IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
February 5, 2009

Nothing found. Please check your show/episode id.

Download

State of Physical Access Trend Report 2024

IT security spending up, overall IT spend down

In light of the economic downturn and rising cybercrime attacks (as indicated in Finjan’s Web Security Trends Report Q4 2008), the company conducted an online survey among 200 IT and security professionals last December. The survey focused on determining the trends for allocating IT budgets in 2009 compared to 2008.

The results reveal that the total IT budgets for 2009 are being reduced when compared with 2008. However, the IT security budget outlook was more optimistic, since organisations are now intending to dedicate a larger part of their total IT budgets to IT security.

Key findings from the survey

  • 38% of all respondents stated that they do not expect a change in their 2009 IT budgets, while 34% indicated that they expect them to be slightly smaller – reflecting the general declining trend in corporate budgets
  • 34% of the respondents suggested their IT security budgets for 2009 will increase, indicating a general trend that organisations will allocate a larger part of their overall IT budget to IT security.
  • 43% of all respondents expect their IT security budget for 2009 to remain the same.

The survey also found that the upward trend in IT security budget allocation was more pronounced in the financial and Governmental sectors than in others.

All budgets under scrutiny

“During an economic downturn, it’s only to be expected that all budgets come under scrutiny,” commented Yuval Ben-Itzhak, Finjan’s chief technology officer. “Organisations are trying to get the most out of their spending and reduce the Total Cost of Ownership (TCO) of their IT investments. Efficiency is the name of the game.”

Ben-Itzhak continued: “While 2008 saw IT Security Departments facing new challenges in protecting valuable business data against an ever-increasing wave of cybercrime attacks, 2009 is adding a further economic challenge to the mix. As a result, companies are looking for a comprehensive security solution with low TCO that covers all their Web security needs. At the same time, those solutions must be simple and easy to manage.”

Finjan is a global provider of secure web gateway solutions for the enterprise market. Its real-time, appliance-based web security solutions deliver an effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results.

Those solutions make use of patented, behaviour-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans, obfuscated code and other malicious code, in turn securing businesses against unknown and emerging threats, as well as known malware.

2008 ‘a record year’ for spam and viruses

2008 was a record year for spam and viruses, according to figures just released by managed security specialist Network Box.

The company estimates that, on average, businesses in the UK were required to block 1.2 million spam messages, 44,000 email-borne viruses, 1.3 million attempted intrusion attacks, 6.3 million attempted firewall hacks and access to nearly 500,000 blacklisted websites.

These figures are based on a ‘per box’ average of Network Box’s customers.

Around 2.7 million signatures were released by Network Box in 2008, as part of 16,800 PUSH updates (updates automatically ‘pushed’ out to customers as they become available) to protect against new malware threats.

Major breakthrough in fight against spam e-mail

According to Network Box, 2009 will see a fundamental breakthrough in the battle against spam. The company’s eMail Relationship system – touted as “a game-changing development” in the fight against spam – is due for launch very soon, making it virtually impossible for spammers to use their existing databases.

eMail Relationship will offer customers significant improvements on any existing spam detection technology by analysing not just content and IP address, but also by applying learning from e-mail user behaviour and relationships in a bid to decipher which e-mails are welcomed by the user, and which are unsolicited spam.

Currently, spam protection has been applied using three main methods: analysis of the message content, the reputation of the sender and challenge response, which works by putting the onus onto the e-mail sender to accept a challenge from the recipient that they must prove they are who they say they are.

Current anti-spam systems will rarely reach more than 95-98% accuracy which, when you consider the amount of e-mail sent, still lets through a significant number of spam e-mails. Challenge response systems used in isolation are notoriously unsuccessful, with as little as 40% of genuine e-mail getting through the system, as senders are reluctant to go through the challenge system.

Learning from behaviour patterns

Network Box’s eMail Relationship is designed to analyse and learns from behaviour of the sender and recipient of an e-mail to give a score to the e-mail which is then applied in addition to traditional anti-spam filter analysis.

It works by maintaining a central database to store existing e-mail accounts managed by Network Box on behalf of the e-mail recipient (so genuine e-mail from addresses kept in a user’s address book will be white-listed, assuming their content passes the traditional filter analysis which naturally includes the reputation of the sender).

This records and analyses historical information about the relationship in order to judge the likelihood of that e-mail containing malware or unwanted content. The database can be queried and adjusted at any time by Network Box, the organisation’s administrator or the user. It’s continually updated with every e-mail passing through the system, and will challenge new behaviour, flagging up when a whitelisted e-mail address changes its shape (for example, if a contact in Hong Kong suddenly starts sending e-mails from Russia).

All relationships are defined using a score based on sender + recipient + type analysis, and given a score based on the trust and strength of the relationship.

Strengthening the score of trust

The system also learns from user behaviour. For example, if the e-mail user A sends an e-mail to e-mail user B, then the system understands that user A trusts user B, and therefore will strengthen the score of trust in that relationship.

If an e-mail relationship is scored as low, then there are number of options open to the system depending on its configuration. It can quarantine the e-mail and notify the recipient (it can be released with a single click from the recipient if required), challenge the sender to confirm their identity or defer the e-mail.

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted