With growing awareness of Internet threats, most organizations are relying on a combination of gateway firewalls and antivirus software to protect themselves. However, today?s new computing threats are being designed to work around these technologies.

Internet threats result from activities like Internet access, file sharing, instant messaging and emails. While browsing the web, users may unknowingly visit malicious web sites from which hackers may exercise control over the user?s machine, download files, or install keyloggers or other malcode.

When users share files using peer-to-peer networks, they often download spyware and malicious mobile code along with the intended work product. Instant messaging can be used to transmit proprietary company information in unencrypted format and transfer file attachments that completely bypass the existing security infrastructure.

Email gives hackers an easy way to distribute harmful content. Email messages can include file attachments infected with viruses, worms, Trojan horses, or other malware. Phishing is another threat that capitalizes on the popularity of email as a communication tool.

With the growing sophistication of Internet threats, it is important to understand how far existing security tools are able to protect the organization, and where they fall short. A firewall, for instance, is simply a program that filters the information coming through the Internet connection into a private network or computer system. ?Firewalls inspect incoming data packets and check against the firewall rules on whether to accept or reject the traffic. Its main function is to block all but authorized traffic,? said Karl Verhulst, director, Product Marketing, Computer Associates.

But configuring a firewall is not straightforward; too tight a configuration may prevent the company?s employees from effectively doing their work, too lax a configuration and everything can get in and out. ?Unfortunately, most companies choose the latter and forgot to tighten or customize their settings,? said Charles Cousins, managing director, Sophos Asia.

Also, many Trojans cannot be detected by a firewall, said Cousins. ?They can only be stopped on the desktop, by installing good, up-to-date antivirus and employing an effective desktop client firewall.?

An antivirus software program scans files to identify and eliminate computer viruses and other malicious software (malware). Antivirus software typically examine files to look for known viruses by means of a virus dictionary, or identify suspicious behavior from any computer program which might indicate infection.

Once it detects an infected file, an antivirus software will quarantine it in order to prevent it from multiplying. It then tries to clean up the file by erasing the virus code and by repairing the damaged parts. As some virus infect files in their entirety, it may be impossible to recover them. The antivirus will quarantine these files and suggest that the user delete them.

However, gateway firewalls and antivirus software alone cannot protect against complex and varied malcode that threatens IT infrastructures today. Firewalls can detect web traffic, but most have no means of monitoring the specific information being transferred. Antivirus software is reactive but not preventive, and effective only against specific threats, said Curtis Staker, president, Websense.

?A comprehensive way to protect against Internet threats is to supplement existing security systems like firewalls with content-level protection systems. For mobile devices that are reconnected to the organization network, content-level protection software needs to reside on the device to protect against these threats,? said Staker.

The key to content-level protection is its ability to monitor and filter content from the Internet, chat rooms, instant messaging, email, email attachments, and all other operating system (OS) applications, he said. Content filtering is accomplished using a library of terminology, words and phrases that are compared to those originating from the content of the Internet browser and OS applications. If a match occurs, the data can be filtered, captured, blocked, closing the application, or a combination of any. Content filtering requires an agent on each workstation to check the content data to see if it violates the company?s policy.

The software must cover the servers, the network and the client devices to provide better protection against Internet threat. The number of web security vendors available makes choosing the right content-level protection system difficult as well. The different systems available in the market offers different graphical user interface for administrating the security policies and some offers additional tools for generating reports and other value-added services. But the approach and logic in tackling the Internet threats are similar. The software blocks or advises the users on detection of suspicious contents either on the network layer or on the client devices.

?The key factor in choosing the right content-level protection system is to determine how comprehensive its database is. The content-level protection system uses the database to filter out web sites that are deemed to be of risk,? said Staker.

Email security vendors such as CipherTrust, MailFrontier and Barracuda Networks are also incorporating filtering capabilities into their products for compliance control. CipherTrust?s IronMail 5.0, for example, features Compliance Control that scans an organization"s outgoing mail for content that should not leave the company per corporate policy or government regulations. As companies filter incoming mail for viruses, spam and other messaging abuses, it makes sense to use the same products to scan outbound messages to ensure sensitive information isn?t leaving the corporate network, said Matt Cain, an analyst with Meta Group.

As the number of security technologies grows ? firewall, antivirus, content filtering, intrusion detection and others ? there is also an emerging argument that it makes sense to load all these platforms on a single device to save capital and operational costs, and perhaps even to improve security.

Vendors such as Cisco, Crossbeam Systems, Fortinet, Juniper, SonicWall, Symantec, Secure Computing and ServGate jumped in to offer products in this category. A recent study by IDC says it expects even more vendors to enter this market, which is expected to boom over the next few years. In 2003, the total sales in this category were US$105 million, according to IDC, but that is expected to grow to US$3.5 billion by 2008. Sales of multi-function platforms will cut into the revenues that today go to firewall/VPN appliances, IDC said.

This growth is in part because these multi-function products, which in many cases grew out of firewall technologies, are maturing and overcoming some of the shortcomings they may have had earlier, experts say. For instance, some suffered performance hits when all security platforms were turned on, says Zeus Kerravala, an analyst with The Yankee Group. ?They didn?t scale very well because they were a firewall, and they added other security to it later. But now they have a lot of processing power to handle all functions,? he says.

Integrated security appliances (ISA) continue to draw attention from businesses, agreed Epsilon Ip, director of Technology, Asia Pacific, WatchGuard Technologies. ISA functionalities include firewall, VPN, intrusion detection, antivirus, anti-spamming, URL filtering and content filtering in a single appliance. ?Small and medium enterprises that are faced with limited budgets and resources to acquire and manage separate platforms for each function will benefit from the convenience of an integrated security appliance,? he said.

For those who prefer single-function devices, the good news is that vendors are working out management that supports a single-policy engine that applies a central policy across all the platforms? different functions. Check Point, for example, launched its NGX platform in May this year to provide single console management of internal perimeter and web security solutions, said Kelvin Lim, regional manager, South Asia, Check Point Software Technologies.

Chris Christiansen, vice president of Security Products and Infrastructure at IDC, said individual point products like firewalls can certainly help organizations protect themselves, but it is becoming more critical for enterprises to be able to easily manage and receive security information from a suite of security products. ?The average enterprise customer is plagued with too many devices to manage, a corporate security policy that is difficult to enforce and monitor, and an inability to comprehend or respond to threats in real-time,? he said.

Tan Goh Beng, chief, Technology Solutions, NCS, said there is a growing demand for security management solutions which allow for central management and also provide functionalities on the correlation and analysis of security data such as logs from firewalls, intrusion detection systems and applications systems.

Lim of Check Point pointed out that one of the key concerns in the market today is in managing the growing number of security tools in an age where compliance issues are getting more critical. ?Developments in products often follow market demands,? he said.