大情報 應對網絡威脅

There aren’t many markets where, when the old products have failed, customers flock back for more.

一旦舊產品不再好用，客戶會蜂擁回來，尋求更多產品，這樣的市場爲數不多。

That could explain why the leading lights of computer security – who have converged on San Francisco this week for their industry’s biggest gathering – have been struggling to strike the right tone.

這可以解釋，爲什麼計算機安全行業的領先巨擘一直竭力發出正確的聲音。近日，這些安全廠商齊聚舊金山，召開業界規模最大的會議。

Something between humility, schadenfreude and a wary self-confidence seems to be the order of the day. A Queen cover band may have launched the event with a blasting rendition of We are the Champions but the triumphalism was otherwise in short supply.

議程似乎混合着謙遜、幸災樂禍以及審慎自信的味道。一隻模仿皇后樂隊(Queen)的翻唱樂隊表演一曲高亢的《We are the Champions》，拉開了會議帷幕，但除此以外，會上再找不到多少勝利色彩。

Recent headLines suggest that even the best-defended computer networks resemble Swiss cheese. But, if the old approaches to security have been discredited, there is no shortage of new companies springing up with promises of better ways to plug the gaps – or at least make a lot of money trying.

最近的頭條新聞表明，即便是防禦最嚴密的計算機網絡也一樣漏洞百出。不過，每當舊有的安全策略失去人們的信任，總會馬上冒出一批新公司，承諾拿出更好的辦法填補漏洞——或者至少在嘗試做到這一點的過程中大賺一筆。

The IT security market, worth some $65bn this year, is set to grow at 9 per cent annually for the foreseeable future, according to Gartner – which is a lot faster than the IT industry as a whole. Since large parts of the security market are barely growing, that leaves plenty of opportunity to cash in on new approaches.

高德納(Gartner)指出，IT安全市場今年規模達650億美元左右，在可預見的未來，年增長率將達9%，這比整個IT行業的增長快多了。由於安全市場的大部分都增長乏力，因此從開發新安全策略中獲利的空間巨大。

The dirty secret that the security professionals can no longer keep to themselves is that their old defences – which were aimed at protecting PCs and other devices that comprise the endpoints of computer networks – no longer work.

安全專業人士無法繼續祕而不宣的祕密是，他們傳統的防禦策略不再奏效。這種策略旨在保護構成計算機網絡終端的PC以及其他設備的安全。

Anti-virus software has proved ineffective against the most sophisticated attacks – and therefore the ones likely to cost most in terms of damage inflicted or intellectual property lost.

事實證明，在複雜的攻擊面前，反病毒軟件效果不佳。因此面對可能造成最嚴重破壞、或者導致知識產權損失的攻擊，它們也將無效。

Hopes for a fightback are now pinned on two very different approaches.

反擊的希望寄託在兩種截然不同的方式上。

One involves spotting so-called malware long before it reaches its intended targets. Companies such as Palo Alto Networks, one of last year’s hottest tech initial public offerings, and FireEye, tipped to follow it, specialise in appliances that sit at the gateway to corporate or government networks, looking out for such threats.

其一是在所謂的惡意軟件到達攻擊目標之前，就將其辨認出來。去年上市的最熱門科技公司之一Palo Alto Networks，以及緊隨其後的FireEye，專門生產這樣的防禦軟件，軟件把守企業或者政府網絡的網關，監視此類威脅。

Pulling suspicious-looking email attachments and testing them in ringfenced “sandboxes” before allowing them to be delivered offers the promise of filtering out many of these malware threats, almost in real time, according to Asheem Chandna, a former security industry executive and now venture capital investor at Greylock.

安全行業前高管、現爲Greylock風險投資家的阿西姆?錢德納(Asheem Chandna)表示，在郵件投遞之前，分離可疑的郵件附件，放在隔離的“沙盒”中測試，有望過濾掉大量此類惡意軟件的威脅，而且幾乎是實時的。

This may sound like a natural market for networking companies such as Cisco and Juniper. But, as so often in technology, start-ups have set the pace so far. With Palo Alto trading at 10 times revenues, some high-priced acquisitions seem likely as the industry giants add to their arsenal of defences.

這可能聽起來就是思科(Cisco)或瞻博網絡(Juniper)等網絡設備企業的天然市場。然而，在科技行業，初創企業往往先行一步，引領趨勢。Palo Alto的市銷率已達10倍，隨着業界巨頭增添其安全領域的軍火庫，未來可能發生一些高價收購交易。

The second approach begins with an acceptance that even the best-secured networks will be penetrated. If the attackers are assumed to be already on the inside, then the focus shifts to identifying their tracks as they move around – while making sure a company’s most important digital assets are harder for the intruders to locate and extract.

第二種方法認爲，即便是防衛最周密的網絡也會被滲透。如果假設攻擊者已經進入網絡內部，那麼重點就轉移到在攻擊者四處作亂之前找出他們的行蹤軌跡，同時保證企業最重要的數字資產更加難以被入侵者鎖定、竊取。

Latching on to another of the tech industry’s big promises, the security purveyors have discovered big data. Pattern recognition – using reams of data to identify normal types of behaviour on a network, in order to spot the anomalies – is becoming the order of the day.

科技行業還有一個宏大的承諾——大數據，深諳這一點的安全企業已開始對之加以利用。模式識別正在提上議程。模式識別是指使用大量數據甄別出一個網絡中的正常行爲模式，從而發現異常行爲。

The result is what Francis deSouza, president of products and services at Symantec, calls “big intelligence” – in which a stronger situational awareness and a better sense of behavioural norms are the main lines of defence.

賽門鐵克(Symantec)產品與服務總裁弗朗西斯?德蘇扎(Francis deSouza)稱這種方法爲“大情報”，即以對網絡情況和正常行爲模式的更強把握構成主要防禦陣線。

Yet the big data promise can only go so far. The extent of the architectural shift in computing, as the client-server age gives way to the cloud, raises profound challenges to the old methods of securing data. The number and variety of computing endpoints is multiplying almost exponentially as mobile devices and, increasingly, machine-to-machine communications proliferate. A tide of data are starting to flow out of corporate networks to tap services that live in the cloud, turning the old defensive barriers into virtual Maginot Lines.

然而，大數據帶來的也就這麼多了。隨着客戶端-服務器時代讓位於雲端平臺，計算架構的大規模轉移對保證數據安全的傳統方式提出了巨大挑戰。隨着移動設備以及越來越多的機器與機器之間通信量的激增，計算終端數量和類型幾乎呈幾何級數增長。潮水般的數據正開始從企業網絡流出，轉而利用雲端服務，使傳統的防禦壁壘成了虛擬世界的馬其諾防線。

At least the security industry, accused alternately of alarmism and complacency, now has a more realistic way to talk to its customers. The big data promise is that, although the enemy is wily and will find ways to break in, the defenders have smarts of their own. They may sometimes lose this cat-and-mouse game, but at least there is a chance of minimising the damage. And, besides the improved rhetoric, there is another benefit to these new approaches: some of them might even work.

至少，總被指責聳人聽聞、自鳴得意的安全行業，現在能夠更加實事求是地同客戶交談。在大數據的承諾下，即使敵人詭計多端，總能找到破門而入之道，防護者也有自己的應對技巧。防護者有時可能會輸掉這場貓捉老鼠的博弈，但至少有機會把損失降至最低。這些新的策略不光聽起來更美好，還有另外的優點：其中有些還是有可能起作用的。