Last week Symantec issued their latest Internet Security Threat Report. These six-monthly reports have become essential reading for all security practitioners. The latest 30 page report (it could do with a good précis) is packed with useful, though largely unsurprising, facts.
The report confirms that the security threat landscape is becoming characterized by attacks that are more professional and increasingly commercial. These attacks are often carried out in multiple stages, using a low-profile compromise to create a beachhead from which subsequent attacks can be launched. Multiple methods of attack are likely to be used and trusted entities will be exploited. Defending against such attacks is not easy. They are difficult to detect and even harder to stop. And in an age when zero-day vulnerabilities are a reality, it’s disturbing to read that some big vendors still have patch development times measured in hundreds of days.
The consequence of this trend is that organisations need to adopt a more intelligence-led approach to security. Identity valuable assets and critical services. Understand the enemy. Think like an attacker. And then implement specific controls to identify and deflect such attacks. It’s no longer good enough to apply a basic level of commodity-level security across your estate. That approach might have been effective in the past. But today’s attackers don’t just focus on soft targets. And the sophistication of their threat has now surpassed the defensive capabilities of most baseline security measures.
Comments (2)
I could not agree more..... The key to the future is understanding and assigning correct and appropriate values to organisational assets. Only that way will organisations' be able to focus their efforts on protecting what is most valuable to them.
This actually fits nicely with a theme on Stuart King's blog regarding the drive towards external service providers for availability of business functions. If this is the direction business is driving in then it will be crucial to understand which information assets can be put in external hands and which must be retained in-house. Get this wrong and organisations may be giving their crown jewels away.
Posted by Duncan | September 23, 2007 4:33 PM
Posted on September 23, 2007 16:33
Seems to me two things leap out from the blog and show where a lot of time is being spent.
one is Patch. IT will always go to sea in a leaky boat and then try to fix the holes.
Two is to find out ways in and try to deflect against that entry point. trusting you find that particular one the hacker is looking for first. Design out all the known type of weaknesses in the first place. Time for the old firewall paradigm to be put on the funeral pyre.
Posted by Ron Wilkins | September 25, 2007 4:31 PM
Posted on September 25, 2007 16:31