A new white paper aimed at helping firms combat cyber threats has put focus on the need to depend on "reputation" to assess such threats and risks.
Fortinet's white paper titled 'Detecting What's Flying Under the Radar: The Importance of Client Reputation in Defending Against Advanced Threats' focuses on the importance of determining the reputation of "clients", and encourages firms to tailor their corporate security policy based on this client reputation.
Fortinet, which specialises in high-performance network security, said its FortiOS 5 operating system features this patent-pending client reputation capability which can identify what types of behaviour can be seen as signs of threat.
The white paper warns of advanced persistent threats (APTs), which are actually viruses that remain dormant until an attack is released. Unfortunately, this type of virus works slowly and some security experts might not read this virus as an attack.
Aside from this type of behaviour, Fortinet also identified in the white paper other behaviours that may look dubious enough to be considered as a threat. These behaviours may include:
- a series of bad IP connect to indicate a malware;
- a host that installs peer-to-peer application. Fortinet said installing a P2P application is riskier than installing a game.
- visits to host in certain countries. In this case, Fortinet advises firms to come up with a list containing countries from which they are expecting Internet traffic.
- when a host tries to initiate a connection but does not proceed; and
- Internet traffic to adult sites, including gambling sites, may also be a sign of a threat.
"Identifying risky user and application behaviour represents the next step in protection against advanced persistent threats. Signature-based protection is no longer enough. It's important to build a complete, evolving and up-to-date picture of the behaviour of network clients," said George Chang, regional vice president, Southeast Asia & Hong Kong, Fortinet. "Client reputation and scoring is an essential component in ordering and understanding the enormous amount of security information available within organisations, and applying it to a dynamic, targeted security response."
Fortinet said its latest OS allows network administrators to set scoring and alerts based on some thresholds and certain behaviours.
Sign up for Computerworld eNewsletters.