As nature of threats are becoming more complex and sophisticated, industry demands more tightly integrated, powerful and performance oriented suites. Feeling the growing pressure, vendors have pulled up their socks and have delved into deep research. This article presents current and future scenario of the Internet Security Suite products and market.

“VeriSign works with organizations to identify vulnerable areas that if breached would make the most impact to the company as a whole.” Rajiv Chadha, VP, Sales, VeriSign India

Unprecedented growth of internet and its applications have opened up enormous opportunity for organizations to create a boundary less business platform, but at the same time it has also exposed new challenges for organizations to tackle blended online threats. It wasn't long ago when the only way you could get a virus was if someone gave you a copy of a program or application on a floppy disk and that is what was infected.

Now-a-days though, though people have knowledge of internet and its risks, still they put the disk in the computer and run it without doing any security checks. Impatience and negligence sometimes cost users a heavy penalty as their computers attacked by viruses of devastating nature.  Viruses now can infiltrate your computer as easily as just visiting a website and can be passed through the entire internet via the addresses in your address book without you even knowing about it! So, who can save us, our computers and ultimately our business and money? It’s only Internet Security Suites...

Internet Security Suite and Its Role

“Hackers no longer write virus for fun anymore, there is a lot of money to be made in the Underground Digital Economy.” Amit Nath, Country Manager — India and SAARC, Trend Micro

Industry witnessed a dramatic increase in Web threat activity during the first half of 2008. Web threats peaked in March to 50 million from approximately 15 million globally in December 2007. According to Trend Micro’s Internet security threat figures for the first half of 2008, the last six months saw an upswing in Web threats, Cyber criminals are not only leveraging new technologies to propagate cybercrime, but are also reinventing forms of social engineering to cleverly ensnare consumers as more sophisticated tricks evolve.

Data over the last several years has revealed that the overall loss experienced by both enterprises and end consumers due to digital security lapses is increasing. Many Indian organizations have had their brands defaced by hackers taking control of their customers' digital identities, and in some cases the company's website itself. By working towards implementing a safe and secure environment; these organizations are enabling themselves to communicate and conduct commerce safely. According to Rajiv Chadha, VP, Sales, VeriSign India, with a carefully implanted security solution, organizations can guard against loss in productivity, financial losses, brand damage and build customer confidence with an objective to maintain a positive online experience.

Amit Nath, Country Manager, India and SAARC, Trend Micro, believes that with such alarming growth of Cybercrime, users need technology to assist them to deal with the ever changing web threats and prevent the cyber criminals from exploiting their interest via the internet. Jagannath Patnaik, VP, Sales and Marketing, Quick Heal Technologies also says that by having a full security suite the users with broad band connection and the users using public Wi-Fi connection can be safe from internet threats such as hacking, evesdropping, and malware.

“With our DNA scan technology we go into the generics of malware to know its intention for any software” Jagannath Patnaik, VP—Sales and Marketing, Quick Heal Technologies

Using some security suite has become a real must nowadays. As the number of security threats and attacks is growing exponentially and organized crime is getting involved, the risks for users without any security package on their systems are extremely high. But Karel Obluk, CTO, AVG Technologies warns that just installing a security suite is not enough. It is absolutely necessary to keep your security software updated so that it can always detect the most recent threats. And it is equally important that users are aware of the different threats and risks and always perform some caution—similarly to looking around for approaching cars before crossing a street. User education is as important as proper security packages.

Vince Hwang, Global Director of Product Management, BitDefender also believes that with an Internet security suite, an Internet user buys security and peace of mind rolled up in one package. Capable security software is a must for every home user and that need is reflected in the wide range of solutions available to help you protect your PC and stay one step ahead of the latest threats. When selecting the product, the user should focus on how easy they are to use, how efficiently they integrate the various components and how well they achieve the goal of being a complete security.

“User education is as important as proper security packages” Karel Obluk, CTO, AVG Technologies

Pratapaditya Mondal, Asst Manager, Sales, Satcom Infotech, strongly feels that today’s internet attacks are highly mobile, change rapidly and employ innovative methods of infection. Many traditional Security Techniques cannot defend against such attacks, leaving organizations vulnerable. The only way to prevent these is to implement High End Internet Security Suite.

The Internet Security suite is for those who use the internet as today more than 70% of the infections happen through the Internet via Hacked websites, Emails, P2P clients, Chat and IM software, etc, says, Govind Rammurthy, CEO and MD, MicroWorld. He also adds that an Antivirus just protects the system form Virus infections, whereas an Internet Security Suite Provides all round protection to the user’s system. In today’s highly connected world, Malware (Virus, Trojans, Root Kits, Keyloggers etc.) have also become quite complex. So an AntiVirus Solution cannot fulfill these needs.

Current Momentum

“Malware and spam are here to stay, but they can be contained in a dynamic equilibrium” Vince Hwang, Global Director of Product Management, BitDefender

It is safe to assume that the current environment is more risky than before - or why are they available? Companies today face a host of potential security risks. Among them - viruses, worms and Trojan horses, data corruption or theft, denial-of-service attacks, hackers, and so on. To add to the problem, threats may arise from within or without the organization, and may be intentional or unintentional. In surveys that ask whether or not the respondent has had to deal with an attack that breached security measures, it is typical to find an affirmative response rate of between 80 and 90 per cent. Also common, and even less surprising, the source of most attacks tends to be internet-related.

It can seem at times that the balance of power is increasingly weighted towards those that have malicious intent. The volume of attacks has increased exponentially over the years - McAfee's Anti-Virus and Vulnerability Emergency Response Team (AVERT) - the group of researchers that receive and deal with viruses and vulnerabilities as they become known - sees, on average, around 300 NEW attacks every month (and there are more than 90,000 in total). Even five years ago AVERT would see a tiny fraction of this number. Virus writing kits and the anonymity of the internet, as well as a few other factors, have resulted in both more sophisticated attacks, and attacks that are much easier to launch. It is always dependent on severity, of course, but if one of these slips through the net into your business, the potential downsides can include compromised application availability, data confidentiality, and data integrity. Most importantly - all of these can result in lost profits. India has always been considered as a strategic and potential market for almost all security vendors and couples of vendors among them have identified India as one of their most crucial markets for next coming years.

“Succeeded vulnerability exploitations doesn’t only reflects the failure of Internet Security Suite but it counts all other parameters” Pratapaditya Mondal, Asst Manager — Sales, Satcom Infotech Pvt Ltd

As a global vendor of security applications AVG has quite a good overview of threats in different regions as well as the security market in India. AVG has quite a good position and very solid user base in India. Antivirus technology is extremely complex and is continuously moving forward to cope with new threats and techniques, and therefore it is quite difficult to develop a new product that can really protect end users against all types of malware. But of course, there are also very good local vendors, some of them with international presence and very solid results

The top end of the market is migrating towards a Total Security Suite that provide data assurance and privacy features beyond what an internet security suite can offer – encryption, remote backup, tune up and a few others. On the local market, for BitDefender, Internet Security has been the best sold product in the India; people find it appealing for both its high degree of customizability, for its affordable price as well as for its Gamer Mode, which temporarily relaxes some of its most stringent defenses. 

According to Satcom, momentum of Internet Security suites market has been quite positive in terms of controlling the Web usage of the end users and putting restrictions on the content of their browsing materials which results 65% secured environment in any organization.For Microworld the Internet Security Suites account for more than 70% of the products sold in India and by 2010 more than 90% of the sold software will be Internet Security Suites. But on the other hand, Quick heal says that this market is now slowly picking up but still a long way to go and according to them these suites are only around 15-17% of total security software sold.

F-Secure offers security as a service through ISP partners and the solutions are being offered to all the consumers who are using the Broadband connectivity in a monthly payable model, Looking at the Indian Broadband growth and the number of players F-Secure is happy to see that today they have around close to 4.5million Broadband subscribers in India and still growing with ample space. F-Secure works with close to 200 ISP partners across the Globe and in India they work with AIRTEL, RELIANCE, TATA and SIFY, offering Security as a Service (SaaS) to both consumers and SMB’s in a co-branded and standard model.

“The evolving Malware trends and sophisticated blended attacks originating from the Internet will always demand for advanced Internet Security Suite” Govind Rammurthy, CEO and MD, MicroWorld

Are They Secured Enough?

Secunia, vulnerability intelligence provider, recently released a report that details how several security suites failed to protect computers from exploitation. The report demonstrates how most security companies fail to stop real-world exploits, and proves what most security experts have said all along; layers work, and they exist for a reason.

The test by Secunia included McAfee, Symantec, F-Secure, BitDefender, Panda, and Kaspersky’s 2009 security offerings, as well as OneCare Live from Microsoft, ZoneAlarm Security Suite 8, AVG Internet Security 8, CA Internet Security 2008, TrendMicro Internet Security 2008, and Norman 7.10.

Figure: Detection of Ad and Spyware

Testing included a mix of three types of exploits. The three types consisted of Proof of Concept (PoC), which triggers a vulnerability but is rarely malicious; GameOver PoC, which a PoC that proves a computer can be compromised and code execution is possible by taking over the program flow; and Exploits themselves, each malicious in nature. Secunia made a point in its report that: “if a security product cannot detect a PoC it also cannot detect an exploit reliably.” There were 300 total test exploits, 126 of them considered important by Secunia. The important tests consisted of Zero-day threats, public exploits, or exploits Secunia developed in-house to help with signature creation.

“We believe in protecting the consumers from online threats and give them a safe and secure online experience” Venu Palakirti, Sales Director - India & SAARC Region, F-Secure

The results of the testing showed that Symantec, with Norton Internet Security 2009, came out on top, detecting and blocking the most exploits compared to the other products. However, before you jump for joy, Norton detected only 64 out of 300 exploits. The results showed that Norton detected 21.33 percent overall, with a 30.95 percent detection rate when it came to the exploits determined as important.

BitDefender and TrendMicro tied for second place in both important exploit detection and overall with 2.33 percent and 3.97 percent respectively. McAfee came in third overall with two percent, but tied for second with a 3.97 detection rate for important exploits.

The rest of the list, in order of overall performance, included OneCare, Kaspersky, AVG, F-Secure, Panda, ZoneAlarm, CA, and Norman. Norman, with zero percent, earned the lowest rank, but only because ZoneAlarm and CA managed a 0.67 percent and a 0.33 percent detection rate overall.

Independent testing body AV-Test.org recently released the results of a major comparative of suite products, with many vendors' 2009 editions included in the results. The test covers a range of metrics, including detection rates over various types of malware including adware and spyware, false positive rates, scanning speed, proactive detection, and response times to outbreaks.

In terms of pure detection rates in on-demand scanning, a beta version of GDATA's AVK 2009 topped the charts for both 'malware' (measured against 1,164,662 samples) and 'ad- and spyware' (94,291 samples), with Avira's Premium Security Suite 2008 a close runner-up in the former category and F-Secure 2009 placing second in the latter. Secure Computing's Webwasher gateway product, based on the Avira engine with some in-house heuristics, came third in both categories.

Other areas analyzed were scored on a five-point scale from very good to very poor. 'Proactive' protection included scanning of files discovered after the freezing of products, and executing unrecognized malware to test behavioural protection. Products rating 'good' or better in every category include Avira's premium suite (the popular free version has less complete spyware detection), AVK 2009, F-Secure's 2009 suite, Symantec's Norton I.S. 2009 (still in beta) and Sophos's Security Suite 2.5. All products taking part in the test managed to achieve a 'good' or better in at least one category.

The test also included keeping a record of the number of updates released over a four-week period. Of course, these numbers on their own cannot be used to measure the quality of the products involved, but were recorded out of interest. The most interesting data to emerge from this measurement was that the 2009 version of Norton topped the table with an impressive 6,202 incremental micro-updates, issued several times per hour, while Kaspersky came a distant second with a mere 696. Half of the 34 products tested had fewer than 100, including those from McAfee (21) and Trend Micro (30).

Please click here for Table...

“In most cases, the test results of the different products didn't change dramatically... [Most] got better when compared with our March 2008 testing and all 2009 editions we've reviewed performed better than the current releases,” says Andreas Marx, CEO of AV-Test. “I especially liked that the protection got better while the system performance wasn't hit that much -- the 2009 editions [including beta versions] were faster than the 2008 releases. So it looks like that most vendors have done their homework and instead of adding only new features, they also took care about the system performance.”

