Protecting enterprise systems: Webroot Inc.Since the very beginning of commerce, business large and small have needed to secure and protect their assets. For many years, a safe inside strong walls with a locked door, or perhaps a fence and a vicious dog, were all perfectly adequate solutions. Of course, with the advent of computer technology the world has changed significantly in recent decades. Today, the vast majority of intellectual property, customer information and trade secrets are created and stored in the form of 1 s and 0s--making data security a top priority for every company. Loss of physical assets such as laptops and storage media that can contain highly sensitive Adj. 1. highly sensitive - readily affected by various agents; "a highly sensitive explosive is easily exploded by a shock"; "a sensitive colloid is readily coagulated" and valuable data, as well as intentional criminal or malicious activities from within the organization caused by a disgruntled dis·grun·tle tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles To make discontented. [dis- + gruntle, to grumble (from Middle English gruntelen; see employee, remain significant risks to data security that need to be addressed in a company's approach to protecting information assets. Additionally, with the arrival of the Internet the number of external people who can potentially make their way "inside the company's walls" has multiplied exponentially. Online perpetrators are well-paid to extract information such as social security numbers, credit card numbers, bank account numbers, user names and passwords from company files. Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. deals specifically with risks that arise from network connectivity to the world, including spyware, viruses, Trojan horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.
These economically motivated efforts to infiltrate infiltrate /in·fil·trate/ (in-fil´trat) 1. to penetrate the interstices of a tissue or substance. 2. the material or solution so deposited. in·fil·trate v. 1. a company's network present significant costs and liabilities. In addition to the risk of direct losses, there are also significant impacts to staff productivity. Furthermore, companies are increasingly held accountable by government agencies and shareholders for properly securing the consumer data they retain. Failure to do so can result in legal charges, fines and a damaged reputation. This report explores the most prevalent Internet security threats, their impacts, and what companies need to do to protect their most valuable business assets. Internet Security Threats Impacting Enterprise Systems Companies hold valuable information in the form of customer data, proprietary information and trade secrets in their computers, networks, servers and storage devices. As a consequence, company IT systems are under constant attack driven by the potential for monetary gains. Greed breeds creativity in the methods used to steal enterprise data. This is evidenced by the "wolf in sheep's clothing" approach that ties lower risk threats to critical risk threats, as well as the increasing complexity of the threats invading IT systems. The Threat Food Chain Industry analyst firm IDC's Enterprise Security Survey for 2006 identifies the top five threats to enterprise security as: * Trojans, viruses, worms, and other malicious code * Spyware * Spam * Employees * Application vulnerabilities These categories are closely intertwined. Spam can be the delivery mechanism for spyware, and spyware's primary payload (1) Refers to the "actual data" in a packet or file minus all headers attached for transport and minus all descriptive meta-data. In a network packet, headers are appended to the payload for transport and then discarded at their destination. is often a Trojan horse See Trojan. Trojan Horse hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad] See : Deceit (application, security) Trojan horse , which disguises the real or secondary payload. A Trojan can download multiple pieces of spyware, or contain spyware bots bots maggots of flies which infest animals, especially horses and sheep. The term bot is also loosely used to include the invasive maggots such as those of Cuterebra and Wohlfahrtia spp. horse bots see gasterophilus. (web robots that run automated tasks) used for spam, backdoors, or keyloggers to record user keystrokes. Too often adware and spam have been categorized cat·e·go·rize tr.v. cat·e·go·rized, cat·e·go·riz·ing, cat·e·go·riz·es To put into a category or categories; classify. cat as mere nuisances and not considered truly damaging. That trend is clearly changing. Recently, the New York State Attorney General The New York State Attorney General is the chief legal officer of the State of New York. The office has been in existence in some form since 1626, under the Dutch colonial government of New York. reached a settlement with three well-known online advertisers, Travelocity, Priceline and Cingular Wireless, for promoting products and services on the Internet through deceptively de·cep·tive·ly adv. In a deceptive or deceiving manner; so as to deceive. Usage Note: When deceptively is used to modify an adjective, the meaning is often unclear. installed adware programs. This is just one example of government action based on the view that adware can cause material harm. Beyond the incessant inflow of spam and adware, spyware writers will be relentless in their efforts to penetrate the enterprise because it is their business. They are parasites in the corporate IT environment that survive at the expense of the systems they infiltrate. Successful spyware writers reap significant financial rewards, usually in the form of bank passwords and personal information, such as social security numbers, credit card information, as well as Web site and e-mail usernames and passwords. Beyond individuals chasing these financial gains, there has also been greater involvement from organized crime groups in recent years. While at a cybercrime cybercrime also known as computer crime Any use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. conference in London, Christopher Painter, deputy chief of the computer crimes and intellectual property section of the U.S. Department of Justice, told reporters, "There are still instances of 'long-gunman' hackers but more and more we are seeing organized criminal groups." In an interview with ComputerWorld magazine, Andrew Arena, special agent in charge of the U.S. Federal Bureau of Investigation's criminal division in New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of , stated that cybercrime is the number three overall priority at the FBI (only behind counter-terrorism and counter-intelligence) as it overlaps organized crime, as well as state-sponsored and terrorist organizations. Increasing Complexity of Threats The United Kingdom's Department of Trade and Industry The Department of Trade and Industry was a United Kingdom government department which was disbanded with the announcement of the creation of the Department for Business, Enterprise and Regulatory Reform on 28 June 2007[1]. (DTI Diffusion tensor imaging (DTI) A refinement of magnetic resonance imaging that allows the doctor to measure the flow of water and track the pathways of white matter in the brain. ) commissioned PricewaterhouseCoopers LLP LLP - Lower Layer Protocol to conduct an Information Security Breaches survey in 2006 that found 99 percent of companies are connected to the Internet, and over 80 percent of the large companies surveyed suffered a security incident within the preceding year. Web sites continue to be a leading source for malware infections. The Threat Research Team at Webroot Software Webroot Software is a company that creates computer security software. Webroot's corporate headquarters is located in Boulder, Colorado, and the company was founded in 1997. They currently employ about 300 people worldwide. identified exploits on over 3 million web sites in 2006. An exploit takes advantage of malicious code present on a Web site to force a Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. to install spyware or other malware on a user's machine without his or her knowledge or consent. For years now, spyware and other unwanted programs have often been able to bypass traditional security defenses like firewalls and other perimeter solutions because the malicious programs are disguised as legitimate traffic entering through well-established ports left open on firewalls. Once installed on a system, many spyware applications disguise themselves as trusted programs, allowing them to communicate freely with the Internet over TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. ports that are commonly left unprotected. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a market research study conducted by Webroot Software in January of 2007, over one-third of enterprises surveyed dealt with Trojan horse attacks (39 percent) and almost one-fourth dealt with system monitor attacks (24 percent). Significantly compounding the challenges posed by these programs is how they are programmed to evade detection. Today's spies are more complex and dangerous, infecting machines with more registry entries and files to make removal more difficult. Further complicating removal efforts, many pieces of spyware use watcher processes, which monitor each other so that when removal is attempted the malicious code will be repopulated or new components will be downloaded from the Internet. Most alarming is the continuous trend towards more advanced techniques. Just a couple years ago, rootkits, Trojans, and polymorphic code In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence. (capable of mutating while keeping the original functionality intact) were the most advanced methods being used; these are now becoming common ways to evade detection. Today's spyware programs create permissions to gain network access, alter security settings and modify system properties and preferences. In 2006, there were increasing incidents of even more sinister ways to infiltrate and capture PC data, including what has become referred to as ransomware. In these cases, once installed on the computer, the code encrypts data holding it hostage. Then a ransom to be paid via an online payment service is requested to recover the files. Businesses are often the targets of these types of attacks. The requested amount is generally low enough that many simply pay "the ransom" and do not report the crime to law enforcement so that access to the information can be recovered as quickly as possible. The chart below summarizes how the distribution and infection methods, as well as the removal techniques required, have evolved since 2004.
The Evolution of Threat Complexity
2004 2005 2006
Type * Benign Adware * Malicious * Targeted/Custom
* Randomized Adware Trojans
Hijacks * Trojans * Phishing
Trojans
Distribution * Web sites * BitTorrent * Email
* Peer-to-Peer * Internal
(P2P) Hacking
* Bundles
* Piggybacking
Infection * File Placement * DLL * Modifying
and Naming Injection Executables
* Browser
Helper
Object
(BHO)
Removal * Deleting on Disk * File * Driver-based
* Deleting Registry Neutering Removal
Keys * Correlation * Dynamic
Removal Conditional
Removal
Source: Webroot Software Threat Research Department
Cost Implications for the Enterprise These unrelenting attacks on enterprise networks have significant cost implications. Based on an industry survey conducted by Webroot in January 2007, almost half of the companies had incurred the costs of increased help desk time to repair spyware damage, disrupted business activities and reduced employee productivity. In addition, more than a quarter of the companies stated that confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead had been compromised as a result of spyware. Beyond the direct costs and impacts to employee productivity, failure to adequately protect enterprise IT systems from Internet security threats can also expose the company to legal liabilities. Repairs and Support Based on Webroot's experience with thousands of enterprise customers, a profile of an "average" company's experience with malware issues is described in the table below. Webroot prepared this case study analysis of the repair, support and productivity costs for a company with 14,000 workstations. While these costs will vary from company to company, the multiplying effect of the sheer volume of incidents that enterprise IT departments must remedy remains the same. These direct support and productivity costs are themselves significant, yet they Information Security Breaches The 2006 Information Security Breaches survey issued by the United Kingdom's Department of Trade and Industry (DTI) found that the average cost of a UK company's worst data security incident of the year was roughly $23,000. The breaches in large businesses were seven times more expensive, with the average cost of the worst incident reaching $175,000. Based on the survey, DTI has said that the overall cost of data security breaches incurred by UK companies is in excess of $19.5 billion per annum Per annum Yearly. . In the U.S., the Small Business Technology Institute conducted a study called Small Business Information Security Readiness covering the same time period that reported more than half of all small businesses experienced a security breach. In spite of these incidents, nearly one-fifth of the companies were not using virus-scanning software for e-mail, over 60 percent did not protect their wireless networks with encryption, and two-thirds did not have an information security plan. The costs of a serious incident could have an even more significant impact on a smaller company, yet many small businesses make reactive purchase decisions only after suffering an information security incident. Beyond the direct costs associated with resolving incidents, there are significant intangible costs associated with brand and reputation damage when government action is taken following a data breach. In the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , government offices responsible for protecting consumer interests, such as the U.S. Federal Trade Commission (FTC FTC See Federal Trade Commission (FTC). ) and several state Attorneys General have become increasingly proactive in filing complaints against companies for lax computer security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security . For example, in 2006, the Federal Trade Commission (FTC) approved a final consent order with DSW DSW - penis war , Inc. (FTC File No. 052-3096). The complaint filed by the FTC stated that DSW, Inc. had created unnecessary risks to the personal information collected about consumers in its stores by failing to use readily available security measures to protect its computer networks, nor employing sufficient measures to detect unauthorized access. As result of the consent decree A settlement of a lawsuit or criminal case in which a person or company agrees to take specific actions without admitting fault or guilt for the situation that led to the lawsuit. A consent decree is a settlement that is contained in a court order. , DSW was required to establish and implement "a comprehensive information security program that is reasonably designed to protect the security, confidentiality and integrity of personal information collected from or about consumers." Similar findings and requirements have been included in other FTC consent decrees, such as in the BJ Wholesale case in 2005 (FTC File No. 042-3160). In spite of these and other highly visible cases in the past couple years, significant data breach stories continue to surface. In January 2007, reports emerged that hackers used a Trojan to access customer information from TJX Companies The TJX Companies, Incorporated (NYSE: TJX), is the largest international apparel and home fashions off-price department store chain, based in Framingham, Massachusetts, in the United States. , possibly for as long as three years. Stolen was credit card, debit card debit card, card that allows the cost of goods or services that are purchased to be deducted directly from the purchaser's checking account. They can also be used at automated teller machines for withdrawing cash from the user's checking account. , check and merchandise return transaction information for customers of T.J. Maxx T.J. Maxx is a chain of American department stores owned by TJX Companies. It is the largest off-price apparel retailer in the United States offering brand name clothing, footwear, bedding, furniture, jewelry, beauty products, and housewares. , Marshalls, Homegoods and A.J. Wright stores in the United States and Puerto Rico Puerto Rico (pwār`tō rē`kō), island (2005 est. pop. 3,917,000), 3,508 sq mi (9,086 sq km), West Indies, c.1,000 mi (1,610 km) SE of Miami, Fla. ; Winners and HomeSense stores in Canada; and possibly T.K. Maxx stores in the United Kingdom and Ireland. The breach has already generated consumer lawsuits against TJX, the first of which was filed in U.S. federal court in Boston. The case, which may become a class action suit on behalf of anyone who had their personal information stolen, claims that TJX failed to have adequate security in place to safeguard customers' data, and failed to notify customers of the breach as soon as it was discovered, constituting negligence. Legal and Regulatory Compliance Over the past decade, in an effort to protect citizens' data from misappropriation misappropriation n. the intentional, illegal use of the property or funds of another person for one's own use or other unauthorized purpose, particularly by a public official, a trustee of a trust, an executor or administrator of a dead person's estate, or by any and fraud, governments in many parts of the world have instituted additional data protection measures. While legal and regulatory compliance can often be expensive, it is a cost of doing business in that given jurisdiction. Even more costly is the potential liability for a company that fails to comply with the appropriate legal requirements to safeguard sensitive information. One of the most well known laws in this regard is the European Union's Data Protection Directive. This Directive sets out the guidelines on which European countries have crafted their laws. Article 17 of the Directive requires: Member States shall provide that the (data) controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, alteration, unauthorized disclosure or access, in particular where processing involves the transmission of data over a network. Most European countries have now implemented this Directive in country-specific laws very similar to the language used in Section 31 of the Italian Personal Data Protection Code to address security requirements. It states: Personal data undergoing processing shall be kept and controlled, also in consideration of technological innovations, of their nature and the specific features of the processing, in such a way as to minimize, by means of suitable preventative security measures, the risk of their destruction or loss, whether by accident or not, of unauthorized access to the data ... The United States also has several laws that set out data protection requirements. For example, the U.S. Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ) requires that the privacy of medical records be adequately protected against unauthorized access and misuse. In the financial sector, the Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act, also known as the Gramm-Leach-Bliley Financial Services Modernization Act, Pub. L. No. 106-102, 113 Stat. 1338 (November 12, 1999), is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition requires that organizations which maintain credit information for customers be held accountable if that data is accessed or compromised by an unauthorized third party. All public companies must comply with Sarbanes-Oxley (SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. ) which includes attesting to the risk assessment and audit controls required by the Act. Incidents of unauthorized network access, system monitors and Trojans can bring the authenticity of reporting into question, and will raise concerns of SOX non-compliance. Beyond country laws, there are international governing bodies Noun 1. governing body - the persons (or committees or departments etc.) who make up a body for the purpose of administering something; "he claims that the present administration is corrupt"; "the governance of an association is responsible to its members"; "he and industry organizations that have set certain relevant requirements. For example, the Basel Committee on Banking Supervision The Basel Committee on Banking Supervision is an institution created by the central bank Governors of the Group of Ten nations . It was created in 1974 and meets regularly four times a year. provides a forum for regular cooperation on banking supervisory matters, and over recent years, it has developed increasingly into a standard-setting body. The Committee, whose members come from Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain, Sweden, Switzerland, the United Kingdom and the United States, is best known for its international standards on capital adequacy. Risk management is a significant factor in determining a bank's required capital reserves. In turn, this becomes a factor in a bank's review of business loan applications. Planned for implementation by this year, the Basel Committee issued a revised Framework referred to as Basel II Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. The purpose of Basel II is to create an international standard that banking regulators can use when creating regulations to "promote the adoption of stronger risk management practices by the banking industry." Basel II defines operational risk as "the risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events." Many U.S. companies that do business in Europe have struggled to comply with European directives since they can be a significantly higher standard than in the U.S. Rules and regulations in different countries can overlap or conflict, creating a complex challenge for security executives responsible for aligning security strategy across the globe. In the face of these diverse laws, rules and regulations, some organizations find themselves overwhelmed and unsure about how to achieve compliance. To complicate matters further, the often ambiguous language of the laws causes some businesses to suffer from 'analysis paralysis' and ultimately--they end up doing nothing at all. Protecting the Enterprise The PCI (1) (Payment Card Industry) See PCI DSS. (2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). standard provides details about how to best fulfill each of these objectives. Specific elements of the standard, such as ensuring that anti-virus programs can protect against other forms of malicious code such as spyware and adware, are important guidance for all companies, even those that do not accept credit cards as a form of payment. Along these same lines, some government regulatory bodies have issued advisories to the entities which they oversee in an attempt to avoid preventable security breaches. For example, the U.S. Federal Deposit Insurance Corporation Federal Deposit Insurance Corporation (FDIC), an independent U.S. federal executive agency designed to promote public confidence in banks and to provide insurance coverage for bank deposits up to $100,000. (FDIC FDIC See: Federal Deposit Insurance Corporation FDIC See Federal Deposit Insurance Corporation (FDIC). ) issued an official letter of guidance to financial institutions that recommends: * Restricting users from downloading software not previously approved by the bank. * Expanding the risk-assessment process to consider threats from spyware. * Expanding security and Internet use policies to include risks associated with spyware and acceptable user behavior. * Taking steps to enforce these policies and reprimand REPRIMAND, punishment. The censure which in some cases a public office pronounces against an offender. 2. This species of punishment is used by legislative bodies to punish their members or others who have been guilty of some impropriety of conduct towards them. staff who fail to comply. * Installing and configuring firewalls to monitor both inbound and outbound traffic Traffic originating in the continental United States destined for overseas or overseas traffic moving in a general direction away from the continental United States. . If possible, block outbound ports that are not necessary for business functions. * Implementing tools to scan e-mail for spam and either block the e-mail or designate it as spam. * Implementing tools to restrict or prevent pop-up windows pop-up window n (Comput) → Popup-Fenster nt . While aimed specifically at U.S. banks, there are policies and processes that all enterprises will benefit from following. Implementing strong Internet security policies and processes is critical to ensure that the technological tools utilized are fully effective. Technology Best Practices to Secure Enterprise Information The U.S. Government Accountability Office The Government Accountability Office (GAO) is the audit, evaluation, and investigative arm of the United States Congress, and thus an agency in the Legislative Branch of the United States Government. provided government departments with these criteria for the consideration, selection and implementation of cybersecurity technologies that are equally applicable to private enterprises: * Implement technologies through a layered, defense-in-depth strategy. * Consider the (organization's) unique information technology infrastructure. * Utilize results of independent testing when assessing the technologies' capabilities. * Train staff on the secure implementation and utilization of the technologies. * Ensure that technologies are securely configured. Most important for the enterprise Internet security infrastructure are solutions that provide accurate threat detection that minimize false positives and provide comprehensive removal in real-time. Enterprises require seamless, scalable deployments that provide centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. , customizable user management, including coverage for laptops and remote employees. Most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent" above all, most especially , advances in technology need to provide proactive defenses. provide centralized, customizable user management, including coverage for laptops and remote employees. Most importantly, advances in technology need to provide proactive defenses. One such proactive system is Phileas[TM], a ground-breaking online research system developed by Webroot Software that uses patent-pending technology to scour scour, scours 1. the chemical and physical cleaning of fleece wool. 2. diarrhea. dietetic scour see dietary diarrhea. peat scour see secondary nutritional copper deficiency. the entire Web discovering spyware on the Internet faster and more efficiently than any other research method. Developed to automate the search and discovery of new threats, Phileas consists of servers that control "bots" to detect web pages with characteristics of exploits, suspicious application code or suspected new spyware threats. One Phileas bot (1) (roBOT) A program used on the Internet that performs a repetitive function such as posting a message to multiple newsgroups or searching for information or news. Bots are used to provide comparison shopping. Bots also keep a channel open on the Internet Relay Chat (IRC). is able to scan 10 URLs per second, completing in one hour the equivalent of 80 hours of manual research. The bot architecture used by Phileas is also highly scalable to keep pace with the growing volume of Internet threats. Its innovative, pattern-matching technology allows Phileas to identify known and unknown exploits, plus any changes to existing spyware variants. New URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. targets identified by Phileas are sent to Webroot's threat research team, who use proprietary algorithms to evaluate the URLs and create definitions for each new signature or variant. Since its inception in October 2004, Phileas has found over 8 billion URLs, scanned 250 million URLs, and identified 4.2 million malicious URLs. This proactive approach to seeking, finding and disabling dis·a·ble tr.v. dis·a·bled, dis·a·bling, dis·a·bles 1. To deprive of capability or effectiveness, especially to impair the physical abilities of. 2. Law To render legally disqualified. malicious malware is a revolutionary advancement that takes the burden off the user or IT director and places it confidently on the shoulders of the technology itself. Webroot was the first security company to develop and use this proactive technology in the fight against spyware. What the Future Holds If there is a silver lining silver lining n. A hopeful or comforting prospect in the midst of difficulty. [From the proverb "Every cloud has a silver lining". in the dark cloud dark cloud See absorption nebula. that looms over Internet security, it is that awareness about the problem has greatly increased over the past couple of years. Spyware, system monitors and Trojans have become a part of the lexicon within enterprise IT departments. One of the biggest risks going forward is that this increased familiarity with the problem could breed complacency. We cannot mistake attentiveness for vigilance. The assault on the enterprise will continue. According to eWEEK magazine, hackers are now being paid up to $50,000 to find vulnerabilities in Microsoft's new Vista operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. . IDC's "Key Forecast Assumptions for the Worldwide Software Market, 2006-2010" found that: Software is becoming much more dangerous ... The ability to bury malware within other software will become a dangerous trend that will lead to improved spyware software, and increase the need for software and application security tools ... As would be expected, companies will continue to make Internet security one of their highest priorities. In her December 2006 paper "State of Security in SMBs and Enterprises," Forrester analyst Natalie Lambert found that "66 percent of enterprises will increase spending on security equipment and services this year." Certainly it bodes well that enterprise IT departments will continue to invest in procuring security tools to protect valuable company and customer data. At the same time, growing network security budgets will also attract newcomers into the security market that lack the experience and expertise held by the companies who have been on the front lines for years. Effectively protecting enterprise systems will require more than simply increasing spending. Parsing See parse. parsing - parser the multitude of devices, software and service options will no doubt present challenges for enterprise IT managers. Most effective will be those companies that remain focused on their priorities, and select industry-leading solutions to address these needs: * Prevent the installation of unauthorized software. * Monitor network use and abuse. * Block inappropriate content on the Web. * Remove useless files to free up disk space (temp files, memory dumps). * Set custom policies to manage employee Internet, network, and application use. While the marauders will continue their attacks, the enterprise can be protected by continuing to widen the moat, raising the walls and placing the best trained sentries at the posts.
Malware Cost Analysis: Company X with 14,000 Workstations
Help Desk Costs
Average percent of Average number Average Monthly Annual
users with a of cost per Cost Cost
malware-related malware-related call
call each month calls per month
7.5% 1,050 $20 $21,000 $252,000
IT Support Costs for Machine Re-Imaging
Average number of Average hours Average Monthly Annual
machines re-imaged needed for each hourly rate Cost Cost
per day re-image for
employee
time
3 3 $50 $9,000 $108,000
Lost Productivity of Employee (user) with Affected Machine
Average number of Average hours Average Monthly Annual
employees with of lost hourly rate Cost Cost
affected machines productivity for
per day while machine employee
is being time
re-imaged
3 3 $50 $9,000 $108,000
Per Month Per Year
Total Costs:
$39,000 $468,000
Source: Webroot Software Threat Research Department
Additional Information Webroot is one of the founding members of the Anti-Spyware Coalition The Anti-Spyware Coalition (ASC) is a group dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies. (ASC ASC Ambulatory surgery center, see there ) based in Washington, D.C., which is another source of educational resources, including: ASC Definitions (June 2006) http://www.antispywarecoalition.org/ documents/www.webroot.com |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion