Businesses looking to defend their IT infrastructures from security threats may need to re-evaluate their approach, it has been suggested.
Businesses recognise the importance of defending their IT systems against external threats – a single data security breach has the potential to derail entire companies. Understandably, vast sums of money are spent on IT security software and other network defences, in an industry worth billions per year. According to research conducted by Gartner, the value of the sector rose by 12 per cent to £10 billion in 2010, emphasising the value companies place on security – both in terms of their online activities and safeguarding of critical information.
But to an extent, businesses are always at risk from IT security threats, particularly those they are unaware of or do not understand. They may have taken the necessary precautions to protect against common viruses, Trojans and other malware, but it is more difficult to take defensive action where IT security threats are undetected. Many companies simply do not comprehend the scale of the problem they are faced with.
Richard Moffitt, consultant systems engineer at Trusteer, recently commented that hackers are looking to exploit every channel they can to launch attacks. He noted that malware is becoming more sophisticated, which increases the importance of taking advanced precautions. Companies need to do more just to keep on an even keen in an increasingly risky environment.
"The number of malware variants is changing," Mr Moffitt stated. "What we're finding is that attacks happen very quickly – it's an automated process." He explained that online toolkits allow fraudsters to generate new pieces of malware in minutes, and target end users in variety of ways. "Any method that's available, you'll find them trying to exploit users as quickly as possible," Mr Moffitt stated. In his view, identifying malware quickly is all important for enterprises looking to defend their systems.
Once an exploit is released, people will immediately be working to exploit it and distribute malware and commit fraud, Mr Moffitt noted. He said that while anti-virus products may detect the malware, it could be several days or even weeks after the program entered the system. "It's very important to stop this problem as soon as possible," the expert added.
According to Gartner, addressing advanced intrusions that have bypassed traditional security controls is one of the major challenges for modern organisations. Neil MacDonald, a vice-president at the analyst firm, explained that often, signatures are not available to detect intrusion. And if it has compromised the host operating system at a deep level, the threat can remain cloaked and undetectable by endpoint security controls, he noted.
Mr McDonald said it may be necessary for UK companies to consider new approaches to IT security. He said that "fundamental shifts" are needed in the way security professionals think about the ongoing security and management of server and desktop workloads. Mr McDonald suggested that embracing systematic workload reprovisioning (SWR) may improve the situation for UK firms. This involves periodically rebuilding and reprovisioning server and desktop workloads from a high-assurance library of base image files. With the uptake of server and desktop virtualisation techniques at the operating system and application level, the time has come for enterprises to adopt a SWR strategy, he added.
"A SWR strategy reduces the dwell time of an intruder and will appeal to information security professionals looking for new ways to counter advanced intrusions for high-risk workloads," he explained. "Systematic reprovisioning of workloads from high-assurance repositories will become an accepted strategy for high-risk workloads to counter advanced intrusions during the next five years."
Gartner suggested that by 2016, more than a fifth of global enterprises will adopt a SWR strategy for high-risk, server-based workloads. In addition, more than 60 per cent of firms will adopt a SWR strategy for hosted virtual desktop workloads, the analyst said. "Although the principle behind SWR is straightforward, the change in mindset is significant," Mr McDonald said. "With today's advanced threat environment, we must adopt this change in thinking and adjust our security and operational strategies to reflect this."