Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security industry faces attacks it cannot stop

Robert McMillan | March 12, 2010
Tests find that most AV is still not blocking Aurora exploit

Paul Roberts, an analyst with industry research firm the 451 Group, put it more strongly: "Enterprises are very dissatisfied with the level of protection they're getting from their end-point antimalware suites," he said. While antivirus companies are experimenting with ways to block programs based on an analysis of different factors, such as the file's behavior, its age, origin and how widely it is being used, these features are often turned off because they end up blocking legitimate programs, Roberts said.

Many security experts now agree that patches, up-to-date antivirus, plus intrusion detection systems are not enough to protect companies from the worst of today's cyberthreats.

"The security industry's going to have to think about selling solutions that actually work with this type of environment," Isec's Stamos said. "Basically nothing that people have bought over the last 16 years is going to help them stop a single guy sitting at a computer who is a Windows shellcode person targeting one person, and spending months to break into that computer." Shellcode is the initial payload program hackers use to install further programs, once they have hacked into a system.

But that message hasn't quite sunk in everywhere in the corporate world, said Paul Melson, information security manager with Priority Health, in Grand Rapids, Michigan. "A lot of companies have either turned their security teams into compliance teams or are still fighting the same fight they were fighting six or seven years ago."

The antivirus vendors argue that their products still serve a purpose, and indeed, nobody in the corporate world is turning them off.

Antivirus blocks "the vast majority" of all attacks that McAfee tracks every day, said Dave Marcus a McAfee director of security research. Antivirus vendors are developing new systems -- white-listing products and cloud-based security offerings such as McAfee's Artemis -- to keep pace with rapidly changing threats. But ultimately, enterprises must also develop ways of responding to new threats and intrusions. "When you've got the determined attacker who can profile their victim, they have a high level of succeeding," he said.

Advanced attacks such as APT scare Jason Stead the most. Stead is the Phoenix-based manager of information security with Choice Hotels. His industry has come under targeted attacks over the past few years as hackers have broken into point-of-sale systems in many different hotels. They often succeed by discovering one vulnerability and replaying the attack on hotel after hotel. In the hotel business, one data breach at a franchisee can cause serious damage to a company's brand.

That means that the integrity of a company's brand can depend on people who simply don't have the resources to stop determined attackers. "Your franchisees are traditionally mom-and-pop shops," Stead said. "They don't have the technology experience to protect themselves."


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.