This chapter is from the book
This chapter is from the book
This chapter is from the book
Business Issues
IT staff are faced with increasing pressures to comply with regulations, increase the mobility of their workforce, provide access to the extended workforce, and increase the breadth of their value and supply chains, as well as prevent the latest Internet attacks from wreaking havoc on the infrastructure. At the same time, they must maintain service-level agreements, keep executives out of jail, and keep hackers from preying on end users utilizing the network.
Many companies today live with a false sense of security. They believe that perimeter security alone is sufficient to keep unwanted intruders from the spread of security risks and threats. To the contrary, it is too easy for these to enter a company network and never touch perimeter security. For example, imagine that a mobile user takes a laptop to work at home. While at home, the user connects to a local ISP and accesses infected Web sites or downloads personal email with infected attachments. The user then reconnects to the corporate network the next day and launches an infected attachment from a local email download. Another example is the remote user who uses a VPN to access corporate resources. The remote user accesses a local ISP before initiating the VPN client. It is very easy for the user to access an infected Web site or download infected personal email. When a VPN tunnel is established, the client is essentially behind the corporate perimeter. The threat infestation can be sitting in memory and immediately take advantage of open file shares and Web server vulnerabilities to spread its payload.
To stay protected from the increasing number of methods and techniques that security risks and threats are utilizing, it is apparent that a "defense-in-depth" approach is required, creating multiple layers of protection around your computers and valuable data. Such an exhaustive approach is required because there are new and innovative types of security risks and threats, some of them using multiple methods and techniques to propagate themselves. It is now necessary to protect all endpoints with comprehensive security that prevents intrusions from either entering or spreading from client machines. Providing this level of protection on the client requires three crucial technologies:
Antivirus software, to protect against known security risks and threats
A client firewall, to block suspicious incoming and outgoing network traffic
Intrusion detection and prevention, to identify and block known and unknown Internet intrusions such as those that are used in Denial-of- Service attacks (DoS)
Symantec documented more than 1,400 new vulnerabilities between July and December 2004. In addition to all the new vulnerabilities appearing, significant risks are still posed by old attacks. In the same 6 month period, the most common attack is one that emerged in January 2003, the Microsoft SQL Server Overflow Attack. This was used by 22% of all attackers. This highlights the need for an integrated approach to blended threats: inspect traffic before it gets on the computer.
Symantec Client Security plays a critical role in allowing customers to adopt this holistic and proactive security paradigm. Symantec has long tracked the evolution of security threats and has prominently exposed the rise in sheer number of threats. What is also evolving is the nature and type of threats. Today we see network-based threats that are designed to take advantage of widespread vulnerabilities, to compromise as many computers as possible in the least amount of time.
Targeted attacks, phishing, and spyware have become the spam of 2004. These attacks use multiple attack vectors that exploit unannounced vulnerabilities, phishing attacks, and insider threats. These attacks are motivated by extortions, information theft, and organized crime. Payloads are for the purpose of theft, data export, and destruction. Social engineering will continue to illustrate the ongoing need for end-user education.