Inside a Security Response Centre
- 15 August, 2002 10:25
HOT TOPIC: SECURITY
Inside a Security Response Center
A $US2,000 CHECK in your mailbox is normally good news. In early May, however, it was definitely bad news for one unnamed Washington, DC-based US federal agency CSO. The reason? He'd hired a team of "ethical hackers" from Internet Security Systems (ISS), an Atlanta-based security software and systems vendor. The team's mission was to probe the agency's system over the Internet and identify its weaknesses. "Hacking the system to send him a check seemed like a neat way to report back on what we'd found," says Chris Klaus, cofounder and CTO.
Admittedly, many of ISS's 9,000 customers — which include 49 of the Fortune 50—hire the company for less exciting tasks. Dealing with viruses, worms, Trojan horses and distributed denial-of-service attacks is more standard fare. So too is counterterrorism. ISS officials frequently interface with government agencies such as the National Infrastructure Protection Center, the Critical Infrastructure Assurance Office and the National Security Commission. Tom Noonan, ISS president, cofounder and CEO, also consults with national security officials.
A growing number of customers have hired ISS, and other security companies such as Enterasys Networks and Cisco Systems, to maintain a real-time watch over their firewalls and systems. At monitoring stations — located in Atlanta; Detroit; Helsingborg, Sweden; Padova, Italy; Rio de Janeiro, Brazil; and Tokyo — ISS technicians sit in NASA-style control rooms. Giant screens display the state of Internet traffic and the number of hacks currently in progress. A "battle captain" in Atlanta balances the workload across the six centers, while technicians monitor customers' networks and work with their security personnel.
As a rule, ISS doesn't manage corporate networks. "We tell them when they are under attack and what sort of attack it is. We tell them what the risk is and if the attack is going against a network that is vulnerable to that attack," says Klaus on a recent tour of the Atlanta monitoring center. If ISS is allowed management control of the network, it will also attempt to kill the attack. However, many of the customer companies' corporate policies preclude handing over such management control.
As concerns about cybercrime rise, Klaus sees many enterprise systems ripe for the plucking. The trick is to build capabilities that prevent dollars from stuffing hackers' mailboxes.