ICI wants systems scanned ready for network deperimeterisation

ICI has asked IT security companies to devise a system capable of scanning hundreds of thousands of devices on its worldwide...

ICI has asked IT security companies to devise a system capable of scanning hundreds of thousands of devices on its worldwide networks for security vulnerabilities.

The move comes as the chemicals company gears up to open its corporate systems to business partners and customers.

The company aims to use the system, which will be in place by the end of the year, to provide its IT suppliers and outsourcing companies with data that will enable them to reduce the number of critical problems on ICI's network.

ICI, a founder member of IT security user group the Jericho Forum, sees the move as an essential first step in deperimeterisation - creating a network that can be opened up to companies outside ICI without compromising security.

The plan follows a smaller-scale project last year, which succeeded in dramatically reducing the number of vulnerabilities in hundreds of ICI's external websites.

Paul Simmonds, global information security director at ICI, said the project addresses growing demands from the business to open its networks to business partners and customers.

"We are not going to the business saying 'you have to work without boundaries'. The business is coming to us saying 'we want to work outside the boundaries'. They want our business partners and third parties to be able to connect to our systems," he said.

The company has put the project out to tender and is inviting suppliers to suggest solutions to the problem, which it describes as "an order of magnitude greater" than protecting external websites.

The system will map ICI's networks, which extend to more than 40,000 IP addresses; identify what devices are connected; and highlight what security problems need to be remedied.

The company is considering options including a managed service, installing dedicated security appliances, or using intelligent software agents to map its networks.

ICI proved the concept after installing the Qualysguard scanning system last year. Qualysguard identifies vulnerabilities on external websites, ranks them in order of seriousness and gives instructions on how they should be fixed.

The system enabled ICI to work with its hosting companies to fix the problems, reducing the number of critical vulnerabilities on its systems to zero.

"There is no alternative. We have to accept that our intranet is insecure," said Simmonds.

Read more on Network software