- - Thursday, November 17, 2011

ANALYSIS/OPINION:

There are some who would interpret the Homeland Security Department data on cyber-attacks as signs of a new growth industry, but with corporate, personal and other key data at stake, it is no laughing matter. I recently spoke with Brian Vosburgh, a solutions architect at Stonesoft Inc., a provider of network security and high availability solutions to thousands of enterprises and government agencies around the globe. Unlike other vendors, Stonesoft focuses 100 percent on developing “military grade” network security solutions that simplify management and protection.

Q: There have been numerous reports of cyber-attacks in the past few months. For those who are not aware, what are cyber-attacks and what are some of the threats they pose?

A: A cyber-attack is a computer-based attack on corporate, personal, government and other computer-based information and systems. Hackers, which range from a single individual to organized groups, typically are motivated by financial gains or political influence. The threats posed by cyber-attacks exist on many levels, ranging from national security to identity theft. For example, in June 2010, the Stuxnet worm crippled industrial systems in Iran and more recently the Sony PlayStation attacks resulted in a data breach that compromised personal data for more than 100 million online gaming accounts.

Q: What are the top four cybersecurity concerns a CEO should know about?

A: There are really four concerns that every CEO today should be discussing with their IT teams. Advanced evasion techniques, human error, cloud security and mobile security.

1. Advanced evasion techniques: The sophistication of cyber-attacks is growing by leaps and bounds. Last year, Stonesoft discovered an entirely new category of threats called advanced evasion techniques that can bypass nearly every network security device on the market today. In an age where a security breach can cripple both corporate productivity and reputation, this begs a question that every CEO should be asking their IT leaders: What are we doing to protect against the most advanced security threats?

2. Human error: Most hackers access networks not because of inadequate security, but because of inadequate management of security. When a network administrator misconfigures a firewall (or any other network device), they open the network up to attack.

3. Cloud security: With more and more companies hosting critical business information in the cloud, CEOs need to understand how these assets are being protected.

4. Mobile security: Smartphones and tablet devices are changing the way we do business. But they also are exposing the corporate network to new threats as these devices often combine personal and professional identity and data.

Q: When we look at cybersecurity, who are some of the key players addressing this market?

A: Well, it depends on what aspect of security you’re talking about. There are anti-virus players, like MacAfee and Norton. Then, there are network infrastructure players like Juniper and Cisco, who got their start on the network infrastructure side (i.e. routers, switches) and began offering security solutions later. Finally, there are pure-play network security vendors like Stonesoft that focus solely on network security and who provide a solution that has been purpose-built for network security rather than “development by acquisition.”

Q: What distinguishes Stonesoft from others serving the network security market? How does the company compete and win?

A: Organizations turn to Stonesoft because we provide military-grade protection. The average large enterprise network has hundreds of firewalls and other network devices that must be configured every time a new virus or threat is discovered. So, not only do they need the highest level of security, they need to be able to easily manage security across the network. Stonesoft does this better than anyone else by giving administrators the tools to centrally monitor and manage their entire network security infrastructure from a single management center - this includes virtual and physical devices as well as the monitoring of other vendor devices using our technology. We also provide security that is context-aware. That means that our solutions know who is accessing the network, how they’re accessing it, from where and what applications they’re using. This is the type of information that helps IT make better decisions about where, when and how they need to improve security across the network.

Q: Anything on the regulatory horizon that could prove beneficial to Stonesoft?

A: Federal cloud initiatives and the National Institute of Science & Technology’s Risk Management Framework (specifically the continuous monitoring requirements). Both of these require public-sector organizations to increase both network security and network security management capabilities, which is exactly where Stonesoft has demonstrated exceptional capability and success.

Chris Versace, the Thematic Investor, is director of research at Think 20/20, an independent equity-research and corporate-access firm in the Washington, D.C., area. He can be reached at cversace@washingtontimes.com. Follow him on Twitter @ChrisJVersace. At the time of publication, Mr. Versace had no positions in companies mentioned; however, positions can change.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide