Looking to ride the publicity wave generated by the SQL Slammer worm that wreaked havoc on networks worldwide, some of the biggest names in the software security industry are rushing to hawk early detection and warning systems for Internet attacks.
Dueling announcements from Symantec, Network Associates and Sygate Technologies outlined the importance of detecting and warning about hacker attacks in the early stages to avoid widespread propagation, but one analyst believes many security firms are helping to create fear and uncertainty to bump up software sales.
John Pescatore, a security analyst at Gartner, said the incessant warnings about cyber-terrorism don’t “make a lot of sense.” He said many software vendors are overstating the threat in the wake of the mainstream media’s reporting on the Slammer worm.
“There is value in this publicity for security firms like Symantec and Network Associates. It has helped put a greater emphasis on the need for increased spending on enterprise security and now they are looking to cash in on that fear,” Pescatore said.
Cuptertino, Calif.-based Symantec rolled out Symantec DeepSight Threat Management System 4.0, a tool that promises customized warning, analysis and counter-measures to deal with hacking attacks.
The company is styling the software upgrade as an early warning system that provides “a comprehensive birds-eye view of global Internet attacks in a timely manner.” It said the DeepSight Threat Management System would track security threats as they occur on a global basis by gathering data from firewalls and intrusion detection systems (IDS) in more than 180 countries.
While early-detection and warning systems from security vendors aren’t new (competitors like Computer Associates and Network Associates offer similar products), Symantec said its DeepSight Threat Management System was enhanced to feature data integration and alerts reporting.
“For example, (our software) discovered the Slammer worm hours before it began rapidly propagating. Symantec’s DeepSight Threat Management System then delivered timely alerts and procedures, enabling administrators to protect against the attack before their environment was compromised,” the company boasted.
The Symantec announcement comes just a day after rival Sygate Technologies released a comparison test showing its Secure Enterprise 3.0 software to be superior to the comparable product from Symantec. The company said research ranked Sygate higher than Symantec in all categories tested.
Santa Clara, Calif.’s Network Associates also joined the public relations push. The company unveiled the InfiniStream Security Forensics tool from its Sniffer Technologies unit, calling it the “most powerful and fastest forensics analysis solution on the market that allows enterprise customers worldwide to reconstruct, understand and prevent harmful network activity and security events.”
Network Associates said InfiniStream features greater storage capacity and speed to allow enterprise clients to capture, store and analyze up to 2.9 terabytes of data across a network. The tool lets customers identify, investigate and verify the exact source of network and security problems, reducing the risk of financial fraud, intellectual property theft, virus threats, and network sabotage.
The increased activity from the vendors comes as no surprise to Gartner’s Pescatore.
“This business thrives on fear, uncertainty and doubt. To sell burglar alarm services, you have to show crooks breaking into old ladies’ homes. That’s what we are seeing here,” Pescatore explained.
“People spend money on security after something bad happens so we have the companies hyping up the threat of cyber-terrorism. The reality is that cyber-terrorism hasn’t happened and doesn’t make a lot of sense,” he argued.
He described the media-driven fear of cyber-terrorism as “total hogwash,” arguing that hacking attacks on Internet networks should not be put in the same class as terrorist attacks on physical targets. When the political strife in the Middle East escalated last year, Pescatore said cyber-attacks against Israeli and U.S. financial institutions did increase but he argued it was “pure hypesmanship” to put those kinds of cyber-attacks in the class of a suicide attack by a terrorist.
But, Pescatore sees some value in the underlying fear. “What this publicity has done is shorten the window between when an attack starts and when enterprises find out about it and act on the information. It has helped to generate awareness and gives the system administrators some ammunition in their quest for increased budgets for security,” he said.
Pescatore said Gartner statistics showed Internet security spending to be a mere 3 percent of an enterprise’s total budget but, because of the increased attacks, that figure was expected to climb to 5.4 percent by the end of 2003.