IBM trials enterprise deep packet sniffing

IBM has started developing security software that used deep packet inspection and "man-in-the-middle" attacks on internet traffic to lock down consumer devices on enterprise networks.

Dr Paul Ashley, engineering manager at IBM's security lab on the Gold Coast, told iTnews the techniques were being used to bring "application control" to enterprises.

"[Companies] have good, strong front doors - they have a nice DMZ with firewalls and IPS and all this monitoring," he said.

"What hackers are really doing is saying 'that's a hard way of getting into the enterprises. An easier way is to go in through the users'."

Though enterprises largely had a handle on existing applications on company-approved computers, the increasing trend for employees to bring personal devices into the workplace posed a new security issue, Ashley said.

The prevalence of circumvention technologies like port and protocol hopping amongst even legitimate thick client applications saw IBM resort to techniques usually reserved for hacker and penetration testers within sandboxed environments.

This included wide use of deep packet inspection to identify certain applications, which would be cross-checked against a database of classified Web applications collated by IBM's X-Force security team. That portfolio was growing by one to two applications per week, according to Dr Ashley.

Forthcoming software from the company would also likely use "man-in-the-middle" attacks to circumvent those Web applications using the secure HTTP and SSL protocols, which Dr Ashley said was necessary in cases where the application was unknown.

"Applications 15 years ago obeyed a set of rules... that's all gone," he said.

"In the last two years, we've gone away from the 'teenager in the bedroom' sort of attack to something much more corporate; government attacks, mafia-type attacks, criminal organisations which are much more sophisticated, much more targeted.

"We're seeing a change from attacking through the door and instead getting something on to your devices as a stepping stone into your organisation."

James Hutchinson attended the Pulse 2011 Conference as a guest of IBM.