In-Depth
Security Managers Fear Next Generation of Attacks Says Survey
NetScreen survey also reports a widespread belief that current security set-ups are inadequate to defend against these threats
When it comes to security, security managers no longer simply fear inappropriate network access. More and more, they’re worried about so-called application-level attacks, including Trojan code and worms sneaking into the enterprise, database assaults, and exploits of known software vulnerabilities.
In fact, 63 percent of security managers most fear Trojans/worms, followed by e-mail and Web attacks, database attacks, then exploits of known vulnerabilities. These results come from independent researcher Vanson Bourne Ltd., which surveyed over 1300 IT managers worldwide in various industries for a study sponsored by NetScreen.
While fear of application-level attack isn’t surprising, its prominence in survey results does signify a shift in thinking by frontline security managers. “This is a stark contrast to years past when network and security managers mostly worried about controlling access and preventing network-level attacks, such as IP spoofing and port/network scans,” notes Mark Bouchard, a META Group analyst.
The problem is that instead of getting the Web port pinged, IT managers have to defend against any application having flaws only someone else might know about, as well as malicious code (think ActiveX or JavaScript) that could sneak Trojan code into the enterprise via Web browsers. That’s just for starters.
“The results of this survey confirm that businesses are becoming more and more aware of the increasing volume and complexity of threats to their networks,” says David Flynn, vice president of marketing at NetScreen. The company makes a deep-packet inspection firewall that competes against products from such companies as Cisco and Check Point, say experts.
Deep-packet inspection means the firewall is able to look inside and across packets to check packet content against known attacks, using signature matching, or for suspicious behavior, via heuristics—both techniques not unknown to any anti-virus user.
Companies will increasingly need such defensive technology, says Bouchard. Today, while “network-layer security mechanisms dominate current deployments,” he says, “[they] are proving inadequate in the face of more frequent application-level attacks. This condition requires that vendors and users alike increase their focus on application-oriented security controls.”
Managers feel the pain. According to the survey, only 12 percent of respondents are “extremely confident” their current set-up can defend against application-level attacks. The number-one fault of existing set-ups was identified as a lack of “depth of protection,” followed by it being difficult to manage.
That overload, of course, is also an issue; how to cope to multifarious modes of attack?
To simplify their organization’s approach, 55 percent of security managers signaled they’re “more likely than not” to seek out an integrated security platform, versus multiple standalone pieces; a majority of respondents think that would be easier to manage. The ideal integrated security management software, say respondents, is a combination of anti-virus, firewall, intrusion detection and prevention, and virtual private networking.
About the Author
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.