More than 90 percent of businesses use firewalls and anti-virus solutions, according to a recent Check Point survey of more than 220 IT security professionals.
Check Point Software Technologies Regional Director, South Asia, John Ong said, however, as companies combat traditional security threats, they also face a new generation of threat vectors with the proliferation of Web 2.0 applications, mobile computing and custom attacks that are dramatically increasing security complexity for enterprises.
Ong said the industry is seeing a broader range of companies realising that security must be a more strategic part of their overall IT infrastructure than ever before and that protection must be applied with a layered approach. This enables them to proactively prevent threats from penetrating their network in the first place, versus applying protection like a band-aid.
Based on research and feedback from customers, Check Point projects businesses will see a few interesting shifts in the industry. John Ong explained them to Computerworld Singapore (below).
1 Rich media and Web 2.0 Applications Spur More Drive-by Downloads, Blended Attacks and Stealth
For businesses facing a rise in the emergence and volume of new Internet threats, 2010 was no exception. Malware, phishing attacks, Trojans and key-loggers are still common and proliferate on Internet applications. However, the emergence of more rich-media capabilities in Web 2.0 applications and mobile devices will increase the number of drive-by-downloads, as well as a combination of sophisticate, blended attacks. For example, embedded videos and links in social networking pages are becoming popular spots for hackers to embed malware. The more employees use rich media and Web 2.0 applications in the enterprise, the greater the chance of unknowingly exposing the enterprise to an attack without the right protections in place.
2 Spike in Businesses Migrating to Windows 7 and Security Evaluation
Today, Windows 7 migration is more common among small-to-medium sized businesses. However, according to Check Point’s survey, seven percent of organisations have already made the leap and another 54 percent plan to migrate in the next two years. In addition, organisations are using an average of nine different vendors to secure their organisation’s infrastructure from the network to the endpoint, creating difficulties in security management, loss in productivity and potential holes in between point products. Businesses may find the Windows 7 migration is an opportune time to look at the number of security vendors being used and decide to consolidate endpoint security solutions. Because Windows 7 is a clean slate for the OS, it can be a clean slate for the security technology as well.
3 Leveraging Virtualisation as a Security Defence
In the early stages, virtualisation was mainly used to consolidate servers and IT resources for cost, space and energy savings purposes, yet has found many more uses and applications since. Businesses are beginning to leverage virtualisation technologies as an additional layer of security defence. With Check Point Abra or WebCheck, for example, organizations can protect their network and endpoints with unique browser virtualisation technology that segregates and secures corporate data from the Internet—allowing users the freedom to surf with full protection against drive-by-downloads, phishing attempts and malware.
4 The Surge in Mobile Workers and Consumerisation of IT
Mobile computing is no longer a trend but a way of life for most businesses. About 54 percent of organisations surveyed are anticipating the number of remote users will increase in 2011. In part, this is driven by employees demanding remote access to business applications, data and resources—connecting from both corporate and personally-owned devices. The majority of organisations are also concerned that growth in remote users will result in exposure to sensitive data—among other security threats including unauthorised network access and user management complexity.
In 2011, attackers will identify new ways to obtain data from mobile devices, encouraging enterprises to adopt new solutions that give employees secure mobile access to the corporate network, and that work across a range of mobile devices running on Apple, Android, Symbian and Windows PC platforms.
5 Data Loss Incidents Encourage Businesses to Implement a Layered Approach to Security
As seen by the leak of hundreds of thousands of sensitive US documents to WikiLeaks, an international media non-profit organisation, enterprises need to do more to protect their sensitive data. The recent WikiLeaks incident is yet another reminder to businesses that a layered and holistic approach to security is important in order to move data loss from detection to prevention.
In 2011, businesses will explore methods of protecting all layers, including data-at-rest, data-in-motion, and data-in-use.
Check Point’s data security strategy focuses on securing data throughout its lifecycle: Check Point Virtual Private Networking (VPN) turns any network into a secure and encrypted communication channel; Check Point Full Disk Encryption prevents data loss due to lost or stolen devices; Check Point’s Data Loss Prevention solutions prevent sensitive data from being leaked out of the organisation; and, document security adds a fourth layer of protection throughout the data lifecycle. Document security can provide IT administrators (or end-users) granular control over who can view, open, send or even print confidential information—in order to prevent the misuse, modification, loss or theft of sensitive information.
Sign up for Computerworld eNewsletters.