Browse archive

Latest news

(IN)SECURE Magazine issue 38 released

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

Failed backups endanger revenue and productivity

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

Hacking charge stations for electric cars

Early Alerting - The Key To Proactive Security

by Nigel Beighton - Special Projects Director for Symantec - Wednesday, 2 June 2004.

The security challenges facing today's enterprise networks are intensifying -- both in frequency and number. The Blaster worm arrived just 26 days after Microsoft disclosed an RPC DCOM Windows flaw and released a patch for vulnerable systems. The worm took advantage of what some security experts have called the most widespread Windows flaw ever. For a time, Blaster was infecting as many as 2,500 computers per hour.

One thing is becoming unmistakably clear: Time is no longer on our side. As an indication of just how much the environment has changed, consider that the far-reaching Nimda and Slammer worms had vulnerability threat windows of many months, leaving plenty of time for the vendor of the vulnerable software to create a patch and warn the public, reducing potential threat damage. A study conducted by Qualys and released in July, that correlated nearly 1.5 million scans over the course of a year and a half found that 80 percent of exploits are released within 60 days of a vulnerability's announcement. Security specialists often speak of the "vulnerability threat window," or the time between the discovery of a vulnerability and an exploit of that vulnerability by a specific threat. Blaster, as we have seen, arrived just weeks after Microsoft announced the RPC DCOM vulnerability, leaving little time for administrators to secure their networks.

I've observed that today's attacks are not only becoming more frequent, they are also becoming more complex, including polymorphic viruses, mass mailers, denial of service (DoS), and blended threats. Moreover, as enterprises continue to adopt new technologies (such as wireless and peer-to-peer networks, instant messaging, and broadband, to name just a few) and conduct more and more critical business functions online, they offer even more targets to attackers.

In such an environment, where attacks are becoming more frequent and more sophisticated, what steps can enterprises take to ensure business continuity? Increasingly, these organizations are considering implementing an early warning system.

Scanning the globe

An early warning system enables an organization to protect itself against approaching threats before they can affect operations. In cases where attacks are already under way, an early warning system can then provide a mitigation strategy.

At the physical level, an early warning system relies on a worldwide network of firewall and intrusion-detection systems -- maintained by thousands of data partners -- to aggregate and correlate attack data.

An early warning system can also look at events targeting a specific vertical industry. This information helps targeted industries better prepare for and prevent possible attacks.