Security threats are changing from simple viruses to more sophisticated intrusions not detectable by conventional anti-virus products, says Andy Harris, chief technologist at UK company Baltimore Technologies.
Steganography – the encoding of confidential information into an innocent-looking outbound document or image – is on the increase and has to be detected by a security screen that goes beyond simple virus detection.
Espionage could be practiced from outside, too. “I could write a Visual Basic Script into a Word document to persuade your email client to send me data," says Harris. "It’s called ‘cyber-woozling' and it’s not apparent to AV tools. Our products will strip out any macros and just give you the document."
Harris says he has been “inspired” by the novel uses to which New Zealand customers have been putting the company’s security products, like MailSweeper and SecretSweeper. “They’re cleverer than I am,” he says.
“They’ve been asking me about corners of the products I’ve never been asked about before. Customers here do arrogant things with the products.” For example, they are thinking beyond simply an anti-intrusion function to using the screening software to identify the content of the incoming message and put it in its correct place in an archive.
"They’re heavily into PKI [public key infrastructure] here and in Australia,” he says. “PKI projects like that of the Australian Tax Office are real projects, not just one pilot after another,” which is the state of the play in allegedly more “advanced” countries.
Use of the information in the message to add value for the business is the direction in which “security” measures are heading, he says. Mention of a country and the company name and a few other key terms will indicate to the screening software, for example, that the message is probably an inquiry as to how to contact the company in that country. The email system can send out an automatic reply to that part of the message, while passing on the rest.
“Even simply archiving the message [in the right place] is adding value to it,” he says. A web-crawling robot is no longer flagged as an intruder. The security software can help it with the correct address of the web page people should be visiting, rather than leaving the robot to find a page that may be deep in the structure of the site and confusing for the user of a search engine.
The security software industry still makes much use of “what I call the insurance sale: adopt our product or Armageddon may break out in your company one day. That is not what security is about today; it’s changed from a necessary evil to a business enabler.”
Harris was one of the founders of Content Technologies, the British-based company taken over last year by Irish firm Baltimore.