Emerging Threats and Solutions

By John Thompson  |  Posted 2004-04-08 Print this article Print

As the threat landscape continues to evolve, more sophisticated threats will move at even faster speeds. For example, "Warhol threats" will likely emerge with the ability to spread across the Internet and infect all vulnerable servers in less than 15 minutes. Beyond that, "flash threats" are predicted to spread across the Internet in less than 30 seconds.

The time between the discovery of a vulnerability and the release of an exploit will also continue to shrink, introducing "day-zero threats." This type of threat exploits a previously unknown and therefore unprotected vulnerability, increasing the likelihood that a vulnerability and its exploit will appear on the same day.

These threats are fundamentally unstoppable by some of todays reactive security solutions. Future technology investments should focus on proactive security solutions that can detect and block new attacks on the fly at the host, network, and application layers. Emerging technologies such as host-based intrusion prevention, generic exploit blocking, and protocol anomaly protection promise more proactive protection against these new threats.

Host-based intrusion prevention, or behavior blocking, monitors programs on a server observing how they work and interact with the rest of the computer; when a program attempts malicious behaviors, it is stopped before it can cause damage.

Generic exploit blocking enables organizations to roll out fingerprints to secure critical vulnerabilities the moment they are announced. Once that fingerprint is deployed, the generic exploit blocking system prevents likely future attacks against the vulnerability, obviating the need for a rush to patch during the critical attack window.

Protocol anomaly protection running at the network layer and on the host can help stop day-zero threats. Just as sunglasses allow the good light in and keep harmful UV rays out, this technology allows legitimate network traffic through while blocking traffic that does not meet the criteria of the organizations security policies.

Check out eWEEK.coms Enterprise Applications Center at http://enterpriseapps.eweek.com for the latest news, reviews, analysis and opinion about productivity and business solutions.
Be sure to add our eWEEK.com enterprise applications news feed to your RSS newsreader or My Yahoo page:   Another new frontier for security solutions is the application level. Databases hold the most critical information in an organization -- credit card numbers, financial information, and health records - and a single compromise can devastate a business. Moving forward, it will be critical to deploy security solutions tailored to specific, high-value business applications. By integrating directly with each business application security solutions can achieve the level of visibility and control required to effectively protect these systems.

Next page: Protecting the Future


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel