« Cost of TJX Data Breach to Date | Main | Cost of Data Protection vs. Cost of Data Breach »

Listen to or download the entire 7:07 podcast below:

Download file

Below is a summary of my discussion with Chris Smith, Vice President of Marketing with Alert Logic. Chris and I discuss the current state of security, Alert Logic’s Security as a Service -- how it works, who it works best for, and how it would work against the Storm Worm -- and we also delve into compliance, and how Alert Logic is equipped to deal with the newest attack vectors expected with Web 2.0.

How do you see the current state of security?

Well, we focus on security for mid-market companies. So we think the state of security of mid-market companies is not what it needs to be. And we think the problem that mid-market companies face is that they have been able to deploy fairly simple, straight-forward security technologies like firewalls and antivirus but they have not been able to deploy more sophisticated and complex network security technologies that they require to be safer to keep their networks appropriately safe. And what we do as a company is we put that type of sophisticated security technology within the reach of a mid-market buyer, whereas before, it's been out of their reach.

That leads directly to my next question: I find it very interesting that Alert Logic is the first company to offer Software as a Service in terms of security. Can you give me an overview of your solution?

Well, the solution that we offer is a network security solution. And we do leverage the Software as a Service model. And the reason we leverage the Software as a Service model is because it makes it simpler to deploy, configure and maintain the solution. So, as a result of that, it makes it easier for mid-market companies to deploy a model like this, which is a very sophisticated, complex, network security technology. So we actually host in our data center most of the components of the application. Our philosophical approach to building security applications is that we take as many of the moving parts of the application as we possibly can and we host them in our data center. So they don't have to reside at the customer's premise, so it's one more piece that the customer doesn't have to configure and deploy and maintain. So that's the Software as a Service approach. It's a hosted approach and it minimizes the footprint of our solution at our customer sites. So it just makes it easier to deploy and care and feed for.

What type of company is your ideal customer?

So, like I said before, we do cater to mid-market companies and midsize companies and we have a pretty broad definition of what a mid-market company is. Our definition is anywhere between 500 and 10,000 employees. So it's a pretty broad section of the middle market. And these are companies that in the past haven't had significant resources for security. Haven't had big security staffs. Haven't had big security -- IT security -- budgets. And so they haven't been able to deploy the right types of technology.

I think it was the FBI/CSI study that's done every year. And it's a survey on the state of information security. And I think it said that half of all companies in that size range experienced some type of serious security breech last year in 2006. So these companies are not sufficiently protected. And we're helping solve that problem.

At the beginning of the year, the Storm Worm, which was an email warning about deaths from a bad storm, infected many users who opened the email's attachment. How would Alert Logic protect against something like the Storm Worm?

Well, the Storm Worm was interesting. The initial infection vector for the Storm Worm, like you said, was email. So we're not an email security solution per se, so we would not block the initial entry or the initial vector of the Storm Worm getting into somebody's in-box. We would not block that. Now what we would block is after infection, the Storm Worm was one of these worms, and we are seeing a lot more of these days, that would actually infect the host computer and it would phone home, and it would open up a communication channel back to a central spot, where the bad guys are, so to speak. And it would act as a botnet. A botnet is simply a piece of code that sits on the host system that's infected and responds to remote commands -- and a lot of people call those spam zombies, because a lot of what they're used for is sending spam.

So that's a remotely controlled system, remotely controlled by a bad guy. We actually can detect that remote control activity. So we don't block the initial infection of the email coming in that has the attachment, but once that zombie phones home and waits for instructions, and starts receiving instructions, we pick up that communication and we can shut it down. So not the initial infection. But we can shut down as soon as the botnet wakes up and starts doing bad things.

I read on your web site that you provide companies with immediate compliance. What compliance laws do companies have to be concerned with?

Well, there's a myriad of compliance, both government regulations and also industry regulations that companies of all shapes and sizes have to comply with. But the list is too long to cover. But the two that we see the most are Sarbanes-Oxley and PCI BSS, which is the payment card industry. It's an industry regulation that governs information security practices on companies that do credit card transaction processing. We see PCI a lot. We see Sarbanes-Oxley a lot. Now the one we see the most is PCI. And PCI is one of the few regulations that specifically mandates information technology and security specifically. So PCI actually calls for technology that can detect malicious intruders on your network, which we offer. And also requires technology that scans networks continuously for vulnerabilities that can be exploited by malicious intruders. So looking for vulnerabilities and also detecting intruders. Those two types of technologies are specifically called for by PCI and that's one that we see the most because we offer that type of technology. So that's perfect for us!

Many believe most of the threats in the future are going to be with Web 2.0. How is Alert Logic equipped to deal with these types of threats?

Well, our approach to Web 2.0 type threats is the same approach that we've been using for five years now. And that is, we sit on the network. We scan for vulnerabilities and help you fix those vulnerabilities to make sure that the bad guys can't get in. And then we also scan for malicious intruders on your network in real time, so we can spot the bad guys in real time. Now, Web 2.0 -- it's another potential threat, these are new applications, new web technologies, that represent new vulnerabilities for bad guys to exploit. So it's just more of the same for us. We will continue to scan for vulnerabilities including Web 2.0 based vulnerabilities, continue detecting the bad guys, intruders on your network, like we always have. So this for us is just more of the same. This doesn't really change the complexion of detecting threats and vulnerabilities for us. It's just a continuation of a theme that we've been on for five years.

Posted by pschooff in Podcast |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1888