Exacerbating the problem is the decrease in response times before the latest announced vulnerability manifests in the latest
worm. When the Slammer worm in 2003 started attacking SQL Servers around the world, a patch had been out for more than six
months. And in 2001, IIS administrators had more than a month to prepare for the Code Red worm.
The Zotob worm, which this year hit Microsoft’s Plug and Play service, is a sign of things to come. Within two days of Microsoft’s
public announcement and release of the related patch, Zotob variants were emerging. By day three, tens of thousands of computers
were compromised. In fact, two of Microsoft’s three critical vulnerabilities in August 2005 resulted in worms within days.
Within a week, Microsoft saw its first publicly announced zero-day exploit. No matter how you slice it, the time between a
vulnerability announcement and the need to patch is shrinking.
The Enterprise Responds
Enterprises are demanding that vendors become better at blocking non-traditional threats and rise to the challenge through
innovation. Firewalls and anti-virus solutions aren’t enough. Our survey revealed that the largest purchasing increases (19
percent) during the next year will be for anti-spyware software and appliances. IDS (intrusion detection system) and IPS (intrusion
protection system) products continue to enjoy strong adoption (52 percent overall), but more administrators are actually enabling
the blocking functionality of those products (44 percent), which suggests that security vendors are getting more accurate
at filtering out the noise from the legitimate threats.
Interestingly, executives’ confidence level in their network security defenses is on the rise -- 53 percent responded that
they consider themselves “extremely/very confident,” compared with 46 percent during the previous year. This confidence may
be due in part to innovative vendors such as Determina, Sana Security, and Vernier Networks producing products that mark a
departure from traditional lines of defense by augmenting signature-based solutions with vulnerability-based or behavioral-based
software. Several vendors -- such as GreenBorder and SecureOL -- have products that prevent end-user workstation changes from
being saved. Microsoft is stepping into the space with its Shared Computer Toolkit which allows an administrator to define what can and can’t be saved between reboots.
Major anti-virus vendors are pushing defenses past the normal scan-and-detect activities. Even non-traditional vendors are
ramping up the fight in innovative ways. With its Network Access Control initiative, Cisco Systems is reaching past its firewall
and router roots to provide more protection by pushing security policy checks from the perimeter to the computer client end
points.
Even hardware vendors are offering defense-in-depth solutions. HP’s latest ProLiant servers and blades offer HP Virus Throttling.
If the software driver detects an unusually high number of connection requests from one client, it throttles that client’s
bandwidth, a step up from the boot-sector protection BIOS chips of years past.
Tim Nolan, information systems security officer at Bridgestone Firestone, summarizes things this way: “We are engaged in defending
networks with more challenging threats. We see a decrease in the patch window, an increase in virulence, and an increased
speed of spread for worms. What this means is that our defenses must be multilayered, increasingly heuristic, and behavioral-based
-- and involve end-user education. The solutions we pick must help us manage all of that.”
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
