We’re not even through the first calendar month of 2003, and already end-users have had to stave off computer threats such as a DHCP multiple buffer overflow vulnerability, the Sobig worm, the Lirva worm and remnants of the Yaha virus. Blended and longer lifespan malicious code attacks are expected to run rampant in the New Year, but they are far from the only dangers angling to make life miserable for security administrators.
According to security experts, the rash of forecasted software and product vulnerabilities will force customers to acquire workflow and remediation tools for their OS and networks. In addition, integration and security event management's role within an existing security infrastructure will help define realistic business and ROSI (return on security investment) expectations against inflated security hype and vendor non-accountability, said security analyst Pete Lindstrom, of the Spire Group in Malvern, Pennsylvania.
"People are going to start realising 2003 is a year that security folks get their act together and ducks in line and understand that individual point products just don't cut it from a security architecture perspective and we'll need to start evaluating and justifying security products without slipping into hype mode," said Lindstrom.
For instance, Lindstrom said that Homeland Security initiatives have led cyber-terrorism awareness to skyrocket as a focal point when organisations should be more concerned with the machinations of a 'basic thief trying to break into a virtual bank' or corporate network.
IT research firm Aberdeen Group predicts that security incidents and financial losses due to identity theft will significantly rise in 2003. Among Boston-based Aberdeen's other top-ten predictions for security and privacy include: 'old-guard' security technologies that will fade into obscurity; new government programs that will fail; and a security tech-spending rush fueled by automation and pragmatism.
Led by a new breed of suppliers such as Patchlink, Big Fix, St. Bernard Software, Citadel Security Software, Harris, and Shavlik Technologies, to name just a few, the necessity of automated vulnerability remediation is gaining steam, notes Eric Hemmendinger, research director, information security for Aberdeen.
The security analyst said customers do not want to be at the mercy of existing holes which linger while they have the capability to prevent damage or liability that could occur. Therefore, solutions that detect, prioritise, assess, remediate, and track vulnerabilities should be present within an infrastructure to stay one step ahead.
"If you can't eliminate vulnerabilities in terms of what causes them — what can you do to remediate them?" asked Hemmendinger. "You really have to start looking at solutions that focus on remediation rather than waiting for any OS provider to fix the problem."
Having the appropriate security product in place, however, does not necessarily result in a successful defence position or plan of action against an incoming computer assault if tuning, monitoring, maintenance and response procedures are not in place.
According to a report released in early January by Stanford, Connecticut-based META Group, for instance, organisations running IDS (intrusion detection system) products as a technical solution encounter difficulty with the 'operational aspects of a process-intensive solution.' The report notes these obstacles can range from inability to compensate for false positive overloads to inadequate break-ins or threat reactions.