Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

OPINION: Raising the security bar

Ray Bryant | June 24, 2011
In today's fast-changing world of security threats, the need to raise the security bar - by enhancing an IT platform's ability to detect and prevent malicious code from `breaking through' the network perimeter - has never been greater. But how do you tackle the process in a modern IT department? Idappcom's CEO Ray Bryant provides some thoughts ….

In November 1988, the world of computing was changed forever with the world's first worm - the Morris worm - which disrupted around 10 per cent of computers hooked up to the Internet resources of the day.

Fast forward more than two decades to the present day and we have a malware landscape that has altered immeasurably. Arguably more has happened in the last couple of years than in those 20 years, with Web 2.0 security threats, social networking attacks and all manner of attack vectors becoming an everyday occurrence.

Against this backdrop there is a clear and present need to defend an organisation's IT platform as never before. And this can only be achieved by raising the security bar.

Although the task may appear to be daunting at first sight, by breaking the enhancement process down into a series of stages, the task can be made a lot more manageable for the IT department.

Virtually all network traffic these days is TCP/IP-based, and, as a result, conventional threat signature analysis can identify a significant proportion of malware, phishing attacks and even the latest evasion techniques and hybridised attack vectors.

By hybridise, we mean that a cyber criminal is using more than one attack methodology to achieve their aim. They may, for example, use a highly attractive information feed, offers or video files to persuade users to 'click through' and infect themselves.

No perfect, secure structure

All of these advanced attacking e-mails and program code, however, always have some nefarious purpose at their heart, to bring down systems or to steal money, access to money or information, even extract money through threat to bring down systems.

There is no such thing as a perfect, secure structure; however, what can be done is to ensure that each stage of 'inspection' is working at its optimum level of protection possible. Traffic entering the network has to be passed through firewalls as well as intrusion protection and detection devices. Data entering the desktop has to be checked on the desktop to prevent malicious code being launched by the user. Patch management is essential to ensure weaknesses in applications cannot be exploited and vulnerability scans have their place to identify weaknesses in what can be vast networks of thousands of desktops.

Virus signatures on desktop anti-virus applications build on the static digital signature analysis of anti-virus applications seen in the late 1980s and 1990s.  The updates to these signatures are now a daily occurrence, even hourly. Advances in these applications including behavioural and heuristic techniques have been necessary to counter the ever increasing variations in delivery method of malicious code. Ensuring all desktops and mobile devices are updated with new software and signature releases is a necessary habit that IT has to instill.

 

1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.