Fortinet CEO Ken Xie on Fighting Content Threats

From the Sasser worms to phishing attacks, the Internet has been crawling with malware this year. Fortunately, there are people like Ken Xie who are ready to fight the good fight.

As founder, president and CEO of network-protection firm Fortinet, Xie has seen more than his share of the techno-enemy. In an exclusive interview with the E-Commerce Times, Xie talked about the threats that still remain and what can be done in the battle against the bad guys.

E-Commerce Times: You’ve talked about “content threats” before. What do you consider to be a content threat these days?

Ken Xie: Content threats are usually executable programs embedded within seemingly legitimate traffic. They cannot be identified solely by analyzing the source and intended destination of Internet packets or streams, but rather require an analysis of the contents of Internet communications.

Examples include viruses, worms and Trojans that are most commonly distributed using protocols that are inherently trusted, such as e-mail and Web traffic, and that are therefore let through by firewalls. To identify a content threat requires intelligent analysis of Internet traffic to detect the telltale patterns that identify malicious code.

ECT: How can HTML Web traffic be used to distribute viruses and other malicious attacks?

Xie: There are several ways. While people often think of e-mail as the primary method of spreading attacks, many attacks are actually contained within files that are attachments to e-mail messages. Many people become infected by using Web-based e-mail, because Web e-mail is often not scanned by host antivirus software. Another way is by putting a link to an infected file in a Web page. The user can become infected by clicking on the link in the same way that they become infected by opening an e-mail attachment.

Even more insidious are so-called browser-based attacks that don’t require any action on the part of the user other than going to a particular Web page to become infected. HTML code can deliver JavaScripts and other executable code that activates automatically without user action once they navigate to a particular page. This method can be extremely effective for distributing Trojans to unsuspecting users that can later allow access to a machine by a hacker.

ECT: What do you think is the largest virus threat right now?

Xie: A big concern is the fact that viruses and worms are no longer being created simply for the amusement of the attacker, but now carry a commercial motivation because of the link-up with spammers. This is a dangerous combination. In terms of virus activity, the SoBig virus, though forgotten by many, is still among the most active threats, showing great staying power and indicating how difficult or impossible it can be to eliminate a threat.

Finally, the greatest threat is probably the one that hasn’t happened yet, such as the massive attack that takes down significant portions of the Internet or does more than simply spread, but actually wipes out users’ data and hard drives.

ECT: What can be done to minimize these threats?

Xie: Dealing with these threats will require a layered security approach that provides both network-layer and content-layer security in the core, where the service provider network connects to the enterprise and the endpoints like PCs and servers. Today, network-layer technology such as a firewall is available for the core, edge and endpoint, but content-level security has been limited almost exclusively to the endpoint with technologies such as host antivirus software.

The challenge now is to deliver content security in the network itself — at the edge and in the core. This requires high-performance, intelligent and integrated antivirus and intrusion-prevention technologies that can be deployed in the network without reducing performance, and at reasonable cost.

ECT: Is it realistic to hope that most virus threats on the Web can be stopped? Or will it always be a problem requiring higher and higher levels of security?

Xie: If the acceleration of the Internet has taught us anything, it’s that we will forever be in a constant state of evolution. We will never be able to stop all viruses. Simply put, there are more people out there writing the malicious code than are trying to stop them. But the rate of success of these attacks can be significantly reduced if security ceases to become an afterthought within companies and is brought to the forefront of both IT and business planning.

ECT: Are there benefits to using an all-in-one security appliance, or should a company have several different hardware components for security?

Xie: There are several benefits to an all-in-one appliance. The most obvious benefits are cost, both in terms of initial equipment procurement and installation as well as ongoing administration and maintenance. In many cases, the cost of an integrated security system comprising a wide range of functions such as firewall, virtual private network, intrusion detection and prevention, antivirus, Web-content filtering, antispam, can cost as little as one-fifth to one-tenth the cost of a system made of individual components.

A less obvious, but equally or even more important benefit of integration is better security. Today’s threats are increasingly sophisticated. So-called “blended threats” can combine aspects of viruses, worms, Trojans, intrusions, DDoS and other threats in a single attack. In addition, attackers are becoming increasingly effective at “finding the seams” between disparate security systems.

Integrating independent security systems together and keeping them all up-to-date and able to coordinate their actions in the face of a fast-moving attack is a daunting if not intractable task. To deal with today’s and tomorrow’s blended threats requires a more integrated, holistic approach to security in which all functions are designed under a common architecture and can work together in real time.

ECT: What do you like most about working in security?

Xie: I think it’s fascinating because every evolution in the Internet — commerce, voice and video, peer-to-peer and so forth — generates a corresponding and often critical new set of security issues. This has been the case since I first became interested in networking and hasn’t stopped. In fact, it’s accelerated.

ECT: What do you find to be most challenging about your work?

Xie: Making sure that we meet customer expectations every day. If people didn’t trust banks and the financial system, our vibrant economy simply couldn’t exist as we know it. If we can’t make the Internet and networking in general an activity that people trust, we will never fulfill the incredible promise and potential of ubiquitous access to information in all forms.