Intelligence at Your Fingertips

Tom Schmidt

For today's "always on" enterprises, mitigating risks and proactively protecting their business are becoming more challenging every day. That's due in part to a continually evolving threat landscape. As the latest edition of the Internet Security Threat Report observed, four trends are having a particularly profound impact on all enterprises:

• A clear shift to financially motivated attacks Today's threat landscape is coming to be dominated by emerging threats such as bot networks and customizable modular malicious code. Whereas traditional attack activity has been motivated by curiosity and a desire to show off technical virtuosity, many current attackers are motivated by profit. They often attempt to perpetrate criminal acts, such as identity theft, extortion, and fraud, for financial gain.
• An increase in vulnerabilities Between July 1 and December 31, 2005, 1,896 new vulnerabilities were documented -- the highest recorded number since 1998. The company documented 40% more vulnerabilities in 2005 than in 2004.
• Continued rise of severe vulnerabilities Over the past four six-month reporting periods, the vast majority of vulnerabilities have been rated as either moderate or high severity, with only a small percentage rated low severity. This pattern continued over the current reporting period. During the final six months of 2005, most of the vulnerabilities that have been documented were either moderately or highly severe.
• An increase in malicious code Over the second half of 2005, more than 10,992 new Win32 viruses and worms were documented. For the sake of comparison, that's a 49% increase over the 7,360 documented in the second half of 2004.

The bottom line: such an environment threatens to overwhelm already burdened IT departments. The situation is exacerbated because many companies tend to address threats one at a time, in an ad-hoc manner. Such a "fire drill" approach to handling today's threats can result in operational inefficiencies and expose an organization to potential attacks that can lead to serious business downtime. Clearly, a better approach is needed.

An eye on the storm
Early Warning Services provide customized alerts of worldwide cyber attacks -- as well as countermeasures to prevent attacks before they occur. Armed with this advance notice of cyber attacks, customized threat analyses, and knowledge of effective mitigation strategies, enterprises are better able to mitigate risk, manage threats, and ensure business continuity.

To use an analogy, Early Warning Services are like weather satellites. One hundred years ago, there were no weather satellites and people had no warning that a hurricane was headed their way. Too often they didn't have time to protect themselves or get to safety. The result was that they often suffered serious harm. Today, sophisticated weather satellites enable us to see a hurricane forming days or even weeks in advance. This early warning gives local residents time to board up their windows and head to higher ground. With early warning, the risk of serious harm is greatly reduced.

Too often today, IT administrators become aware of an information security threat only when it hits their systems. An Early Warning Service provides the same type of early notice that today's weather satellites do by monitoring the Internet for the next storm, or attack, that's developing and heading our way. The only difference is that information security threats move much faster than weather; administrators must respond in hours or minutes instead of weeks or days. But by knowing that a security threat is rapidly spreading and the threat is targeting a specific vulnerability with a patch already available, administrators can then use this information to make better and quicker decisions.

Maintaining business continuity
Early Warning Services can provide a global view of emerging security trends and compare an individual company's log data with global data. These services can also provide the analysis necessary to evaluate risks and to make tough decisions such as when to isolate network operations or block groups of users. Having a credible and reliable source for making decisions enables organizations to understand the risks and potential costs of specific attacks. This enables them to keep their critical systems online and maintain business continuity.

Early Warning Services also allow organizations to allocate security resources more effectively. They help security staff tailor their security strategy toward the specific incidents most likely to occur and the attacks with the greatest potential to harm their unique IT configuration. As a result, they can use their existing security infrastructure more strategically by identifying the most critical changes to implement and any additional investments that need to be made.

In addition, Early Warning Services enable organizations to optimize limited resources and increase productivity by delivering focused alerts containing detailed threat analysis and actionable information. This focus can help organizations improve their overall business efficiency.

Ultimately, organizations that are able to avoid or reduce the impact of an attack save both time and money. By maintaining business continuity and improving their overall efficiency, organizations are better positioned to achieve business goals. Reducing the risk of a successful attack helps an organization avoid damage to its brand reputation, loss in company value, and loss of resources used to remediate a damaged network.

Conclusion
Targeted attacks are on the rise as hackers increasingly write malicious code for monetary gain rather than for notoriety. As a result, organizations must know when a targeted threat appears on the threat landscape. Early Warning Services can provide actionable intelligence throughout the entire threat lifecycle. This enables enterprises to prioritize IT resources to better protect critical information assets against a potential attack. Increasingly, Early Warning Systems are helping enterprises reduce risks and control costs.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.