Addressing the strength of today’s security suite products, Karel Obluk, CTO, AVG Technologies says that he does not think that having some security suite installed on a system is enough. Users should know that there are threats, that the bad guys are after their money or system resources and that some of the attacks can be really clever. There is no reliable way to protect against sophisticated social engineering methods—there will always be something like Paris Hilton pictures.

He also adds that detecting exploits is clearly one of the possibilities and they believe that this is one of the best methods for detecting web threats. However, neither this is a universal approach - unlike web browsers, there are myriads of different applications and each of them probably contains at least one exploit. Therefore, they believe in layered protection. By providing several layers, with reasonable efficiency of each of them, it is possible to achieve maximum protection without too much overhead and system impact. But once again, there is no such thing as a 100% reliable security solution; users will always have to use common sense, too.

"While we did suspect that the popular security vendors would score quite poorly in detecting exploits, the extremely low detection rate took us by surprise and this really begs the question: Do the customers get their money's worth?", said, Thomas Kristensen, CTO on the Secunia blog.

The question from a marketing point is valid, but realistically a little misleading. Consumers get their money’s worth as long as they remember that even the “all-in-one” or “complete coverage” products will never stop everything. Even Secunia points this out in its report. This is why security on a computer or network is done in layers.

Another point the report made is that, when you fail to patch the operating system or various programs on the computer, you leave yourself wide open to exploitation. The security suites will only catch the payload, or the malicious file that is delivered after the exploit works, they will not detect the faulty exploit code itself.

Some industry analysts believe that another strong reason behind the failure of Internet security suite products is that vendors don't focus on detecting vulnerabilities, they more focus on detecting the payload. Commenting on this point, Pratapaditya Mondal, Satcom Infotech, says that they agree on this point to some extent but on the other hand, detecting vulnerabilities is an out of box thinking when we say Internet Security Suite as this solution can be provided only by some separate Network Scanner with a functionality of scanning for various vulnerabilities.

Addressing this issue VeriSign reveals that they work with organizations to identify vulnerable areas that if breached would make the most impact to the company as a whole. The VeriSign team then analyses the impact of a security breach and presents the same in terms of revenue and cost. The documented impact of high-volume security breaches more often than not causes an organization to see how important it is to collaborate with a security partner like VeriSign and fortify their online presence.

In addition to above statement, Karel Obluk also mentions that they are processing tens of thousands new unique malicious samples daily and releasing updates to our signature databases several times a day. Some of the definitions are quite specific; some actually cover very broad set of malicious code or even techniques. So with a couple of signatures for the LinkScanner engine, they are able to detect even all new threats that use the same delivery mechanism, without any update to our code or databases—really a 0-day protection. Therefore, it depends on the type and prevalence of the particular threat.

Considering the Factors

When selecting an Internet Security product a user should look for a fast, reliable technology leader, providing the best solutions for specific markets developed through a strong innovation process, based on the best technology. Security solutions have an array of tools designed to beat malware. They are not perfect by any means, and are no substitute for a little care on the internet, but with so many threats around they’re almost mandatory on Windows systems.

A security solution has a number of components and a given suite will have some or all of these: Here is a quick guide to some of the major suite components and what they do:

Firewall. People tend to think of internet as being a little like normal mail. Its actually not that much like that at all. When you go to a website, you’re actually making a connection with a remote server. There is a two-way, ongoing communication between your PC and the server for the duration of that “call”. The connection may only last few microseconds, but it is a two-way connection.  A software firewall also prevents incoming connections. Remote computers may try to talk to your computer, but your computer will reject their advances. In addition, a software firewall will likely also prevent unauthorized outgoing connections. Now a good software firewall will come with a database of known safe application to access the internet – it will auto-configure the setting and allow the traffic in the future. A bad firewall will annoy you with pop-ups every time your system tries to do something the firewall doesn’t understand.

Antivirus and antispyware. Most virus scanners tend to be very good in picking up viruses and have detection rates in the high 90s.  Their ability to actually remove viruses varies considerably, because a running virus can take steps against its own removal, such as the self duplication method. For that reason its best to have a virus scanner installed before a virus hits, when it can detect and remove a virus before it’s run , rather than wait until the proverbial hits the fan before you install a virus scanner.

Antispam. An antispam program monitors email coming into your inbox, tries to detect if it’s spam, and if it is, moves it to a junk folder. Present days answers to the listed security constraints rely mostly on a method called Heuristic Detection. The ideal heuristic solution should combine the speed of a static scanner with the detection capabilities of a dynamic scanner, while keeping a high degree of accuracy.

Phishing spam filters. This is a relatively new area of security, but the major browsers and some of the major email clients already have it built in. Like antispam, phishing spam filtering combine a list of known bad sites with a heuristic analysis of site and email content. If it looks like a phishing site or a site that contains malware, the web shield will block it.

Parental controls Parental control is your best hope. Many suites come with parental control software built in, and there are plenty of standalone applications that filter sites based on content. There are two broad problems with parental controls. The first is that the web is so fluid that keeping track of all the bad sites on it is pretty much impossible for any company. The second can be that canny children can often readily disable or bypass the software. Still, just making acquiring porn inconvenient can be a victory for parents.

How Does The Future Look Like?

Globally there has been huge growth in the security industry which is attributed to a higher demand for strong security solutions in market verticals such as government installations, financial services, and healthcare. According to the “Global IT Security Market Forecast to 2012” the global IT security market (includes security software & security appliances) is anticipated to grow at a CAGR of 15.5% through 2012 from 2008.

According to a report by IDC India, the key trends in the Indian e-Security market are a convergence of network and desktop security coming closer, different unified threat management appliances, policy-based administration and single sign on coming into usage. Also of significance is the emergence of solutions approach or the service element becoming important, thus giving rise to security consulting and the rise of end-to-end security services and managed security services. With the installed base growth in PCs, broadband and mobile connections increasing sporadically, several market studies show the Indian market for security products and solutions to be around $120M, growing to around $1B by 2012. If we analyze the data over the last several years, the overall loss in the country due to digital security lapses is increasing. In addition, many companies that have not fortified their online presence have their brands defaced by hackers taking control of their customers' digital identities, and in some cases the company's website itself. The good news is that most institutions that have online presence understand the need for providing a safe and secure environment for their customers. Secondly, the end consumers are also becoming aware of how to operate online in a safe and secure manner. With this in mind, we are currently working on our go-to-market plans to address the needs of the Indian market, so that our products support the RoI expectations of the local market. An estimated $3.2 billion was lost to "phishing" sites (when shopping online) in the United States last year, according to a survey by Gartner Inc.

Hackers no longer write virus for fun anymore, there is a lot of money to be made in the Underground Digital Economy. Between Q4 2007 to Q3 2008, threats increased by 349% in Asia. The below chart is the statistics of Underground Economy based on Trend Micro’s research. Only with appropriate Internet Security solutions deployment, then can such threats be kept at bay. The demand for Internet Security will continue to grow.

Malware authors target people regardless of their preferences, social position and surfing habits. Everybody can become a victim and the fact that some users do not present infection symptoms doesn’t necessarily mean that they got away. In today’s rapidly developing malicious environment, the one fifth of the globe population connected to the Internet has to cope with approximate 2,000 new and mutated viruses per day, almost 50,000 phishing attempts per month and more than 1,000,000 hijacked computers that spread bots, rootkits, Trojans and other malware during one year. Malware and spam are here to stay, but they can be contained in a dynamic equilibrium by resorting to all the available leverages, among which education and the use of antispam and antivirus software. Educating people about data security in this context does not even have to come down to much more than a heightened awareness of what use their e-mail address can be put to. Further knowledge about the existence of attack vectors and of the mechanisms they are part of can only increase their sense of control and safety when using the Internet as a means of communication.

Conclusion

Still today there is some debate about these internet security suites. They are certainly quick and easy to install and keep up-to-date and probably provide all the security required. However, some people believe that the protection they provide is not as good as the best-of-breed stand-alone applications, and they may combine one or two strong applications with several weaker ones. But it is undeniable that vendors have highly concentrated in the research and innovations, which in turn have produced some outstanding security suites that present remarkable performance.

—By: ‘InfoSecurity’ Bureau.