New Solutions to New
Threats"> New Solutions Many of todays security solutions are geared towards the detection of "known" attacksattacks which researchers have previously analyzed. Furthermore, these systems often focus on detecting such attacks, but are less capable of mitigation and prevention. While reactive approaches like fingerprinting will never go away, proactive systems that provide first-strike protection offer hope against all categories of Internet-based threats. The idea behind the first-strike approach is to detect and prevent malicious code before it ever reaches the lab for analysis. We expect to see new proactive technologies emerge in the coming years, including behavior blocking, anomaly detection and new forms of heuristics. These systems will be crucial for protecting against fast-spreading threats such as the Warhol and Flash worms described above.
Several years ago, security administrators could reasonably protect their networks from intrusion by installing a single firewall at their Internet connection. Then I Love You and Melissa were unleashed on the world, causing admins to rethink the traditional approach.Today, consumers are more vulnerable than ever and corporate networks have become increasingly complex -- supporting business communication with customers, suppliers, partners and remote employees. According to an FBI/CSI survey, 90 percent of respondentsprimarily enterprises and government agenciesdetected security breaches in the last 12 months. So the question today is no longer if an organization will experience a security incident, but when they will experience such an incident. In the wake of threats like Nimda, Klez and most recently, Slammer, and as networks extend their boundaries into the outside world, security solutions must adapt and keep pace. Deploying isolated tactical security products will not solve the complex security issues facing tomorrows Internet community. Going forward, organizations must employ a more holistic strategyone that incorporates the core objectives of a comprehensive security environment. Of primary importance will be the ability to see a comprehensive view of the organizations exposure and vulnerability to potential and actual risks, along with an early warning and alerting system. In addition, the infrastructure needs integrated security solutions to provide protection at all tiers, including the gateway, server and client. To maintain continuous service and keep the business running -- organizations will need response frameworks that incorporate both technology and hands-on expertise to address security threats as they develop. Finally, organizations will have to bring their alerting, protection and response systems together under a central, open security management system to ensure both reactive and proactive protection . Robert Clyde serves as vice president and chief technology officer at Symantec Corporation. With more than 25 years of information security experience, Clyde is a recognized industry authority, serving on the board of the IT industrys Information Sharing and Analysis Center (IT-ISAC). He can be reached at firstname.lastname@example.org.
Managing the Seemingly Unmanageable
Several years ago, security administrators could reasonably protect their networks from intrusion by installing a single firewall at their Internet connection. Then I Love You and Melissa were unleashed on the world, causing admins to rethink the traditional approach.