Enterprise Security Breach: Who Can Fix It?

 

Parag Arora, Regional Manager – Channels, Cisco India, says, “We believe that today for organizations it is extremely critical to take an overall security architectural approach. Security has to be integrated everywhere and with the help of a lifecycle services approach, enterprises can design, implement, operate and optimize network platforms. This defends critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls. By using the network as the platform, enterprises can keep people and IT assets safe, make your organization more resilient and reliable and get the maximum business benefit from IT investments.

 

Vishak Raman, Country Manager India, Fortinet Inc., says, “Enterprises are growing at an alarming rate. At the same time, the number and range of threats are also increasing rapidly. In today’s environment, a hacker does not spend hours conducting port scans, but instead uses “blended threats” to attack a network. So, my idea to ensure enterprise security is to shift focus from traditional and point security solution approach to a different one that can deal with the rise in blended threats.”

 

Niraj Kaushik, Country Manager, India and SAARC, Trend Micro, says, “Motivated by the lure of profits from the sale of stolen confidential information, cyber criminals today are shifting to the Web as the medium for their malicious activities. Characterized by blended techniques, an explosion of variants, and targeted regional attacks, Web threats pose a broad range of potential costs, including identify theft, loss of business confidential information, damaged brand reputation, and erosion of consumer confidence in Web commerce. These high stakes, the pervasive use of the Web, and the complexity of protecting against Web threats combine to form perhaps the greatest challenge to protecting the privacy of personal information and the confidentiality of business information in a decade. Traditional means do not provide adequate protection from these threats, and no single method or technology will improve this situation. Instead, a multi-layered, comprehensive set of techniques must be brought to bear.”

 

Trend Micro’s objective is to safeguard enterprises against multiple Internet threats, including spam, spyware, viruses, phishing and inappropriate content, with easy-to-install, easy-to-manage solution that protects PCs, notebooks and servers.

 

Digvijaysinh Chudasama, Vice-President–Sales, Cyberoam, says, “The open and pervasive nature of the Internet results in businesses having to continuously deal with a variety of potentially devastating attacks and vulnerabilities such as viruses, Spam, malicious code, insider abuse and theft of intellectual property. Moreover, analysis of trends of threats establishes that more than 50 per cent of the threats are internal rather than external. This calls for a comprehensive internet security solution which protects the enterprise from all emerging threats – be it external or internal.”

 

Bhaskar Bakthavatsalu, Country Sales Manager, Check Point Software Technologies – India and SAARC, says, “Implementation of security solutions has emerged as the focus area for large enterprises to small and medium businesses in India. Adoption of new technology platforms, devices and applications like mobile phones, WiFi, messaging, VoIP, etc. is creating new vulnerabilities. The frequency and sophistication of attack has significantly increased. Gone are the days of hacking for “15 minutes of fame”. Hacking today is a professional crime for financial profits. The increase of worldwide internet usage and the ‘always-on’ connections have actually opened more corridors for security threats.”

 

He adds, “The major factor in driving growth in the overall security market has been a worldwide increase in consciousness and need for information security. The regulatory compliance remains a high priority for many companies, particularly in industries such as financial services, IT/ITeS and health sector. Best practices in good governance and insistence by customers, clients or business partners mainly with regard to the business process outsourcing segment have significantly contributed to the growth. Reactive measures to specific adverse incidents have also been a reason behind the upward moving growth curve.”

 

Sajan Paul, Core Se Leader – Asia, Nortel, says, “As enterprises are becoming (or have become) more and more dependent on information technology to run their business, it is very important to have a realistic look at the security solutions. Security is combination of policies, enforcements, accountability and adaptability. We need to have all these tenets well executed to get the desired results. Most often, a layered security approach is the best option. Each layer in your network needs to be separately guarded so that even if one layer is compromised, there is no catastrophic effect in the whole network.”

 

Cisco as a major player in networking and networking security offers the industry’s most comprehensive security solution that ena bles enterprises to have a self-defending networks approach to security. As Indian enterprises use the flexibility and cost-effectiveness of the Internet to extend their networks to branch offices, telecommuters, customers and partners, security becomes paramount for business success. Cisco Self-Defending Network security approach addresses this need by offering an end-to-end security solution right from the desktop level to the network level, including secure access. It is estimated by Frost & Sullivan that Cisco enjoys a market share of 48.31 per cent in the security market.

 

The building blocks of Cisco integrated security solutions include products and services, i.e. Anomaly Detection and Mitigation, Application Optimization & Security, Compliance Validation, Endpoint Security, Firewall, Identity Management, Multifunction Security, Attack and Intrusion Prevention, Network Intrusion Detection, Security Management, Spam and Virus protection, Virtual Private Networks (VPN), Physical security, Security management, Network Admission Control (NAC), etc. Fortinet also has marked a strong presence for themselves in the domain of enterprise security solution, with customers like Syndicate Bank, IIMK, United Breweries and Sonata Software, to name a few. The company has a strong base of big enterprise customers for our much preferred UTM line of products. When Fortinet entered the Indian market, UTM was not much recognized as a new trend in security. However, Fortinet established the company and gained credibility in the UTM space. Fortinet has acquired the highest number of independent certifications, including VARBusiness 5-Star Vendor Award – 2006, World Economic Forum – 2006, Technology Pioneer – 2005, Silicon Valley/San Jose Business Journal, “Fast 50”, Top 5 Placing – 2005, AlwaysOn, AO100 Private Company Award, Winner – 2005, Light Reading, Top Ten Private Companies – 2005, Red Herring, Top 100 Private Companies – 2005, Entrepreneur Magazine, Hot 100 – 2005, etc.

 

On the other hand, Trend Micro Enterprise Protection Strategy combines multiple layers of products and services for intelligent, comprehensive protection against known and unknown threats. This security framework includes innovative new solutions that monitor customer-specific networks and accurately detect unknown threats in real time. Tightly-integrated, centrally-managed security enables seamless inter-product collaboration to guard every network endpoint. However, Trend Micro’s Enterprise Business Security Solutions combine Messaging Security, Web Security, Network Security, End Point Security, etc.

 

Trend Micro’s Enterprise Protection Strategy provides comprehensive threat protection for enterprises in vertical markets, including industry solutions for financial services, healthcare, public sector and manufacturing. It integrates messaging, Web, endpoint and network security for comprehensive protection. The company provides anti-spam solutions, spyware protection solutions for every critical entry point, anti-phishing security solutions, antivirus solutions for the gateway and network perimeter to servers, desktops, and mobile devices. Its URL filtering security enables organizations to manage employee email and Internet use in accordance with regulatory compliance and corporate security standards. For optimal protection, Trend Micro Enterprise Protection Strategy provides a comprehensive, integrated security framework, minimizing risks while reducing complexity. Besides, Trend Micro offers Network Access Control, the Trend Micro Network VirusWall to enforce security policy compliance. If this is not enough, the company has SecureCloud platform a complete Software as a Service (SaaS) security platform.

 

Check Point Software Technologies Ltd. is a market leader in the worldwide enterprise firewall, personal firewall, data security and VPN markets. Check Point’s pure focus is on IT security with its extensive portfolio of network security, data security and security management solutions. Through its NGX platform, Check Point delivers unified security architecture for a broad range of security solutions to protect business communications and resources for corporate networks and applications, remote employees, branch offices and partner extranets. The company also offers market leading data security solutions through the Pointsec product line, protecting and encrypting sensitive corporate information stored on PCs and other mobile computing devices. Check Point’s award-winning ZoneAlarm Internet Security Suite and additional consumer security solutions protect millions of consumer PCs from hackers, spyware and data theft. Extending the power of the Check Point solution is its Open Platform for Security (OPSEC), the industry’s framework and alliance for integration and interoperability with “best-of-breed” solutions from hundreds of leading companies. Check Point solutions are sold, integrated and serviced by a network of Check Point partners around the world and its customers include 100 per cent of Fortune 100 companies and tens of thousands of businesses and organizations of all sizes.

 

Check Point provides a broad range of security products and services that are open and flexible to fit all types of customer environments, whether that is a small business or a large Fortune 100 company. Check Point products are proven to provide the strongest level of security, across multiple layers of an organizations’ information network: Network security to protect the network infrastructure; data security for ensuring data privacy; superior security management delivering unified policy management, monitoring, and analysis. And all these products are backed with world-class technical resources, research, and response to help you and your customers to stay ahead of threats.

