Security issues in 2002. (Security).The year of the virus 2001 was the year of the virus, or so it seems to the vast majority of us who were unwittingly affected. During the last 12 months, worms Worms (vôrms), city (1994 pop. 79,155), Rhineland-Palatinate, SW Germany, on the Rhine River. It is an industrial city and a leading wine trade center. , Trojans and viruses have got nastier, more sophisticated and ever more frequent. In 2000 one in every 700 emails contained a virus, whereas in 2001 one in every 350 carried some form of malicious Involving malice; characterized by wicked or mischievous motives or intentions. An act done maliciously is one that is wrongful and performed willfully or intentionally, and without legal justification. DESERTION, MALICIOUS. attack. Unsurprisingly, the busiest months of 2001 for reported attacks were November and December. CERT (the Computer Emergency Response Team -- a federally funded research and development centre in the US) has warned that the amount of malicious activity on the web is climbing at an alarming rate. It has reported that the total number of attacks in 2001 climbed almost 160 per cent compared to the previous year. CERT has described how virus outbreaks, network attacks or inside abuse account for 52,658 incidents reported in 2001 (and that figure doesn't count the hundreds of attacks that have gone unreported). Indeed Microsoft has been forced to issue a pledge to increase security after rising user concern over security problems within MS Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. and other Microsoft products including the Online Developer Store. Politically motivated mo·ti·vate tr.v. mo·ti·vat·ed, mo·ti·vat·ing, mo·ti·vates To provide with an incentive; move to action; impel. mo hacking See hack and hacker. is also on the increase according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. recent figures issued by the Government. UK government websites have experienced a 378 per cent increase in defacements over the past year as anti-capitalist and anti-war protesters have taken over the Internet. This phenomenon has not been confined con·fine v. con·fined, con·fin·ing, con·fines v.tr. 1. To keep within bounds; restrict: Please confine your remarks to the issues at hand. See Synonyms at limit. to the UK. The Middle East has also seen its political troubles extend to the web as Palestinian Intifada The Palestinian Intifada may refer to:
adj. 1. Having greatest ascendancy, importance, influence, authority, or force. See Synonyms at dominant. 2. Islamic countries launched attacks against Israeli domains. In a recent report, Frost and Sullivan, the analyst group, has described how the demand for information security will continue to increase as access to internal business information and mission-critical applications expands across geographically dispersed dis·perse v. dis·persed, dis·pers·ing, dis·pers·es v.tr. 1. a. To drive off or scatter in different directions: The police dispersed the crowd. b. facilities and networks. In such networks critical information may be scattered Scattered Used for listed equity securities. Unconcentrated buy or sell interest. across thousands of file servers or personal computers. New hacking techniques 2002 will see an increase in hackers attacking servers directly through new worm worm, common name for various unrelated invertebrate animals with soft, often long and slender bodies. Members of the phylum Platyhelminthes, or the flatworms, are the most primitive; they are generally small and flat-bodied and include the free-living planarians (of technology. It is on the servers that valuable corporate data lies and these attacks take advantage of server and system vulnerabilities. Hackers can then steal or tamper To meddle, alter, or improperly interfere with something; to make changes or corrupt, as in tampering with the evidence. with the vital data that makes up the essence of a company. This year we will see a raft of new hacking exploits, as hackers continue to push the boundaries of their capabilities to create new attack types. We have already seen the discovery of a new virus this year, which can be carried in the Shockwave graphics platform, although this virus has not yet been seen in the wild. Collapse of the perimeter The boundary of a system or network, which defines the inside and outside. It is typically determined by firewalls and addresses. See DMZ. ? In light of this, companies are going to have to wake up to the fact that the network perimeter effectively no longer exists. It is no longer acceptable to rely on firewall and network protection to protect critical systems. Hackers now know that the server is where the real damage can be done and consequently they're increasingly aiming their efforts at the server. Reliance on incumbent systems will leave companies vulnerable not just to new attack types but also to existing techniques -- in many companies, it's currently a case of ignorance is bliss. One obvious threat will be an increased use of worm technology to attack servers and carry malicious payloads into large numbers of systems worldwide simultaneously. This can cause havoc on corporate systems globally, seriously affecting the ability of vast numbers of companies to carry on operating on a day-to-day basis. Nimda for example, in its first four days, was estimated to have caused $500 million worth of damage. These attacks are likely to become more complex and difficult to deal with. Consequently, it's going to be harder to ensure that software purchased to protect a company from danger is actually doing its job. Is centralised Adj. 1. centralised - drawn toward a center or brought under the control of a central authority; "centralized control of emergency relief efforts"; "centralized government" centralized management an answer? How should companies combat this problem? Closer integration of products is a must to enable companies to easily integrate security into existing IT management infrastructure. However it is unlikely that companies will reach the apparent `Nirvana' of having all security products actively managed out of one central point at least in the next 12 months. Centralised management is often cited on the wish list for companies looking to boost their security systems but the reality is that no single vendor will be able to produce all of the required solutions in one offering. Indeed for this to happen, all security product vendors must agree on a consistent control interface that will do the job. Facing the legal threat Another interesting theme which we will see raising its head in 2002 is a growing awareness of the legal implications that a security breach can have on a company. Currently the legal responsibilities or liabilities of companies in the security area are not understood well by most people in the industry or, in some cases, even considered to be an issue. Consolidation in the security market In order to try to combat some of the issues described above, the security industry itself has seen considerable consolidation in terms of players in the market. Over the past year, best of breed solutions have been sucked into global credible players, putting the security market in a steadfast position for 2002. During 2001, ISS ISS See Institutional Shareholder Services (ISS). purchased NetIce, Symantec bought Axent, Cabletron bought Dragon and renamed the group "Enterasys", and Cisco has OEMed Entercept. It will be interesting to see whether this trend will continue into 2002. It is always difficult to predict specific deals as consolidation is often a side effect of a strong stock market yet, with the current uncertainty, we are in a bear market. Paper rich companies are normally much more acquisitive when share prices are buoyant Buoyant The term used to describe a commodities market where the prices generally rise with ease when there are considerable signals of strength. Notes: These types of markets can be very volatile as the prices are rapid to rise and fall with investor sentiment. . However, at the moment there are a number of small companies in the security space that are pioneering new approaches to protection and the market is ripe for these to be acquired by established brand leaders in the security space. Brand leaders normally feel the pressure to acquire such innovative companies or risk a competitor picking up on a big technology lead and taking away their market. Waiting for the research and development team to develop and come up with an answer to a new and exciting competitor is not an option. The one to two year lead time it takes to develop a new product means that it's easy to miss the opportunity or worse still lose market position. www.entercept.com Ian Franklin Entercept Security Technologies |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion