Story & photo by Oliver Samson
YOUNG Filipino software developers at Pandora Security Labs are excited over the completion of an enterprise-firewall they’ve been working on for nearly three months.
The completion of Synapse in the fourth quarter is timely as the company is expanding operations in Singapore next year, said Edison Pama, one of the architects of the software.
Pama said they began working on the software as Pandora Security Labs foresees the need of small and medium enterprises (SMEs) here and abroad for a firewall that is bundled with other services. He said their software called Synapse would be offered like so in recognition of that market need.
“Most SMEs in the country, and, perhaps, as well as in other sections of the globe, have an existing firewall,” he said. “But often these organizations could not manage well this basic security tool.”
Pandora Security Labs envisions Synapse would get on board the health care, logistics, manufacturing and retail sectors here and abroad, said Dominic Lucenario, another software architect.
According to his colleague Pama, the company would offer Synapse “in a way a power consumer pays his monthly electricity bill.” “The customer would not pay any annual cost for the software license,” he added.
The Data Privacy Act of 2012, which requires organizations in the Philippines in custody of personal information to safeguard them, would generate a local demand for security software like Synapse, he added. “With the data-privacy law in place, SMEs are obliged to take information-security measures to protect personal data in their storage,” Lucenario explained.
Right people
PAMA noted that security software is not enough in securing an enterprise’s network.
“An organization should have the right people managing these security tools.”
A number of organizations had failed in securing their network for lack of awareness, according to Jeno Rigor, Pama and Lucenario’s colleague.
“Some people tend to take information security for granted because they have no idea of the extent of impact when the system is compromised,” Rigor said. “Aside from having the right tools, you have to educate your people.”
The people in an organization, especially key ones, should have idea of what responses are undertaken before and after an attack, he added.
Usually, the weakness in the information and communications technology (ICT) infrastructure lies in the people in an organization, not in the security software, Pama explained.
Securing the network requires the customer’s cooperation, he said. The security provider is rapidly responding in vain if the customer does not take prompt and proper actions. According to Pama, they started developing Synapse about two months ago. They estimate its release in the fourth quarter of the year.
The firewall is currently being tested, Rigor said. He added the functions of this security tool are undergoing tests to determine if they are working.
More difficult
THE trio said securing an ICT infrastructure is more difficult than assaulting it.
“You have to know the nature of the attack,” Lucenario said. “You have to find out how the attack has penetrated so you can protect yourself.”
Pama said most of the attacks on their customers in the Philippines are traced to local attackers. Recent attacks were aimed at defacing web sites. Some of the attackers were “script kiddies,” or those honing their skills in penetrating ICT systems.
Identifying the attacker is extremely difficult, Rigor said.
“One cannot be so sure if the attack is coming from a particular state just because the IP [Internet protocol] address is traced back [to] it. The attacker can exploit a proxy and make him appear he is located in one state when actually he is based in another,” he added. “The IP address is not enough in establishing the identity of the attacker.”
When asked if they would develop a cyber weapon in the interest of national security, Rigor said they might accept the job as long as it conforms to the founding principles of Pandora Security Labs.
Lucenario said they are discouraging users from connecting to free Wi-fi networks as attackers can set up free Wi-fi networks and make them appear legitimate. “The attackers can easily name it after a well-known establishment,” he said. “The users are vulnerable since most of them are coming from a perspective of connecting for free.”
Staying relevant
THE trio graduated from Computer Science with specialization in network engineering at De La Salle University in June 2014.
“Before graduation, Pandora Security Labs was already being envisioned,” Pama said. “So we got on board after graduating.”
Being graduates and batch mates at the same school had helped them rise above the challenges when the company was still taking baby steps, he added.
“Our interest in the jobs that Pandora Security Labs delegates and the company’s confidence in our technical competence motivate us,” Lucenario said.
Every day they assume different roles that are aligned to a weekly road map as securing networks requires a dynamic organization, Pama said.
“One day we develop security software, another day we assess network and website vulnerability,” he added.
As part of the job to help customers secure their networks and websites, at times he assumes the role of the researcher, according to Lucenario.
“We need to check regularly for any changes in terms of vulnerability,” he said. “We have to be always updated. To do that, we have to do researches.”
Researches are also needed to keep the company’s technology updated, Pama said. Keeping the technology relevant is a challenge. The company continuously looks for resources to keep it updated.
“For us, the fact that we are still here after three years is already an achievement,” Lucenario said.
Image credits: Oliver Samson