That SQL Slammer was global in three minutes proves the increased speed of cyber attacks. That speed and greater exposures through wireless architectures and Web services applications are rendering companies more vulnerable. The cost of that vulnerability is just a guess as only an estimated 10 or 15 per cent of companies report their downtime. Research firm Computer Economics of Carlsbad, Calif., reportedly conjectures that the worldwide impact of malicious code is lower than the year 2000 high to date, but still over US$12 billion.
Malicious activity against Windows will increase and extend to Linux and Solaris, according to Parveen Jain, president of Network Associates’ McAfee Network Security Technologies Group. Jain was in Toronto recently to promote preventive measures against cyber attacks via Network Associates’ end node security strategy. He argued that being told “someone stabbed you yesterday” is less effective intelligence than “three stabbers came after you and they were stopped.”
Jain repeated the oft-heard complaint that effective patch management is resource intensive and too slow to keep pace with vulnerabilities. In 2003, Microsoft alone identified over 40 new vulnerabilities to systems and/or network structure and could not keep to their plan of having December a patch-free month.
With the brief time between an identified vulnerability and its exploitation, companies don’t have days or weeks to test the patch to make sure all applications won’t be adversely affected. Also, with the speed of attacks, a firewall rule change or anti-virus update can be too late.
Jain stressed that intrusion prevention provides proactive security to detect and block attacks before reaching targets, protects against known and unknown attacks, and complements today’s reactive solutions such as firewall, anti-virus and intrusion detection systems. He said that intrusion prevention provides a safety net to give IT managers adequate time to patch end systems while managing exposure.
He cited other advantages of shifting from detection only to prevention as including less business disruption, reduced clean up cost, less security staff time spent on event analysis as information is presented to users in an understandable way, and reduced vendor management costs through consolidation.
Network Associates’ solution is McAfee Systems Protection Solutions which it claims secures end nodes by helping IT and security administrators implement proactive protection across all PCs, servers and users connecting to the corporate network. The solutions portfolio includes McAfee anti-virus, McAfee ThreatScan, Entercept, SpamKiller and the Magic Service Desk family of products for desktop and server systems.
Other security product vendors claiming to take proactive approaches include Global Hauri with its ViRobot antivirus product and Internet Security Systems (ISS) with its composite network and gateway protection product called Proventia.