Behavioral analysis: It’s a fact: Compromised enterprise systems are now a traded commodity in cybercrime circles. What does that mean? For one thing, it means attackers might not look or act much like attackers when they get on your network. In fact, the chances are they’ll look a lot like your employee, with a valid user name and password and not much noisy scanning or rooting about to betray them. For enterprise IT managers, that means being able to bring different tools to bear in spotting attacks that may move low and slow. Security companies across the board are moving beyond signatures, building security rules that are more flexible and rooted in an understanding of “typical” network behavior. That might mean taking note of discrepancies in the systems that are being used to access a network, spotting suspicious patterns of log-in failures, or noting attempts to reconnoiter network resources after successful log-in.
Intelligence systems: Increasingly, stopping threats on your network requires an understanding of what’s going on in the Internet underworld, where new and novel exploits are discovered, sold, and launched with little fanfare, but devastating results. Security companies such as Trend Micro are already monitoring IRC channels where botnets are leased out and managed to try to get a step ahead of attackers, whereas companies such as RSA — now part of EMC — bet big on technology from Cyota that monitors the fast-moving phishing underworld. Going forward, intelligence about online threats is going to play an even bigger role in prevention, as companies move to Web-based applications that, by definition, get a free pass through network firewalls, according to Roger Thompson of Exploit Prevention Labs, a startup that monitors and prevents exploit code. Larger security firms, companies that manage large populations of systems such as ISPs, and managed security vendors are in the best position to benefit from that shift because they can spot threats earlier and respond to them, says Bruce Schneier, CTO of Counterpane. “The benefit of the network is that you can build an immune system and immediately innoculate against attacks.”