Plan to Fight Back Against Hackers Causes Stir
A new security company is running with the idea that it's simply not enough to protect a corporate network anymore. They say it's time to fight back. But analysts worry that attacking back will cause even more trouble.
But some members of the security industry worry that giving IT managers the tools to attack their attackers could cause far more serious problems than it would solve.
Symbiot, Inc., a fledgling infrastructure security company based in Austin, Texas, is getting ready to release its first product at the end of this month. The company's Intelligent Security Infrastructure Management Solution uses artificial intelligence software to analyze network patterns, manage attacks on the network and respond to them.
What is causing a stir in the security community is the response part of the plan.
Symbiot's founders are looking to fight back against hackers, virus writers and denial-of-service attacks by launching counterattacks. It's time, they say, for the attacked to become the attackers.
''Threats to the enterprise network are evolving at an unprecedented pace,'' says Mike W. Erwin, president of Symbiot. ''Businesses can no longer afford the substantial financial resources and manpower associated with the endless loop of building walls and repairing and rebuilding them after each attack -- only to repeat the process day in and day out.
''Responses would include many different levels, graduated from blocking and quarantining to more invasive techniques,'' he adds.
So far, however, Symbiot executives are not saying exactly what these 'invasive techniques' will be. Erwin would only go so far as classifying the countermeasures as 'non-destructive, destructive-recoverable, and destructive non-recoverable'. He does say that blocking, shunning and diverting attacks will take care of most threats.
But it's the term 'counterattacks' and what that might mean that has security analysts concerned.
Launching a retaliatory denial-of-service attack against an aggressor opens up the door to a whole host of questions. How would that counterattack affect ISPs? What would it do to network traffic and corporate bandwidth? Would the attack target unsuspecting users whose computers have been compromised by a virus and now are being used to send spam or denial-of-service attacks?
''This is not the best of ideas,'' says Steve Sundermeier, a vice president with Medina, Ohio-based Central Command, Inc., an anti-virus company. ''Think about how Code Red or Blaster affected bandwidth as a whole. A counterattack would only add additional weight to the to the bandwidth pressure. That could put the Internet into a crawl.
''You're putting companies at risk,'' he adds. ''You're putting people's livelihoods at risk... It just isn't a good idea to repay evil with evil.'' See Continuation: How Will ISPs and Users be Affected?