International expansion was the idea from the beginning," says Alex Bogaerts, the Europe, Middle East and Africa (EMEA) VP of Internet Security Systems (ISS). And he really isn`t kidding. Originally the eighth employee of a little company based in the US, he now heads just a portion of the company`s global reach.
ISS founder Christopher Klaus released the first version of what would become the famous Internet Scanner as shareware in 1992. By 1994 he had founded the company and in 1996 it launched RealSecure, which ISS claims was the first real-time network security intrusion and detection system.
The company`s growth, both then and now, is thanks to the Internet, says Bogaerts. "We are driven by the Internet and nothing else. Luckily the Internet is everywhere, so that leaves a pretty big market."
The market grows, he says, because the threat also grows. It is not just hyped media coverage that makes the Net seem such a dangerous place. "There is more Internet, bigger networks and more knowledgeable people, who may or may not have malicious intent. It is easier to steal information today than it was 10 years ago."
But don`t let the word "Internet" conjure up images of teenage hackers staying up after their bedtime to break into corporate systems. According to ISS research, the most intrusions still originate from inside companies. In fact, about 70% of all data thefts are inside jobs, and that percentage has been pretty stable over the years. "It doesn`t vary a lot," Bogaerts comments. "It is the same disgruntled employee syndrome."
A visible minority
While hackers, or rather crackers, are responsible for only 30% of illegal entries, they are a very visible minority. The media coverage around Back Orifice 2000 and similar "hack tools" has created the perception that some people out there want corporate blood, or more specifically Microsoft`s blood.
So is there an inherent problem with Microsoft security, as many organised hacker groups claim? Bogaerts doesn`t think so. "Nothing is perfect, every piece of software will have holes in it. Because Microsoft is much more of a target, a symbol, there are more people working on breaking its products."
Nobody really bothers to exploit deficiencies in smaller software packages, he says, because there is so much less prestige attached to such a hack. He believes Microsoft has taken note of its bad publicity and is doing more to protect users. "It has tightened up its act considerably over the past year."
You still, however, sit with the problem of part-time makers of malicious code. Names like Melissa and Papa B spring to mind. "Hackers use a hell of a lot of intellectual capital in creating threats," Bogaerts says, and he admits that this fact is part of the reason for his income. "You have to balance their capital with some of your own, which unfortunately means that our customers have to pay money. Yes, I guess we do make money off of hackers."
Accessing danger
Bogaerts says there is a market for ISS software that is not partially created by the hacker-threat perception. The company is about to move aggressively into e-business, and he raves about the possibilities it presents. "We don`t need to sell to these people, because security is not an issue, it is a given. You don`t have to make a technology sale at all." The people involved with e-business are either very bright or quite paranoid, it seems. They see a threat the moment they touch the Internet. "They say, 'Oh, if we are going to do business across the Net we will need some security, of course.` The Web is associated with danger."
Selling to e-business, he believes, also leads to a shorter sales cycle, and gives ISS the opportunity to sell against its competition instead of for the technology. "And business is generated by other engines. We don`t have to do any canvassing, because these guys are knocking on our doors."
That doesn`t mean a decimation of the sales force though. There is still a lot of education needed if Bogaerts is right about IT managers. "At least 70% of IT managers are underinformed, if that is the right word, about the threat to their systems. They know that the data has value, but there is a false sense of security about the danger to that data."
That is why sales are concentrated on those who realise the extent of their company`s exposure. "We sell to the visionary in the company, who knows what is needed. He will then sell it to the CEO or whoever internally, without our interference." The other major sales area is that of sales to service organisations, which again have to make the final sale themselves.
Intelligent software
So how exactly do you proactively protect against threats of ever-increasing sophistication? Bogaerts says the way to go is the way ISS always wanted to go - intelligent software. "We wanted to provide a system that allows quasi-automatic security management." In recent years that has come to mean the combining of information from several different sources with a "fusion engine", which passes data on to an "inference engine". The latter makes an intelligent decision on the existence and nature of any threat, and turns on the sirens and red lights. "There is always a pattern that indicates that you have been compromised," Bogaerts believes.
There lies the trick - detection and response. "It is a very advanced science to detect an intrusion as it is happening, but it is easier to prevent damage from being done." Some people, he says, just don`t care enough about security to make the effort. "How many desktops out there still have [Back Orifice I] sitting on them? That is unforgivable."
An invulnerable network is an impossible dream, Bogaerts argues, but lax diligence is the main problem. "Due process is all it takes to keep your side clean."
ISS is represented locally by EC-Hold, but that exclusivity will probably change in the second half of the year, he confides. Company policy does not accord absolute exclusivity in any region, and the time has come, he says, for another player to get into the game. "It might be a bit ungrateful to [the company who has to lay the groundwork alone] but they get the chance to associate with the products."
Share