Emerging trends in malware attacks have highlighted the need for business to change its thinking on security, industry spokespeople say.
Scott Ferguson, regional director of Check Point Software Technologies, has urged business to expect increased numbers of more complex attacks.
Steve Bittinger, Gartner analyst and research director agreed with Ferguson. “It's a constant battle, the question is, are we positioned to cope with the ever-increasing levels of vulnerability?” Bittinger said.
Ferguson said that, traditionally, attacks were on networks but in the past nine months or so hackers were “moving up the food-chain” to attack protocols, operating systems and applications.
Most businesses still relied on network-based firewalls for protection. “Most firewall technology is based on networks, and does a good job of protecting the network. The challenge is [that] most attacks nowadays aren't targeted at networks. No one blames the firewalls though, they're blaming Microsoft [in the case of Slammer and Blaster]," he said.
Ferguson said organisations must become savvier about the emerging nature of attacks, as demonstrated by the Slammer and Blaster worms of recent months. He said companies should view security as a business issue rather than just a technical problem. “As more businesses rely on IT infrastructure, they become more vulnerable.”
He said it wasn't realistic to expect vulnerability-free software. He advocated an “onion-skin approach” where additional layers of security were continually added to protect against attacks.
Bittinger said the old approach to security was to make the firewall like a drawbridge, allowing certain trusted people through. Instead, companies should create a global network where all members had equivalent levels of multi-tiered security. Customers would pass several checkpoints, depending on which area they wished to access.
Ferguson said that malware was more quickly exploiting network vulnerabilities.For example, after the SQL Slammer vulnerability was identified, the attack took around 14 weeks to occur, but the Blaster attack came just seven weeks after notification of the hole was posted, he said.
Bittinger agreed a fast response was key. If organisations could get to a stage where they were “tapped into the network” then a critical breach of security anywhere could be quickly identified and a defence strategy, ideally able to be conveyed and implemented worldwide, could be posted, he said.
Ferguson said careful planning was required to install patches across a large network as this would take considerable time and may affect business operations during the patching. Businesses needed to be aware of the trend attacks were taking so they could plan their security strategy, Ferguson said.