What is E-Security Solutions

Hackers, Crackers, Script Kiddies, the Cult of the Dead Cow, Trojans, Worms, Denial of Service Attacks, Man-in-the-Middle Attacks, and many other alarming and highly decorative labels have been applied to the dark side of the computer world – an elusive sector from where the propellants of mischief attempt to launch their devastating assaults on the world of e-commerce. Computer Crime, to give it an all-embracing label, continues to afflict users of commercial systems and the networks that support their business activities. IT systems in general and the Internet in particular, are increasingly important to business operations. Given this, the priority attached to information security remains high.

The average cost of a UK company’s worst security incident averaged £12,000. Viruses and malicious software continue to be the most common cause of security incidents. Viruses, worms and Trojans continue to dominate malicious software incidents, causing six out of seven of the worst incidents. The other one in seven worst breaches involved spyware. This is software that is downloaded without the users’ knowledge and used to record and transmit their activity.

Interestingly, and very worryingly, if you look at some of the most recent statistics (2006 Department of Trade and Industry – Information Security Breaches) on cyber crime, you will discover that a large number of companies are not taking the problem of security seriously.

Denial of service attacks (where one or more computers bombard a target with traffic until it becomes overloaded and unable to handle normal transactions) are the second most reported type of attack by an outsider. The majority of hackers are not necessarily looking to hit out just at the big guys. Any organisation that runs a computer system with access capability is at risk.

It is now we step back from the problem and consider the causes and their effects. In the past most external attacks originated from people with a genuine interest in computer technology, to display technical prowess and push their skills and superiority by breaking into systems. This has now changed external attackers are now motivated more by monetary rewards, therefore changing the very landscape of attack, where perpetrators create a web-site that appears to be that of a legitimate organisation. They then lure that company’s customers to the site (e.g. through spam e-mail) and then gather confidential information provided by the customers. These impersonation attacks are known as phishing.

On the other hand lets not forget the insider threat, attacks that happen within the organisation can stem from various forms of dissatisfaction, industrial espionage, or simple opportunity due to lack of security. The bottom line is that all commercial users of computer systems need to have appropriate levels of protection in place to match their own individual needs.

Within business, the predominance of intricate, interrelated and networked systems has added significantly to the complexity of the security problem. Also, and directly associated with this situation is the wide range of touch points, both external and internal, from where customers, employees, and business partners are now allowed to gain access to information.

Understanding the risks and identifying the vulnerabilities of systems, networks, and in fact the complete enterprise information infrastructure is the key to providing the solution.

So what is the answer?

Our Approach

Utilising proven and accepted International security standards and open methodologies In2Net E-Security Services can provide the solutions and services recommended by the DTI:

• Draw on the right expertise and international standards to understand the security threats you face and your legal responsibilities. 
• Integrate security into normal business practice, through a clear security policy and staff education. 
• Use risk assessment to target your investment in security controls at the areas of maximum business benefit. 
• Make sure your key security defences are up to date and integrated and address emerging technologies you are exposed to (such as spyware, instant messaging, Voice over IP etc.) 
• Develop contingency plans so that you can respond to any security incidents efficiently and minimise business disruption

The Solution

E-Security is not a simple straightforward proposition that can be deployed out-of-a-box solution. The provision of security systems is a complex issue, for example to determine the individual product to underpin the firewall layer, or which anti-virus product provides the most comprehensive protection and then moulding each element into an enterprise level security strategy, is a difficult proposition.

There is no simple solution to the security problem, and there is no single product that working in isolation can provide the level of protection that organisations need today. Of course technology and products are only part of the answer , and companies also need to have effective policies and procedures in place to ensure that only the correct software and technology is in place, but also everyone is working within the organisation is aware of their responsibilities.

It is our experience that most enterprises have neither the staffing levels, nor the time to spare, to properly manage security problems that occur from within, as internal staff do not have the opportunity to develop the specialised skills required to support a complex and constantly changing e-business security strategy.

Some of the benefits in receiving a managed security service from In2Net Solutions are:

• 24x7x365 support coverage 
• defined and agreed Service Level Agreements (SLAs) 
• The provision of specialist technical expertise 
• Single point of focus and escalation for all security issues  

All backed up with detailed reports and support for making ongoing and proactive recommendations on security related issues.