This week, Stephen Ibaraki, I.S.P., has an
exclusive interview with the universally regarded security authority, Jack
Jack Sebbag is the Canadian general manager
and vice-president of McAfee, Inc. (NYSE: MFE). He joined the company, widely
known for its security products and services—especially its IntruShield® and
Entercept® intrusion prevention solutions, in March of 2000.
Sebbag is responsible for the company's
sales and marketing for all business units for the Canadian market place. As
security threats evolve, McAfee® continues to help secure the networks of major
Fortune 500 companies as well as government, health and education sectors.
Under his direction, this region
accomplished above average growth, surpassing year-over-year, and helped the Company
establish a leadership position as a solution provider of data networking
Mr. Sebbag is the primary spokesperson in Canada
for McAfee, and regularly speaks at conferences, universities and trade shows
about security issues. His speaking engagements include the Security Track at
the 2005 Wireless & Mobile WorldExpo held in
Toronto on May
18th and 19th.
Since joining the company and prior to his
current position, Sebbag was based in Montreal as the regional director of sales for Eastern Canada and the Federal
Prior to McAfee, Sebbag spent 15 years
with Canada's largest systems integration and outsourcing companies, EDS
Innovations, focusing on the enterprise market space and turn-key solutions.
There, he spent over 12 years as a senior territory sales representative and
two-and-a-half years as Québec regional sales director.
Sebbag earned a Bachelor of Arts in
Industrial Relations and Economics from McGill University in
Q: Jack, with your extensive background in
security issues, we are fortunate to have you provide your in-depth insights
into the evolving security threat. Thank you for taking the time out of your
busy schedule to do this interview.
A: Stephen, thank you for the opportunity
to share my views on this very important topic of the evolving IT security threat.
This issue is receiving a lot of attention at all levels of management. It’s no
longer just the IT managers issue when a piece of malicious code can take out a
production line, erase a company’s financial data, or take down its e-commerce
site so that customers can’t place orders. This has gone from being a backroom
issue to a boardroom related issue and receiving attention at all levels of management.
Q: Can you define the major types of
malicious code (or malware) and other threats: viruses, worms, Trojans,
exploits, key loggers, mailers/mass-mailers, social engineering, phishing,
spam, Adware, Spyware, cookies, …?
A: Many people are familiar with the traditional
virus attacks using mass mailer techniques. This form of attack propagates via
attachments in emails that once opened propagate to other computers by
harvesting the infected system’s address book. The new attacks that we’ve seen
in the past 12 to 24 months are the result of exploits of a known vulnerability
in an operating system. Attacks such as Code Red, Nimda, Sasser, Nachi, etc.
are all well known worms that caused a lot of damage. Unlike a mass mailer
virus, a worm can propagate itself without the intervention of a user. The worm
seeks out un-patched computers (computers that haven’t applied the fix to the
known vulnerability), spreading itself from computer to computer. As the pool
of infected computers grows, the spread gains steam as there are a larger
number of computers seeking out its victims... think of it as a growing army of
The threats I just described revolve around
malicious code writers seeking a challenge to bring down as many computers as
possible. The newer attacks, such as Phishing, Spam, Adware and Spyware are all
motivated by financial gain. Phishing scams are emails using social engineering
to trick people to provide confidential information such as bank account,
credit card and other personal data to criminals seeking steel. Spyware are
software applications installed on computers whereby the user, in most cases,
has no idea it’s been installed. In some cases Spyware is used to provide
marketing data to company’s looking to learn buying habits of internet users,
internet usage information, etc... all for marketing purposes. More potent use
of Spyware applications install keystroke loggers onto a computer. A keystroke
logger actually dispatches all data being inputted into a computer; even screen
shots of the person’s computer to an unknown source using the information for
personal gain. Information stolen can include personal financial data, credit
card information, etc…
Q: Can you define other forms of attacks
such as DDOS (distributed denial of service attacks)?
A: A distributed denial of service attack
is another type of attack used by cyber criminals for financial gain. A
distributed denial of service attack commonly known as DDOS, is a flood of
requests directed at single or small number of computers, for the soul purpose
of rendering that system unable to handle any meaningful requests due to the overflow
of requests being launched at it. This type of attack is used by cyber
criminals to extort money from companies. Think of an online gambling website
receiving a note that if $50,000 is not paid by a certain date, then a DDOS
attack will be launched on its website, making it impossible to run their
prosperous online business. Most people pay the bribes to avoid these
Q: How will the threats evolve and what
should both consumers and enterprises be on guard for in the future?
A: With each attack the number of computers
infected is larger and more dangerous. Malicious code writers use remnants of
well known viruses or worms in order to travel faster and cause more damage.
Future attacks will exploit known vulnerabilities quicker then in the past. If
we think about the Nimda worm which exploited a known Windows vulnerability in
September 2001, 336 days after Microsoft announced the vulnerability, versus
the Sasser worm we saw in April 2004, whereby the known Windows vulnerability
was exploited 17 days after Microsoft announced the potential exploit. Both of
these worms caused significant damage to companies worldwide. As malicious code
writers exploit vulnerabilities in a shorter and shorter period of time, it
will give companies shorter timeframes to react, exposing them to substantial potential
damage. Here’s some food for thought...there are malicious code writers out
there right now looking to exploit unknown and un-announced vulnerabilities. A
zero day attack of this type can cause absolute chaos and infrastructure damage
like we’ve never seen before.
Q: Perimeter firewalls and anti-virus
solutions are no longer able to handle today’s threats. Why is this so, and how
effective are System or host firewalls and Intrusion Prevention Security
A; Anti Virus has done a good job in the
past of cleaning infected machines after a virus has been launched. The problem
now, with worms and viruses going global in minutes, an Anti Virus software
which is re-active in nature is no longer enough. Organizations need to move to
proactive technologies like Intrusion Prevention. Intrusion Prevention
technology (IPS), like McAfee’s network IPS Intrushield and host based IPS
Entercept, use signature based and anamole (artificial intelligence) to
proactively block attacks BEFORE they hit your infrastructure. This type of
technology puts management back into patch management. Think about black Tuesdays
when Microsoft releases it’s newest list of vulnerabilities...within a couple
of hours, the IPS technology is ready to protect organizations against attacks
exploiting these vulnerabilities. Companies can roll out the patches after
appropriate Q&A and upon resource availability.
Q: What are some high profile hits over the
last few years?
A: Code Red, Nimda, Slammer, Sasser,
Q: Give us your security best practices for
consumers and enterprises.
1) Invest in appropriate security
technologies like Anti Virus, Desktop Firewall, Anti Spyware and Anti Spam. The
investment can save you many hours of lost productivity or save you from
potential cyber criminals.
2) Keep the software updated. It’s not
enough anymore to just buy the applications. The annual subscription renewals
for maintenance are critical. Otherwise you won’t have the protection against
all the newest attacks.
3) Don’t wait till attacked before paying
attention to what is needed to keep yourself protected.
4) Subscribe to ISPs (Internet Service
Providers) who offer much of the needed protection like Anti Virus, Anti Spam,
Intrusion Prevention, Anti Phishing, etc…
1) Time to invest in proactive vs. reactive
technology like Intrusion Prevention.
2) Make Vulnerability Management and Risk
Management a regular part of your IT operations. Invest in tools that provide
information on your security posture so that you can prioritize work to protect
against the risks and threats that can have the most significant impact on your
3) Try to reduce the number of consoles
necessary to deploy, monitor and manage your best of breed security tools.
Q: What are the growth opportunities for
security companies and security professionals? Where should IT professionals
focus their training?
A: As we discussed, the threat will continue to evolve. The security
professionals who continue to keep their skills aligned with the new and
evolving threats will have an advantage.
Q: Can you detail your rich history in the
IT field: how you got into computers, your time at EDS, and then with McAfee up
to the present?
A: I joined a national computer reseller 20
years ago as a micro computer sales rep. I did not join a computer company
because of my interest in computing technology but mainly due to my interest in
sales. I carried a bag for much of my career working my way up the ranks. I
joined Computerland in 1985 and through a series of acquisitions, Computerland
became Computer Innovations who then became SHL Systemhouse who then became
EDS. Through this evolution the technology and computing marketplace evolved
After having spent 15 years at EDS, I
joined Network Associates in March of 2000. At the time the security and
network management market place were evolving at a tremendous pace. I joined
Network Associates (McAfee Inc.) at the time because of my interest in the
security space and also because I had an opportunity to join a best of breed
security vendor whose growth potential was immense. When I joined Network
Associates, I joined as Regional Director for Eastern Canada. I was
responsible for all commercial and public sector business for Quebec, the Maritimes and Ottawa. I was
fortunate to work with some of the best sales and engineering talent that
allowed us to reach unprecedented growth, making us the largest region in Canada. In June 2002 I was promoted to Canadian general
manager and vice-president position responsible for Canada sales and marketing
operations across the country. During that period, Network Associates divested
itself from no core no security technologies like Sniffer, Magic and PGP, and made
very important acquisitions like IPS technology companies like Intrushield and
Entercept that have given us the ability to dominate the marketplace in a high
growth sector. There has never been a more exciting time in my career than now.
Q: You have a long history of achievement
in sales/marketing leadership. What ten processes and attributes yield success
in this area?
A: 1) Energy
6) Ability to digest and articulate
7) Organizational skills
8) Time management skills
9) Ability to take quick and decisive
10) Ability to apply financial skills to
help manage a profitable business
Q: Jack, thank you for taking the time to
do this interview and sharing your widely-sought expertise with our audience.
A: Stephen, thank you for the opportunity
to provide some insight and for the ability to share some thoughts. I hope this
information is useful and productive.