IT Security vs Austerity

Ray Bryant, CEO at Idappcom Ltd, explains how security can be obtained or improved even in times of Austerity.
Security and the economy is a Global issue
In the past year there has been a significant increase in the number of cyber attacks aimed at the world’s largest organisations. This has compounded the existing number and variation of attacks and many of the targets have been the Government agencies whose purpose is to defend against these attacks. Attacks on US agencies have been given prominent publicity with press speculation on the perpetrators being organised or funded by foreign states.

Central and Local Government
After being elected the UK Government stated it’s recognition of the importance of improving defences against cyber attacks. Increased budgets were publicised and the inclusion of small IT Security companies working alongside the existing large ones was stated as an aim of the initiative.

However, this vision has not materialised and many U.K. IT security companies still derive the bulk of their business from overseas, despite being innovators in their specific field of expertise.

A stated aim of the coalition is to introduce a “digital by default” standard for public services by April 2014. This is to replace transactions currently done over the phone or in person. Cost savings are expected but the data being stored and the services being digitised are going to increase the footprint of the target for attacks and theft.

There are signs that some of the plans are beginning to be put in action. The cyber crime unit has been launched to defend against attackers and is having some success. However, they will need to collect ‘incident’ information from existing government departments as well as companies. The ability to produce this information will depend on the functionality of the detection devices deployed, Firewalls/IPS/IDS/UTM, but the quality of the information will depend on the effectiveness and efficiency of those devices.

Intrusion detection will need to exist and where it exists, it will have to be tuned to recognise and ‘log’ every possible attack with minimum false alarms. If the defences are inadequate then not only is the unit at risk but the data being supplied to the cyber crimes unit will be misleading and potentially increase both risk and cost.

The changing landscape
Government Ministers may recognise the need to reduce exposure to attacks but keeping pace with the hackers is a task that is continually evolving. Breaking into Financial Institution systems to make commercial gain has evolved into attacks on the very fabric of the State. There can be no doubt that, as we move all our systems in to the digital age, vital services such as the Police, NHS, Social Services etc. are more at risk than they ever were. A concerted attack on any one of these would result in a serious disruption to our way of life. What once would have seemed like science fiction is now reality.

All professionals involved in IT are well aware of the need to increase protection. However, the financial constraints on budgets make it increasingly difficult to implement. Many departments have no Intrusion Prevention Systems, some just have firewalls and desktop AV. In many cases the devices they have are not penetration tested regularly and the rules they rely on are just not extensive enough or updated regularly.

The impossible dream?
Increase threat detection, reduced investment and lower costs
Idappcom, a UK owned and based company, are the creators of a tried and tested security product called Traffic IQ. All of Idappcom’s products are developed, created and supplied from the UK.

Traffic IQ has many features that make the pen testing of IPS/IDS/UTM/Firewall and network segments a simple and repeatable exercise. Traffic IQ comes with a vast library of exploits (approaching 6,000). Traffic IQ enables these, and any other externally sourced pcaps, to be replayed through the network security devices designed to mitigate the threat and immediately report on the success or otherwise of the detection. 

The small investment in tools that aide the process of fine tuning IT security can result in a much needed cost saving. Whether you have top of the range equipment or Open Source free software, the ability to make that security work more effectively and efficiently will give not only reduce risk of loss it will give an improvement in existing security that will most likely result in a reduction in the need for Capital Expenditure on new or additional equipment.

Making what you have work better will often give better security than spending on the latest and greatest that could just be faster but not more effective.

Free Risk reduction, Intrusion prevention
If you do not have IPS in place, maybe just firewall and AV, and no budget allocation then there is a solution. It is always better to have something rather than nothing.

There are many open source systems in existence. SNORT and its derivatives are widely used by commerce, Government, and Military organisations. In government in the USA, it is becoming a de facto standard to have SNORT as the only defence or as part of a multi layered IPS system. SNORT is the detection engine utilised in the Sourcefire appliances. 

The benefit for those of us with little or no budget is that the knowledge and development put into SNORT makes the free downloadable version an extremely viable proposition. The budget is now contained to the subscriptions to the rules libraries that are essential to keep the IPS engine checking for as many attacks as possible. This can be achieved with an annual expenditure of as little as £200 - £500 per annum. This figure is based on subscribing to SNORT VRT rules, Idappcom IPSSR, and one other if required.

The cost will only be the allocation of resource to manage the security. Each organisation will have its own needs, depending on size and risk appetite. However, the cost of such a set-up is miniscule compared to the loss of not just money but also reputation in the case of data breaches or services being brought down.

The potential for attacks on Industrial Control Systems is growing every day. This includes things such as traffic control, Gas, Electric, Water, Police, Fire and ambulance services, anything where Systems are controlled using some kind of computer system. Idappcom have specialised in the development of Pen tests and SNORT rules for SCADA attacks and will continue to do so in the coming years through association with specialised research units in the USA.

Reducing Risk
Traffic IQ was developed to make the task of penetration testing less time consuming and an easily repeatable exercise. The aim being to identify the configuration changes and/or rules that were needed to make the security device, or software, more effective. Increased Risk mitigation reduces the likelihood of successful hacks.

In addition to Traffic IQ, Idappcom now produces security signatures in SNORT rule format for the exploits in the pcap library.

Using Traffic IQ to identify the risks followed by a simple deployment of a rule to mitigate any attacks that are shown to breach the defences immediately provides a complete test-fix-test cycle that can be completed in minutes

The traffic file library now has more than 6000 files for penetration testing and the rules library has more than 4000 rules. Both are updated by over 100 new files each month.

Choice according to resource available, something for everyone
Personal and Non-Profit organisation licences of Traffic IQ are also available, please contact sales@idappcom.com for a quote.

Idappcom Ltd is a UK company formed in 2004, based in Kent. Further information can be found at www.idappcom.com