Friday, September 24, 2010

Threats on Several Fronts

Old vulnerabilities may reappear in several ways

The security threats to business are real and relevant. No longer are they simply predictions about attackers using personally identifiable information sometime in the future. Breaches are occurring regularly. Recently, worms have been released to harvest computers for malicious activities. In addition, prominent companies have been hit by targeted backdoor data breaches.

Although the frequency of attacks is escalating, most corporate directives are to reduce costs, cut vendors and minimize the overall complexity of security. At first glance, it seems that companies cannot do both: They cannot improve their security posture without adding new tools and headcount.

The best approached security is part of a total business strategy. Security as an afterthought stops business activity, but security built into the fabric of the business enables activity. It is quite common that old vulnerabilities may reappear in several ways:
  • After a data failure, a system is restored from an old backup that is missing current security patches.

  • A vendor adds new functions to a popular software application by incorporating code from other packages, but fails to identify the classic application logic flaws in the original application.

  • A software package encapsulates or repurposes components from a third party. At some point, the third party releases security fixes for the component. Because the authors of the main software package are unaware of the update, they fail to provide customers with the necessary fixed.

  • Embedded and certified systems may contain older operating systems or applications for simplicity and stability reasons (such as the operating system on a multifunction printer). Such systems are either forgotten or neglected because they are so difficult to update.

What can Security managers Do?

In response, security managers are putting network intrusion prevent devices in front of their servers. These contain current virus signatures and are updated with signatures describing new vulnerabilities and attacks. At the application level, there are lot more use of scanning tools that are updated weekly to look for potential vulnerabilities.

But companies also should heed the potential of Web 2.0 and the spread of computing capabilities and access among customers. The real question can be: "How do we protect our customers' customers? As companies provide access their customers, you have to ask what operating systems the customers are using. What's the status of the browsers they're using? It becomes tougher for companies to protect themselves from potential vulnerabilities on machines they don't own or control.

The use of more-advanced heuristic malware engines are highly recommended. Instead of using a one-for-one protection model that looks for specific virus signatures, these engines can be used to protect companies from entire classes of malware because they look for behavior rather than specific code. So they identify the behavior of both old and new vulnerabilities. These engines will continue to perform whether 100 or 100,000 new vulnerabilities are discovered.

No comments: