One thing is becoming unmistakably clear: Time is no longer on our side. As an indication of just how much the environment has changed, consider that the far-reaching Nimda and Slammer worms had vulnerability threat windows of many months, leaving plenty of time for the vendor of the vulnerable software to create a patch and warn the public, reducing potential threat damage. A study conducted by Qualys and released in July, that correlated nearly 1.5 million scans over the course of a year and a half found that 80 percent of exploits are released within 60 days of a vulnerability's announcement. Security specialists often speak of the "vulnerability threat window," or the time between the discovery of a vulnerability and an exploit of that vulnerability by a specific threat. Blaster, as we have seen, arrived just weeks after Microsoft announced the RPC DCOM vulnerability, leaving little time for administrators to secure their networks.
I've observed that today's attacks are not only becoming more frequent, they are also becoming more complex, including polymorphic viruses, mass mailers, denial of service (DoS), and blended threats. Moreover, as enterprises continue to adopt new technologies (such as wireless and peer-to-peer networks, instant messaging, and broadband, to name just a few) and conduct more and more critical business functions online, they offer even more targets to attackers.
In such an environment, where attacks are becoming more frequent and more sophisticated, what steps can enterprises take to ensure business continuity? Increasingly, these organizations are considering implementing an early warning system.
Scanning the globe
An early warning system enables an organization to protect itself against approaching threats before they can affect operations. In cases where attacks are already under way, an early warning system can then provide a mitigation strategy.
At the physical level, an early warning system relies on a worldwide network of firewall and intrusion-detection systems -- maintained by thousands of data partners -- to aggregate and correlate attack data.
An early warning system can also look at events targeting a specific vertical industry. This information helps targeted industries better prepare for and prevent possible attacks.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.