 

Check Point Network Security Solutions are the market-leading choice for securing the network infrastructure. Check Point provides Firewall/VPN solutions, Unified Threat Management (UTM), Intrusion Detection and Prevention, Endpoint Security, Data Security, PC Disk Encryption, Mobile Device Encryption, etc.

 

Check Point UTM appliances deliver uncompromising security while streamlining deployment and administration. UTM provides features including firewall, intrusion prevention, antivirus, anti-spyware, Web application firewall, VoIP security, instant messaging (IM) and peer-to-peer (P2P) blocking, and Web filtering, as well as secure site-to-site (IPSec VPN) and remote access connectivity (SSL VPN).

 

Check Point security policy management solutions centralize policy configuration, monitoring, logging, analysis and reporting within a single control centre—helping you minimize TCO. Check Point security information and event management (SIEM) products provide centralized, real-time correlation, analysis and reporting of security events.

 

Cyberoam UTM solution is a step ahead in the UTM industry as its unique identity based. Identity- based security of Cyberoam helps to trace the source of threat to the exact end-user rather than just IP address of a machine. This ensures high levels of security even in dynamic IP environments like DHCP, Wi-Fi, in addition to Multiple Users-Single Machine scenario. Its UTM series offers a complete range of security features comprising identity-based firewall, VPN, gateway antivirus, gateway anti-spam, intrusion detection and prevention and content filtering, as well as productivity solutions like bandwidth management and multiple link management – all over a single platform.

 

Cyberoam appliances – CR1000i and CR1500i – cater to the security needs of enterprises with over 1,000 internet users. Cyberoam, with its complete set of security features and identity-based security, provides complete pr otection to the enterprises. Its high availability feature offers continuous security to the enterprise network.

 

Cyberoam Central Console enables centralized monitoring and control of multiple Cyberoam deployments. Cyberoam offerings like CR25i and CR50i provide security to the remote and branch offices of the enterprises.

 

Similarly, Nortel is present in all layers of the sec solution in the market. Nortel VPN gateway series provide IPsec and SSL encryption technologies with end-point security and built-in firewall features. Nortel Threat Protection System (TPS) provides zero-hour protection for enterprises with unique network he uristics engine. Nortel Secure Multi-media Controller (SMC) is a purpose-built multimedia firewall addressing concerns in VoIP. Nortel Application Switching portfolio provides granular traffic management and shaping. Finally, Nortel Secure Network Access (NAS) provides seamless protection against end-point vulnerabilities . NAS checks the identity and compliance of the user terminal before being allowed controlled acc e ss into the network.

 

TippingPoint intrusion prevention solutions (IPS) expressly designed to address network security requirements for service providers, academic institutions, healthcare organizations, financial institutions, governm m (IPS) is an in-line hardware platform that proactively ensures that organizations are protected against internal and external cyber attacks that may threaten their critical infrastructures.

 

The TippingPoint product family offers a broad range of IPS devices that can be placed at the perimeter, on internal network segments, at the core, and at remote site locations. These control points are centrally managed via the TippingPoint Security Management System (SMS) to institute and enforce business-wide security and network performance policies. An entire organization may be segmented into physical or virtual security zones with tailored security policies per zone.

 

The company provides real-time network protection, eradicating network attacks before they reach critical assets. Security administrators no longer consume valuable time and critical resources associated with emergency and ad hoc desktop and server patching, or repairing damage from evolving and complex network attacks. Simultaneously, network administrators reclaim network bandwidth from unwanted and malicious traffic, and offload critical infrastructure such as routers and switches.

 

The TippingPoint NAC solution enables enterprises to enforce device and user policies to ensure end-point compliance and granular network compliance even after the initial network entry.

 

SonicWALL offers comprehensive network security, secure remote access, Web and e-mail security, backup and recovery, and policy and management solutions. The company offers both appliance and software-based products as well as value-added subscription services and is said to be a leader in the small and medium business markets. Its solutions are deployed in distributed enterprise environments, government, retail point-of-sale and healthcare segments as well as through service providers. The company provides UTM/Firewall/VPN in its TZ and Pro Series. Its SSL SSL VPNs offer secure remote access to endpoints beyond IT control. SonicWALL e-mail Security provides powerful protection in one simple solution that dramatically reduces the time and expense involved in e-mail security. SonicWall’s Management and Reporting Solutions provide a comprehensive architecture for centrally managing security policies, providing real-time monitoring, and delivering compliance and usage reports all from a single platform.

 

Besides, the company also provides backup recovery and content security management solutions.

 

Websense is a leading web filtering solution provider. The company protects more than 25 million employees from external and internal computer security threats. Using a combination of preemptive ThreatSeeker malicious content identification and categorization technology and information leak prevention technology, Websense helps make computing safe and productive. In order to address the growing SaaS market, some time back the company has announced its acquisition of SurfControl, a provider of on-demand and software-based Web and email security solutions.

 

Barracuda is also a big player in email and Web security appliances. Barracuda Networks solutions also provide world-class IM protection, application server load balancing and message archiving appliances. More than 50,000 companies including Coca-Cola, FedEx, Harvard University, IBM, L’Oreal, NASA and Europcar are protecting their networks with Barracuda Networks solutions. Barracuda Networks’ success is due to its ability to deliver easy-to-use, comprehensive solutions that solve the most serious issues facing customer networks without unnecessary add-ons, maintenance, lengthy installations or per user licence fees. In order to strengthen its portfolio, the company has recently acquired NetContinuum, a strong player in Web Application Firewalls.

 

F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. The provision of security delivered as a service continues to characterize one of the main goals of our business and we are actively promoting this business concept. Venu Palakirti, Sales Director, India Region, F-Secure India Pvt. Ltd., says, “We do this with a particular focus on developing service platforms to meet the needs of various target groups from enterprises, small and medium business segments and consumers.

 

As per the third-party data, F-Secure has a 36-per cent share of the European broadband ISP market and a 25-per cent share of the European and North American markets combined. The company is also the global market leader in mobile phone protection provided through mobile operators, such as T-Mobile, Swisscom and mobile handset manufacturers like Nokia.

 

Similarly, BigFix, which is already present in India, offers converged IT security and operations platform that enables real-time visibility and control of globally distributed desktop, mobile and server computers. BigFix enables large-scale enterprises to continuously enforce IT security, IT policy compliance, and systems management on all computers, anytime, anywhere. The company delivers real-time endpoint visibility and control through its single-agent, multifunction, on-demand architecture. The BigFix agent runs on Microsoft Windows, Unix, Linux and Mac OS client systems, consolidating management of heterogeneous environments through the BigFix Console. Also, BigFix bandwidth throttling and stop/restart content download capabilities make it possible to effectively manage devices over any kind of network connection—from high-speed fiber optic in the next building, to dial-up modems on the other side of the world. The company says, when major computer manufacturers announced laptop computer battery recalls in 2006, BigFix customers could quickly query BigFix-managed machines to locate potentially defective batteries. Within minutes, BigFix customers had a full picture of their exposure to the battery recall problem, while other organizations had to ask end-users voluntarily to open their machines, find the battery and report its serial number back to the IT department—that is, if users knew where to look for it.

 

Internet Security Systems (ISS) provide security products and services that preemptively protect enterprise organizations against Internet threats. The company continues to set standards in the security space with its Proventia Enterprise Security Platform (ESP), offering enterprise-wide pre-emptive protection that is tightly integrated with exist ing IT business processes.

 

Nokia is a world leader in mobile communications and the company also offers IP network perimeter security gateways and the solutions include mobile email and Internet, virtual private networks, or VPNs, and firewalls.

 

Other players who are active in the Indian market include RSA Security, Pointsec, Tufin Technologies, NetIQ, PortWise, Aventail, Secure Computing, etc.

 

All these players are vibrant in the Indian market and some are established and some are new to the market, but the common thing among all is that they want to make the computing secure and choose channel route to address the market. For every vendor, the channel is the key conduit to touch base with the customers and towards this these vendors are doing a lot of training sessions, handholding in pre- and post-sales. They also have beefed up their service support mechanism. Even some of the vendors have invested in the concept centres and technical centres, where the customers can walk in and find the solutions.