INDUSTRY COMPANY ANALYSIS
Dhillon argues, compared with typical enterprise integration costs. The company’s challenge is to be
profitable at these discounted prices. Many of the SaaS companies whose applications it hopes to integrate have barely turned a profit after ten years in business; NetSuite is a notable example, and even
Salesforce.com’s runaway success has yet to translate into healthy margins. Dhillon argues, however, that
Salesforce.com has shown how large a company can grow just by selling software through a website. “I don’t think any of their investors are disappointed,” he says.
SECURITY
FireEye throws virtual decoy at advanced persistent threats
In January 2010, in a blog post entitled ‘A new approach to China’, web giant Google revealed that it had suffered “a highly sophisticated and targeted attack on our corporate infrastructure”. “It soon became clear that what at
first appeared to be solely a security incident, albeit a significant one, was something quite different,” it explained. “First, this attack was not just on Google. As part of our investigation we have discovered that at least 20 other large companies… have been targeted.” “Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.” This attack was later dubbed
Operation Aurora by the information security industry. According to Ashar Aziz, CEO and founder of malware protection supplier FireEye, it exemplified a new breed of information
42 INFORMATIONAGE APRIL2011
security threat that has since been implicated in cyber attacks on the French finance ministry, on both NASDAQ and the London Stock Exchange, and many more high-profile organisations. This new breed of attack is sometimes described with the term “advanced persistent threat”. Aziz reports that this phrase is often used as a euphemism for attacks that appear to originate from Chinese foreign intelligence forces. (He also claims that in Google’s blog post, ‘Chinese human rights activists’ is a euphemism for the Dalai Lama.) But that does not mean it is just state
actors that are using this kind of approach. “The same attack pattern is being used by Ukrainian cyber gangs to extract financial data,” he says. What unites these attacks, he says, is that they exploit vulnerabilities that were previously unknown even to the security industry’s cutting edge. “These are unknown attacks, and there is no well-defined signature for them.” This is why they have proven so
effective, he adds. “If you look at enterprise security infrastructure, whether it is antivirus software or defences at the network perimeter, it is all fundamentally signature based. It is looking for known patterns in the wire.” In the case of Operation Aurora, it
was a vulnerability in the Internet Explorer web browser that even Microsoft itself was unaware of that opened the back door to the attackers. When an attack is undocumented, Aziz says, most organisations are entirely defenceless against it. Aziz claims that FireEye has the solution. Its appliance-based technology analyses Internet traffic as it enters the corporate IT environment for signs of anything remotely suspicious. This suspicious traffic is duplicated and directed to numerous virtual server instances. The instances are running whatever software the
customer uses, and the appliance analyses them to see if the suspicious network traffic has any effect. The appliance, which sits in the
customer’s data centre, is looking for a sign that a connection is being made to an external server, Aziz explains. This is how modern web-borne malware works – once an agent has made its way through the firewall, it connects to a remote server and downloads further material to complete the attack, usually without detection. Operation Aurora was the ultimate
test of FireEye’s technology. One of its customers was targeted in the attack, and the appliance successfully detected and neutralised the threat, Aziz claims. Nearly all of the organisations that were targeted have since become customers, he says.
He adds, though, that the belief that
an organisation will only suffer this kind of attack if it has been explicitly targeted is a misconception. In fact, this attack pattern is often used more opportunistically, with the malware launching a full attack once it successfully penetrates any organisation. FireEye’s technology offers a glimpse of how virtualisation is poised to reshape security infrastructure, as it has already done for so many segments of the IT architecture. Aziz, whose previous company was a virtualisation management start-up that he sold to Sun Microsystems, says that the likes of VMware have a point when they argue that the virtual layer is a good place to monitor the infrastructure for signs of security breaches. However, he also warns that no
software system is invulnerable. “Look at Java, which used to be seen as this secure runtime environment that was virus proof,” he says. “But this recent spate of attacks actually targets the Java runtime environment.”
www.information-age.com
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52