||Add To My Personal Library
September 28, 2007
Vol.29 Issue 39|
Page(s) 12 in print issue
Antivirus & Security Issues
So What’s The Big Deal About A Little Malware?
Its a story thats been told time and time again, but for good reason, antivirus and security issues are still being preached to the IT masses. Believe it or not, you still hear grumblings of small to midsized enterprises that get hit hard because their end points have no active or installed antivirus or security programs. And there are still end points out there with active viruses that havent been dealt with yet. Chris Simmons, director of product strategy at Fortinet (www.fortinet.com), says SMEs are subject to the same network-level threats and content-level threats as larger enterprises.
A Threat Is A Threat
Simmons says although SMEs are equally threatened, they usually have much more limited IT staff to deal with security incidents. He says as a result, a security incident involving an endpoint system usually impacts this segment of businesses greater than larger organizations. He notes, The effects of a security incident involving endpoint systems vary greatly and can range from simple loss of productivity due to the inability to use the machine to much greater consequences, such as loss of business-critical data or loss of customer personal information.
Randy Abrams, director of technical education at ESET (www.eset.com), says the term used for end points with no security programs on them is owned. He comments, Depending on the function of the device, it can be used to relay spam, host illegal content, and participate in denial-of-service attacks against the owner or other businesses. When a threat is not detected by AV [antivirus], a company that practices defense in-depth is in a far better position to discover problems, contain them, and mitigate damage. Abrams says the impact to SMEs is almost identical to the impact to large corporations, with the exception of the PR budget they have available to spend on damage control.
In Simmons opinion, the botnet trend that has been observed during the past couple of years continues to escalate, with any infected end point being viewed as an asset in an attackers arsenal. More often than not, he says, smaller organizations have less security systems in place and are less prepared to deal with the impact of a security incident.
Apparently, the threat isnt going away anytime soon. Abrams says the threats to SMEs include malicious software, unauthorized access (both physical and digital), and inside espionage. He says malicious software is used for purposes including the extraction of proprietary information for competitive advantage, the use of company computers to host illegal content (such as child porn or stolen credit card information), attacks against other companies and Web sites, identity theft from employees, and to gain access to corporate networks.
Abrams provides a real example of a security issue. A keystroke logger was installed on a companys computer. The computer was used to accept credit card payments. Each customer that made a payment provided enough credit card information for a thief to make purchases with those credit cards. The same infected computer immediately contacted the payment processing center, and the keylogger logged the companys payment processing account number, username, and password, giving the attacker access to that account, as well.
So who in the data center needs to be concerned? According to Simmons, email administrators, file server administrators, network operators, and virtually any administrator who is responsible for a critical business system. He says most threats arrive today through the Web or email, but from that point and beyond, the threat can impact the entire organizations IT infrastructure. Abrams agrees and says, It really needs to be everybody. The specific person who is responsible for decisions will depend upon the IT structure and individual competencies, but if you do not have a culture of security in your data center, then your company is at significantly more risk.
To do their part, Abrams says SMEs need to practice defense in-depth. He says policies surrounding the use of company resources are the starting point. He continues, Security hardware and software provides additional levels of defense. Intrusion prevention and detection are also good to have on the front line. Auditing is another necessity, as well. While antivirus software is a critical component, it cannot do the job alone. And dont assume that because you configured your systems, they will stay properly configured; its important to periodically verify configuration.
In Simmons opinion, any organization that relies on IT systems for businessoperations should have multithreat security systems in place at the networkperimeter, within the core data center, and also at the end point to best defend against threats. In addition to this, Simmons says the organization should have a security incidence response plan in place to react to anything that manages to find its way through the current security infrastructure.
Help Is On The Way
Simmons says Fortinet offers multithreat security solutions that protect networks at every stage. The companys FortiGate Multi-Threat Security Systems, for example, act at the network level to effectively defend the infrastructure from both network-level and content-level threats. Fortinets FortiClient End Point Security resides on end-user devices, including desktops and mobile devices such as smartphones, and helps protect single systems from attack.
Abrams says ESET was founded in 1992 and has been providing anti-malware software ever since. He adds, NOD32 detects and blocks viruses, worms, bots, keyloggers, spyware, adware, and other threats. NOD32 augments traditional signatures with advanced heuristics to provide the best proactive protection against unknown threats for which signatures do not exist. He says the product is enterprise-ready (as evidenced by the Ontario Ministry of Educations selection of NOD32 for 300,000 PCs). With versions for Windows, Linux, BSD, Novell, Lotus, and Exchange, NOD32 supports a variety of diverse environments.
According to Abrams, hackers can and will break into networks for malicious reasons. In some cases, he says information is used to extort a victimized company. He says sometimes insiders are often able to do the most damage, abusing legitimate access to proprietary information outside of the confines of the corporate network. He concludes, Education will help prevent people from inadvertently putting their own companies at risk.
by Chris A. MacKinnon
Tips For Combating Antivirus & Security Issues |
Consider both network-level (vulnerability exploits) and content-level (malware) threats when choosing the most effective security system for your network.
Implement a multilayered security system, one that acts at the perimeter, core/data center, and end point.
Have a plan. Develop a security incident response plan that will minimize the effect of a security breach if security devices fail to mitigate the threat completely.
The best tools are of little use in the hands of an unskilled user. Even if it is only 15 minutes each week, ongoing security education for all users is essential.
If an antivirus product screams and theres nobody there to hear it, is there a virus? Do you know if your intrusion prevention system is screaming? Proactive protection is the only serious approach to security.