Only a few years ago the phrase “the Internet changes everything” was a popular justification for all sorts of ventures. These ranged from successful endeavours like eBay – which enabled an open market for goods and services through online auctions – to dismal failures. The online pet food suppliers didn’t do too well, that’s for sure!
Despite the dichotomy of these results, one cannot deny the fact that there are a number of very real and significant changes which the Internet has brought to us all. In 1980, there were around five million computers in use. There was limited connectivity, users were ‘tech savvy’ and the security threat to business system end users was nominal (mainly rounding on the good old floppy disk). Come the 1990s, no less than 105 million PCs had been plugged in.
Alongside growing connectivity came a growing list of threats (viruses and worms, etc). Indeed, there have been 25,000 reported security incidents in the last decade.
In the new Millennium, we’ve seen the number of desktop PCs grow to over 550 million – and the number of people using the Internet expand to almost 500 million. According to researchers at the Carnegie Mellon University in the States, security threats have grown yet again in their number and complexity (75,000 security incidents have been reported since 2000 alone).
It would also be true to say that the proliferation of information technology has dramatically changed the profile of the ‘common user’ from an early-adopting technologist tinkering with a PC to a less technology-focused mainstream user who logs onto his or her PC and the Internet for work and/or entertainment.
As many of you will no doubt be acutely aware, the latest explosion in technology has resulted in widespread exposure to malicious activity, the exponential proliferation of security threats and tremendous increases in the costs associated with managing outbreaks and infiltrations. Almost everyone with an Internet-connected PC has been – or knows someone who has been – affected by a virus, Trojan, worm or hacker(s) in the past year.
In truth, all the advances in the speed and communication capabilities of the Internet have both expedited the spread of malicious activity and magnified the cost of recovery from IT security incidents. As the threats to IT systems multiply and evolve, the need for a new approach to security protection becomes clear. What’s certain is that businesses can no longer expect IT strategies adopted over the past decade to effectively protect them any longer.
Grid security services
Web services is one approach that many security providers are employing to ensure that digital assets are optimally protected.
Web services architecture employs a ‘grid’ computing paradigm to assist in the management and delivery of its security services. The fundamental goals of this architecture are to:
The grid nucleus is the back end web services environment that acts as the nerve centre for the entire grid. It serves as a distribution centre for all security software and services delivered within the grid, as well as a storage facility and hub for all the security information collected from each node on the grid. In addition, the nucleus acts as the source for authentication and other security services for the grid itself.
Protectors and sensors
Grid protectors and sensors are security web services that provide key security protection such as anti-virus, personal firewall, intrusion detection and tracing, spam filtering and identity protection mechanisms. Resident on each and every node on the grid, these services provide protection and securely interoperate with eachother.
Grid sensors are additional components of these security web services that provide the mechanisms to trap and report security issues. These bi-directional sensors provide real time data on threats to the grid nucleus and receive notifications, alerts, immunisation and updates from the nucleus. Grid sensors also provide geographic co-ordinates to help identify the location and origin of threats.
On top of all this is the grid exchange language – an XML-based set-up designed to structure the communication between the nodes and the grid nucleus. McAfee.com will enhance this in the future to include additional layers of security on top of the SOAP and HTTP. In turn, this will enable each node on the grid to communicate directly and securely with each other, and provide a mechanism for interchange with other applications.
Much of the protocol and security work in this area will be conducted with the close co-ordination of all industry partners and relevant technology standards organisations.
What of grid updates and immunisation, though? Grid updates distribute critical immunisation and update data within a managed service. In the case of a new virus, the grid update would contain a list of signatures for the virus and its variants. In the case of hacker activities or spam e-mails, it would contain a list of recently-banned IP addresses or spam addresses that should be filtered or banned. This key capability allows the grid services to identify security threats on different parts of the grid, and at the same time rapidly disseminate the appropriate degree of protection to the rest of the grid.
