CMP Network Computing
Log In to Network Computing
   Techweb
 
Top 11 List Security Channel SpamOmeter Internet Threat Level
Live Lab Cams Storage Channel IT Pro Downloads Network Design Manual
 Site Map |  What's New |  Current Issue |  Past Issues |  Article Index |  Newsletters |  Content Feeds |  Subscribe
Welcome to Network Computing Networking News Product Reviews, Sneak Previews, Analysis Workshops, Primers, Tutorials Site Content According to Technology Covered Forums, Blogs, Opinions Site Tools for IT Professionals Centerfold Case Studies Interactive Buyer's Guides


IT Knowledge Made Simple
Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Resilient IT / Strategies

Understanding Comprehensive Threat Management

By Tom Schmidt

The online threat landscape has changed in the last few years. Today's threat landscape is increasingly dominated by attacks and malicious code that are used to commit cybercrime. Moreover, attackers are moving away from large, multipurpose attacks on network perimeters and toward smaller, more focused attacks on client-side targets. While attack activity traditionally has been motivated by curiosity and a desire to show off technical virtuosity, many current threats are now motivated by profit. These threats frequently attempt to perpetrate criminal acts, such as identity theft, extortion, and fraud.

For today's enterprises, this altered threat landscape has some serious ramifications, particularly since many companies tend to address threats one at a time, in an "ad-hoc" manner. Such a "fire drill" approach to handling today's threats can result in operational inefficiencies and expose the organization to potential attacks that can lead to serious business downtime.

In response to this new security environment, organizations need to develop a strategy for comprehensive threat management to proactively block known, unknown, internal, and external threats at all layers of the IT environment, while still providing employees necessary access to their data.

How threats are evolving
As the new threat landscape continues to unfold, certain aspects of it are coming into clearer focus. For example:

  • Threat volume is rising In the last six months of 2005, more than 10,992 new Windows 32 viruses and worms were documented, up slightly from 10,866 in the first half of 2005. Malicious code threats that could reveal confidential information represented 80% of the top 50 malicious code samples.
  • Threat propagation speed is increasing While there have been no major gains in this dimension of the threat landscape for a few years, that's small consolation given that threats are already capable of spreading at a ferocious pace. For example, in 2001 the Code Red virus doubled its infection rate every 37 minutes. In 2003, the Sapphire worm doubled its propagation every 8.5 seconds, ultimately infecting 90% of all susceptible hosts in under 10 minutes.
  • Threats are becoming more elusive The threat landscape is beginning to be dominated by emerging threats such as bot networks and customizable, modular malicious code. Targeted attacks on Web applications and Web browsers are increasingly the handiwork of cybercriminals.

These developments and others will have a profound impact on organizations' approach to security. Take patch management, for example. In the past, when the time between the discovery of vulnerabilities and the release of an exploit was measured in terms of months, manufacturers had plenty of time to develop and release their patches and for enterprises to test and implement them.

But consider the situation today: In the last six months of 2005, the average time between the announcement of vulnerabilities and the appearance of exploit code was 6.8 days. On average, 49 days elapsed between the disclosure of vulnerabilities and the release of an associated patch, down sharply from 64 days in the first half of 2005. This leaves a large window of opportunity for potential attackers. Until a patch is released, end users and administrators are forced to implement security "workarounds" without an official fix. During this time networks could be vulnerable to compromise.

Proactive protection
It should be clear by now how important a factor time has become to the challenge of keeping the business up, running, and growing. If enterprises only needed to protect against known threats, the problem would be much simpler. But today's enterprises enjoy no such luxury. With attacks being launched against vulnerabilities that are as yet unknown (e.g., zero-day threats), traditional non-behavioral methods of protection are largely ineffective.

Enterprises instead require a solution that provides multi-layered, end-to-end security and is capable of assessing threats, monitoring controls, "shielding" individual applications, and protecting desktops. In short, enterprises require protection at all layers of the organization -- from gateway to client to internal network.

Organizations need to develop a comprehensive threat management solution that is proactive and capable of providing multi-tiered coverage of the computing environment, as opposed to just focusing on the Internet boundary.

Proactive describes the ability of a countermeasure to block a threat without having to know explicitly what it is. Instead of relying on threat-specific signatures, proactive countermeasures use mechanisms such as heuristics, vulnerability-based signatures, and anomaly detection algorithms. These provide protection not only against known attacks but, more important, against unknown ones as well. By proactively blocking, the solution provides an extended maintenance window for patch remediation, ensuring that patching can be done more smoothly, keeping systems in operation throughout the remediation process.

Multi-tier refers to the ability of a solution to provide attack protection pervasively throughout an organization, not just at the perimeter. Ideally, coverage should be provided throughout the internal network, on the network connections to remote offices, on end-user systems, and on important servers. This is necessary to protect against internal threats as well as threats that physically bypass perimeter controls. It is important to recognize here that a one-size-fits-all approach is not appropriate. Each location will have its own set of needs, thereby requiring its own unique package of attack protection capabilities.

Conclusion
Today's enterprises have complex network infrastructures, with multiple potential threat entry points and a high demand for data access (including access by partners). More than ever before, these organizations need to be protected at all layers of the infrastructure, from the desktop to gateway, network, and server. The net result: an end to the "fire drill" approach to handling today's threats.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Network and Infrastructure
Analytics and ROI
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

In 2003, the Sapphire worm doubled its propagation every 8.5 seconds, ultimately infecting 90% of all susceptible hosts in under 10 minutes.
Sponsor Tools

White Papers

View More


Resources
Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


CIO Interview: CIO of Port of Portland, Michelle Gaines
Playtime: 7 min 59 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Advertisement
Site Navigation
Home | Article Index | Newsletters | RSS Feeds | Site Map | IT Tools | Reviews | Technologies | Workshops/Tutorials | News | Forums/Blogs/Opinion | Bookstore | Jobs | RFP/RFQs | White Papers | Audio | Downloads | Editors | Webmaster | Sales and Marketing | Magazine Media Kit | Online Media Kit | Events | Reprints | Editorial Calendar
Technology News and Opinion
Small Business Pipeline | IT Utility Pipeline | Business Intelligence Pipeline | Desktop Pipeline | Compliance Pipeline | Server Pipeline | Storage Pipeline | Security Pipline | Mobile Pipeline | Linux Pipeline | Advanced IP Pipeline
Companion Sites
Independent Testing Services | Network Magazine | IT Pro Downloads | UnixWorld | Interactive Buyer's Guide | InternetWeek | InformationWeek | Transform Magazine | Pipeline Technology Sites | Intelligent Enterprise | TechWeb | Shop-Marketplace.com



TechWeb is brought to you by CMP Media LLC, Copyright © 2004
Privacy Statement | Terms Of Service