Computer Vulnerability-to-Worm Cycle Compressing Dramatically; New Research from Foundstone Shows Vulnerability Exploitation Down to 10 Days.Business Editors/High-Tech Writers MISSION VIEJO Mission Vi·e·jo A community of southern California southeast of Irvine. It is mainly residential. Population: 96,300. , Calif.--(BUSINESS WIRE)--May 18, 2004 Foundstone Inc., experts in strategic security, today published an analysis of computer worm A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. history revealing a potentially dangerous trend. The vulnerability-to-worm cycle has compressed from 288 days in 1999 to just 10 days in 2004, putting organizations and consumers at higher risk for attack. Foundstone's analysis centers on high profile worms released between 1999 and 2004, including: Melissa, Sadmind, Sonic, Bugbear, Code Red, Nimda, Spida, MS SQL See Microsoft SQL Server and mSQL. Slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process , Slapper, Blaster, Witty and Sasser. Worms that took advantage of user interaction (e.g. executing attachments) and remotely controlled "bots bots maggots of flies which infest animals, especially horses and sheep. The term bot is also loosely used to include the invasive maggots such as those of Cuterebra and Wohlfahrtia spp. horse bots see gasterophilus. " were reviewed, but not included in the trend report in order to focus on completely automated threats. "This trend is alarming as it demonstrates what we have sensed for years, that the cycle from vulnerability to worm is shortening dramatically -- putting increasing pressure on IT departments to remediate vulnerabilities faster than ever," said Stuart McClure, president and chief technology officer for Foundstone and author of the worm research. "The window within which the good guys have to work is closing fast." "IT security is a chess game in which cyberattackers have the white pieces and thus move first," commented John Pescatore, analyst for Gartner. "Organizations can control the middle of the chessboard by implementing vulnerability management and intrusion prevention See IPS and IDS. approaches to prevent and respond quickly to attacks." "In today's world, it's nearly impossible to protect your enterprise's digital assets without a vulnerability management system," said Dave Cole, vice president of product management for Foundstone. "Foundstone Enterprise customers benefit from early warning of breaking threats, enabling a timely, effective response for even today's rapid turn-around worms. In addition, if the security of a customer is ever compromised for any reason, Foundstone Enterprise gives them the ability to quickly assess which machines on the network have been affected." Foundstone's Enterprise Risk Solutions(TM) software helps organizations comprehensively discover, inventory, prioritize, and remediate all assets on a global network. The suite provides exceptionally accurate, high-speed vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. of all network assets, intuitive reports and metrics, and a tightly integrated threat correlation module which correlates critical threats with prioritized assets so security and network operations can focus on the assets that matter the most. About Foundstone Foundstone(R) Inc., experts in strategic security, offers a unique combination of software, services, and education to help organizations continuously and measurably protect the most important assets from the most critical threats. Through a strategic approach to security, Foundstone identifies and implements the right balance of technology, people, and process to manage digital risk and leverage security investments more effectively. The company has one of the most dominant security talent pools ever assembled, and has authored 20 books, including the best-seller "Hacking Exposed." Foundstone customers include six of the top 11 Fortune companies and many U.S. government agencies. The company has headquarters in Orange County, Calif., and has offices in San Antonio San Antonio (săn ăntō`nēō, əntōn`), city (1990 pop. 935,933), seat of Bexar co., S central Tex., at the source of the San Antonio River; inc. 1837. , New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of , Washington, and Singapore. For more information about Foundstone, visit www.foundstone.com, or call 877-91-FOUND within the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , and 949-297-5600 outside the United States. Note to Editors: Foundstone is a trademark of Foundstone Inc. All other companies, brand names or products are trademarks or registered trademarks of their respective companies. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion