That leaves users without network access and unable to conduct business as
    usual, and a company at a standstill is a company not making money. 
    "Basically if you don't have to wait and your users don't have to wait,
    that's important. Turnaround time is going to be critical in this field,"
    says SARC's Nachenberg. "Every minute that an IS manger is waiting, they
    have people who are waiting to get their systems back." 
    SARC has an average response time of 19 hours. In an effort to cut
    response times to virus alerts, SARC is working with IBM to create and
    perfect a digital immune system that will use computers to scan, identify,
    and fix viruses without the need for human intervention. 
    "Rather than humans doing the analysis, we're going to have computers do
    it," Nachenberg says. "That way we won't have to come back from our
    NAI has set the bar high for itself and is taking a slightly different
    approach, according to Watkins. 
    "I'd like to get that cycle time to less than six hours," Watkins says.
    "Over the next year, I'd like to have some of our electronic analysis
    tools onsite on the server. 
    "What I'm doing here is having more points of analysis near the customers,
    because the key here is quick containment," Watkins adds. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:09 PDT