Symantec: Security reporting chain is broken

Symantec: Security reporting chain is broken

Summary: Failure to scrutinise log data is putting companies at risk, says Symantec, while the Met Police has renewed calls for greater co-ordination with businesses in fighting cybercrime

SHARE:
TOPICS: Security
0

Mechanisms used by companies for detecting potential attacks against their systems and reporting the evidence to the authorities have some serious flaws, according to security experts.

Speaking at the 2007 Parliament and the Internet Conference in Westminster on Thursday, Symantec's European director of security practice, William Beer, said that, while many companies have invested in security products, they are often not maximising the potential benefits by following best practice.

"There's not enough being done to take advantage of investments in security software," Beer told ZDNet.co.uk. "You might have IPS [intrusion prevention systems] in a DMZ [demilitarised zone] or managed network, but are you looking at the logs? It's an administrative problem."

Most security systems log records of attempted intrusions or probes, but, if this information is not regularly checked, then companies are only seeing half the picture as far as their corporate security is concerned.

Beer said that, while he has spoken to some Symantec customers who scrutinise log data once a week or once a month, this is often not enough.

"How do you know the [security] system is operating correctly for your environment?" Beer said.

Despite Symantec's concerns, Cambridge University computer security expert Richard Clayton said a more pressing concern for businesses was making sure patches were managed correctly, and that users were educated about security issues.

"Top of the list [in security admin]: apply patches, since malware like MPack [a PHP-based malware kit] attacks in eight different ways," said Clayton. "With virus checkers, frankly most of the stuff out there [on the web] antivirus vendors like Symantec won't pick up at the point you see it. Businesses still use virus checkers and get screwed over — there's a new attack and employees are clicking on links because they've not been told not to."

However, even when companies do check computer logs and find something suspicious, there is a lack of police contacts to report any suspicious findings to, according to one telecommunications technical director. "We don't have anyone to report log data to in this country," said Alex Nikolov, technical director for VoIP company Sipera. "Where do you pass that data?"

The police have been aware of difficulties in reporting anomalous log data and other evidence of e-crime since the National Hi-Tech Crime Unit (NHTCU), which dealt with cybercrime reports, was subsumed into the Serious Organised Crime Agency (SOCA).

Read this

Feature

Feature: Ten tips for securing borderless networks

With companies facing increasing deperimeterisation in today's world of online collaboration and remote working, protecting corporate networks can be a challenge...

Read more

Superintendent Charlie McMurdie, of the Metropolitan Police Specialist Crime Directorate, said the police had been working to provide officers responding to e-crime with a "raised level of ability and awareness to record", but said that the investigative response to deal with cybercrime needed still needed co-ordination.

"We [police and businesses] need to work in partnership to provide a co-ordinated response," said McMurdie. "If we don't provide a suitable law-enforcement response [to level 1 and 2 crime], it won't be long before criminals take advantage in the UK, because nobody is going after them."

Level 3, or serious crime, is investigated by SOCA. However, police have admitted difficulties investigating level 1 and 2 computer crime due to a lack of a centralised reporting and co-ordination unit, and a lack of resources, while big business has criticised SOCA's lack of openness.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion