The trick is in being able to effectively baseline good behavior in such a way as to be able to filter out suspicious or malicious behavior. So, instead of looking for a Stuxnet, or a Zeus or other specific malware program, the focus should be on understanding what normal behavior is, in order to identify the abnormal or potentially malicious behavior generated by such malware.
Security-incident and event-management tools and network anomaly detection tools have delivered bits and pieces of this sort of capability for some time. Going forward the goal is to integrate even more log data and other security event information from multiple sources and to correlate it using risk-based scoring methods, said Jerry Skurla, vice president of marketing at NitroSecurity. "What people underestimated is the amount of data that needs to be looked at," in order to detect and effectively deal with security threats, he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His email address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Topic Center.