Breaking the ‘hacker attack chain’

Breaking the ‘hacker attack chain’

At a recent seminar in Israel, security experts from Symantec laid out what Israel – and the world – faces in the coming cyberwar

Symantec NetBackup 5220 security appliance (Photo credit: Courtesy)
Symantec NetBackup 5220 security appliance (Photo credit: Courtesy)

One would think that by now, after lurid revelations about industrial espionage, high-level hacking, and politically-motivated viruses from Stuxnet on down, companies would have figured out ways to protect themselves. After all, the danger is clear and present, no longer just theoretical.

Yet, said Marco Riboli, vice president and general manager of Symantec’s Europe/Middle East/Mediterranean Region, that is not the case at all. “Few companies are well organized at this time,” and as a result, hackers are having a field day, invading business and government computers almost at will. And the issue is especially significant for Israel; where very few companies take the long-range view and philosophy Riboli, and Symantec, believe is necessary for survival in today’s cyber-climate. “Israel is the second-most frequently attacked target in the Middle East, after Lebanon” for serious viruses, like Stuxnet, Riboli said. “And there is a serious lack of attention to serious security in Israel.”

Riboli made the comments during an event sponsored by Symantec here touting its new cyber-security solutions. Symantec is the large American security firm best known for its Norton Anti-virus Security suite, mostly found on desktops. But the company offers solutions for mobile, enterprise computing, servers and virtual systems – anywhere data is being processed and used, and is vulnerable to hackers, said Riboli.

The reason for the high levels of vulnerability among companies is not due to a lack of will to fight hackers, or a reluctance to spend money; it’s a matter of philosophy, said Riboli. “Most companies believe that an anti-virus system is good enough.” Maybe it was a few years ago, he said, but in today’s climate, where hackers are likely to be very sophisticated, you need a more comprehensive approach.

Hence Symatec’s philosophy of the “attack chain” to prepare and recover from an attack. Companies need to see where their vulnerabilities are, protect against them, and come up with ways to recover quickly, whether with a mirror that will be quickly accessible, or an alternative system that can be quickly put online. “It you are targeted you need to have a way to quickly restart operations,” Riboli said. “Instead of just reacting to situations, you need to have a proactive response, anticipating problems in advance and being ready for them.” For many companies, this is a brand new way of thinking, he said.

If there is any country where companies and government needs to start thinking about planning in advance, it’s Israel, said Darren Thompson, CTO of Symantec EMEA. “The UK and the US are more aware of the threats and perhaps more prepared than Israel, but in the global landscape the Middle East has the active hacking,” he said. “Altogether we capture 2.5 trillion hacking incidents a day in our database.”

That information, Thompson said, is put to good use by Symantec, which almost daily develops applications, updates, databases and tools that helps individuals and companies beat back the latest attack. There are several patterns viruses operate under, attacking their targets in specific ways, so it’s easier to build an application or tool to battle it. But there are also plenty of “zero-day” attacks, viruses that use new and different patterns to attack (the Stuxnet virus that attacked computers throughout the Middle East was a very sophisticated example of this kind of malware). While it’s very hard to prepare for these kinds of attacks, knowing what could happen and being ready with contingency plans can help alleviate a lot of the pain.

Naturally, Symantec offers solutions for this kind of planning, Thompson said. The company is now producing, for the first time, its own overall solution for secure data storage in the form of hardware “appliances,” including file servers that have sophisticated security measures written into the (Unix-based) operating systems.“Organizations today are strapped when it comes to time, resources, budget and staff. They are looking for solutions that easily integrate and manage their complex IT environments. While Symantec’s innovation lies within the software, these new appliances are a great plug-and-play option to accelerate and simplify deployment for our customers,” said Anil Chakravarthy, senior vice president of Symantec’s Storage and Availability Management Group.

That the issue is of great concern to Israeli companies was evidenced by the fact that over 700 people showed up at the event, held in Airport City last week. In Israel, Symantec mostly sells solutions, but Thompson hinted that Israel was key to some of Symantec’s solutions. “We have some capabilities that were developed in Israel,” he said. “They definitely help the customers to mitigate their security problems.”

read more: