Working together to win the online arms race

New technology always seems to introduce new challenges for trust, security and privacy. Everyone is expected to do more with less, and security is often perceived as hindering business innovation.

So what hope is there for making our online world a safer place? There are three emerging areas that will help make security management more responsive, adaptive and supportive of today's business processes.

Active countermeasures
There is a continuing arms race between those who aim to protect individuals and organisations from virus attacks and those who try to exploit vulnerabilities. And it shows no signs of slowing.

In the future, we can expect attacks that will exploit more than one vulnerability, use structural information about the way an enterprise is organised, and take advantage of connected software and web services to hop from one enterprise to the next.

In response, our countermeasures need to become more active and automated, releasing administrators from the drudgery of daily scanning, patch management, changing firewall rules, and keeping virus and intrusion signatures up to date.

This means scanning our networks more aggressively for vulnerabilities and deploying technology that focuses on the transmission vectors for viruses (TCP/IP, UDP, email, web) to throttle or block behaviours we don't recognise.

And we need tools and measures that allow security staff to justify their actions when they do take pre-emptive action.

Business forensics
With increasingly complex IT connections and inter-relationships between companies and their systems, things will go wrong despite our best efforts.

We must extend our notions of forensics, from extracting things from a hard disk to being able to determine what happened in a chain of events that crosses company boundaries. It is not practical for law enforcement agencies to confiscate an entire data centre, so we need to be able to collect evidence-quality data while preserving privacy.

Trust records
There are many circumstances in which there is a need for an interchange of information that can build assurance. For instance, if your IT is outsourced but you want to be reassured that security is being well managed. Or you want to take advantage of utility and grid models of computing without compromising your current infrastructure.

Or if, as a group of connected companies, you would like your security management systems to share information in some way.

Think of a trust record as providing a list of events, and using details of how they have been dealt with (much like an itemised telephone bill or bank statement) as the mechanism for communicating this assurance.

The level of detail will depend on the relationship between the parties. In an outsourcing relationship, the detail may be at the level of patch management and how virus attacks affect operations. However, closer partners may share detailed data about suspect traffic on their networks.

So what actions on our part will help? Improving our ability to stop things going wrong, recognising when something has gone wrong (and determining what it was), and reassuring others that security concerns have been dealt with appropriately.

HP Labs works on technologies to meet these challenges. This includes exploiting biological metaphors to combat viruses, and modelling the security properties of the infrastructure to allow us to predict the consequences of security breaches.

We also tie the trust properties set by the business policies through the many layers of technology that make our infrastructure adaptive, to the guarantees provided by trusted systems within the boxes.

But to be successful we need to work on these areas as an industry, to share successful mechanisms and processes and to learn from each other's failures.

We need to overcome our natural reluctance to share sensitive information and build the next generation of adaptive security management that will have business managers seeing security as an asset, not as an impediment.

Martin Sadler is director of the Trusted Systems Lab at HP Laboratories.