The New York Times The New York Times Technology Don't miss today's
new travel deals


NYTimes: Home - Site Index - Archive - Help

Welcome, vsauter2 - Member Center - Log Out
0 0 0 0 0 0 0


New I.B.M. Report Will Warn of Computer Security Threats

At I.B.M.'s Global Services network command center in Boulder, Colo., workers monitor a variety of threats to computer security.
Kevin Moloney for The New York Times
At I.B.M.'s Global Services network command center in Boulder, Colo., workers monitor a variety of threats to computer security.


Published: October 25, 2004

Email This Article E-Mail This Article
Printer Friendly Format Printer-Friendly Format
Most E-mailed Articles Most E-Mailed Articles
Reprints & Permissions Reprints & Permissions


Product Reviews: Computers's redesigned Technology section has product reviews from CNET and other expanded features.
Circuits | Product Reviews
How To's | Products for Sale



Computers and the Internet

Computer Software

Computer Security

International Trade and World Market

I.B.M. plans to begin releasing on Monday a monthly report of threats to computer networks in an effort to establish an indicator similar to the federal government's Homeland Security Advisory System.

The report, to be named the Global Business Security Index, is intended to give computing managers early warning of a range of computer vulnerabilities like attacks by malicious hackers, automated softwares, viruses and worms, as well as to gauge the impact of political upheavals and natural disasters.

The index will be generated from data gathered by 2,700 International Business Machines information security employees and a global network of about a half-million sensors - software programs and security hardware distributed to its customers and its own networks in 34 countries. The network of sensors routinely detects 100 million suspected or actual attacks against I.B.M. customers each month.

The index will be released on I.B.M.'s Web site and will be part of a broader service known as the I.B.M. Security Threats and Attack Trends, or STAT, report, which the company offers customers at a cost of about $10,000 a year. That service is also produced by I.B.M.'s Security Intelligence Services, a group that is part of its managed computing services unit and is based on a corporate campus in Boulder, Colo.

I.B.M. is not the first to provide computer security managers with intelligence data on network threats. Several such services of varying scope are available commercially. Symantec, an independent security services and software publisher, offers DeepSight Threat Management System, a sensor network that takes information from 20,000 corporate customers and millions of personal computer customers who use the company's antivirus software.

The service, which has been available for four years and costs about the same as I.B.M.'s STAT report, generates a color-coded threat level and displays a publicly available global map of incidents that have occurred within the past day.

"We alert customers to trends," said Alfred Huger, Symantec's senior director.

The I.B.M. service can also provide a first line of defense in an increasingly networked world where attacks tend be both instantaneous and huge, I.B.M. executives said.

"The security landscape today is totally different," said David Mackey, a former army intelligence analyst who now directs the company's Security Intelligence Services. "Customers want a holistic approach to security."

I.B.M. said Internet attacks directed at the networks the company monitors rose 27 percent in September over July and August. The most prevalent attacks currently come from computer worms - programs that are able to move automatically from computer to computer within a network. Many of the worms are targeted at a vulnerability in the Microsoft Windows operating system that was first disclosed in April.

The I.B.M. security executives said they had also seen a 15 percent increase in the past month in the percentage of network attacks against critical infrastructure providers - computer network sites that government agencies and companies use to provide essential services.

Although the overall increase is not major, attacks seeking vulnerabilities in Web server software have increased the most, Mr. Mackey said.

But Michelle Petrovich, a spokeswoman for the Department of Homeland Security, said, "We haven't seen any increase in activity that would indicate any widespread cyberthreat. "

Such attacks in the past have frequently been a preliminary indicator of a more concentrated strike against systems found to be vulnerable. But I.B.M. executives said that they had no corroborating information that would suggest that such a broad scale attack is being planned.

"A variety of attackers are using software tools to do reconnaissance against government agencies," Mr. Mackey said. He said it was not possible to learn the motives or whether there was a common attacker behind the infiltration that I.B.M. found.

As part of its index announcement, I.B.M. made available a year's worth of data on security trends that show distinct spikes in September of 2003 and March of this year.

Those dates correspond to attacks by computer worms, I.B.M. executives said.

Industry analysts who track the computer security industry said reports like those provided by I.B.M. and Symantec were useful to corporations attempting to protect themselves from attacks over the Internet.

"An early-warning-type system would be a benefit to an organization," said Allan Carey, a senior research analyst for International Data Corporation, a research firm for the computer industry. "It would give them time to create countermeasures."

At the same time, both industry analysts and the I.B.M. security intelligence executives noted that the industry was trapped in a cycle of disclosing network vulnerabilities and then racing to distribute patches before the security holes were exploited.

The I.B.M. executives said the window that organizations had to prepare for an attack was getting smaller. They said that the industry talked about "Microsoft Tuesdays," a reference to the day of the week that the software company, based in Redmond, Wash., tells its largest customers about newly discovered vulnerabilities.

"There is a time gap that occurs, and generally the awareness of a hole is made and all of a sudden it's a rush against time to fix the hole," said Gregg Mastoras, a senior security analyst at Sophos, an antivirus and antispam firm. "It's absolutely a vicious cycle and it's an issue for the industry."

Both the I.B.M. executives and other security experts said that they were seeing more sophisticated attacks and that the culture of the computer underground was shifting from bored teenagers to criminals attempting to steal information or money.

Mike Walter, a senior architect in I.B.M.'s Security Intelligence Service, said "sophisticated attacks generally happen on weekends," when networks are least guarded.

Special Offer: Home Delivery of The Times from $2.90/week.

. Home Web Security Falls Short, Survey Shows (October 25, 2004)
.Google Takes On Your Desktop (October 21, 2004) 
.Where Good Wi-Fi Makes Good Neighbors (October 21, 2004) 
.For Missing Web Pages, a Department of Lost and Found (October 21, 2004) 
.Leave No Footprintsin Online Transactions (October 21, 2004) 
Find more results for Computers and the Internet and Computer Software

. New I.B.M. Report Will Warn of Computer Security Threats
. Clash Over Internet Sports Photos
. Identity Theft Is Epidemic. Can It Be Stopped?
. Amazon's Profit Triples, Driven by Free Shipping
Go to Technology

IBM Middleware for mid-sized companies.

Up to $500 off select new Dell Home PCs. Offer ends 10/26.

Learn more about manufacturing