I was in a meeting with an executive at a large financial services company today discussing some of his technology problems and how my portfolio companies could address them. One of the big issues he mentioned was spam and stopping worms. Even though his company has spent real dollars in those areas, they are still problems which need to be solved. As Sasser and other worms and blended threats spread rapidly around the Internet, it got me thinking about what needs to be done to make us more secure. Techdirt has a great piece about taking a hyrbid strategy to stopping these threats, an approach I agree with wholeheartedly. I have always been a fan of a defense in depth strategy where you have security devices at the network level and down to the desktop. Have you seen Cisco’s recent advertising campaign about self-defending networks? While it is a broad-based strategy which you can read more about on their site, one aspect I like about the NAC initiative is that it does not allow anyone to access a network wirelessly or wired before a scan is done to make sure the device is virus and worm free and up-to-date with its patches and antivirus software. They currently have an enterprise focus, but the logic behind the initiative makes a ton of sense. Recently, Earthlink launched a deal with Symantec where consumers could get antivirus and firewall software from Symantec on their monthly bill. While I like the direction Earthlink is taking, I think all ISPs should take this a step further and replicate the Cisco NAC initiative where no user can log on to a network until their system is scanned and updated with the latest patch and antivirus software. Charge consumers an extra $1 a month but make it a prerequisite to get on the Internet. On top of that ISPs are and should continue to apply a number of different security devices on the edge of the network to prevent attacks from reaching end users. Vendors sellling home networking equipment like Linksys and D-Link should figure out how to embed and price antivirus and antispam software in their boxes as well. For the most part this will only stop the vulnerabilities and attacks that we know about, but the reality is that many of these attacks take advantage of known vulnerabilities. Helping the naive consumer in a proactive way will help us take one big giant step in making the Internet a more secure place.
4 comments on “What needs to be done to make us more secure”
Comments are closed.
The only problem with the idea is that not everybody has a conventional Windows box to access the Internet. Some have Mac, Linux, BSD, or maybe are using some sort of internet appliance gizmo. You might be able to cover the majority platforms but you’ll leave the innovators and the minorities out.
Would processing power be an issue with this type of technology? Right now, you are able to get on the internet and browse around with a slower end machine lets say 500Mhz. If there is a complete system scan on a 500Mhz machine that would take forever. Would it be economical for a user to wait up to 10 minutes to check if it is going to rain tomorrow?
Symantec recently acquired Sygate which has offerings in the area of NAC. Endforce is another company which has developed agent based technology which can effectively and efficiently check for varying degrees of compliance of different nodes getting on to the network. This technology is more suited for accessing enteprise networks right now. There are various industry wide efforts in this direction like NAP, NAC and TCG with varying degree of support. This technology another tool to further enhance security obviously at the cost of computing and network resources. But then that is true for every software, hardware or firmware application.
why would I want to “wait” until I can get on the network if I am up to date? thats a bad deal for me…and is assuming that I am a windows PC!
Look at Forescout’s CounterAct, which is clientless NAC, transparent to me the end user, and has the undefeatable IPS engine running on the same appliance (no sigs/anamolies).