The logical solution to worms like Zotob

Tiered levels of security are the only realistic way to defend against threats to system flaws, such as the Windows Plug and Play vulnerability, IT professionals and analysts say.

Fresh off a company conference call where the primary topic was this week's Windows Plug and Play worm, Arun DeSouza was asked for his thoughts on this most recent major attack on the operating system.

"It's crazy," said DeSouza, who is chief information and security officer and senior manager of systems engineering at Inergy Automotive Systems, a Troy, Mich., manufacturer of plastic fuel-delivery systems. "The only way to keep on top of these threats is to have a tiered level of security."

Indeed, much has been made of the fact that the time between vulnerability announcements and the emergence of an exploit keeps shrinking to the point where it is almost non-existent. While this has been a gradual change, one constant is the content of DeSouza's advice: IT shops must build multi-tiered defenses.

The enemies at the gate usually fall into three camps: operating system vulnerabilities, e-mail threats and Trojans. OS vulnerabilities are fixed by patches, which require the important -- but time consuming -- step of compatibility testing.

Two layers of protection

To combat e-mail problems such as spyware or viruses, antivirus protection is key. DeSouza has two layers of protection for those. For internal use, Inergy has Symantec Corp. antivirus protection. For Internet-facing servers and Exchange Server, the company uses Trend Micro Inc. software. And some type of antispyware tool is on every desktop.

For Trojans, which are programs that masquerade as other applications, Inergy is starting to use quality-of-service devices, which sit between a LAN and a router. The devices -- Inergy use traffic shapers made by Packeteer Inc. -- can recognize applications, identify network anomalies and be used to set policies.

Companies like Inergy are on top of the problem, but analysts say there are still many IT professionals who don't know the best choice for their security and compliance dollars. "[Security within IT shops] is sophisticated the farther upmarket you go, but in the middle, there are still a lot of people who don't know what is available," said Scott Crawford, an analyst at Enterprise Management Associates Inc., Boulder, Colo.

Related links

News: Worms targeting Windows Plug and Play go global


Advice: Hardening Windows School

Part of the problem for many is that security practices continue to evolve, threats change and compliance mandates keep coming, Crawford said.

The reality of perimeter security

Though IT executives may be tired of the vulnerability and patching treadmill, they must keep up the fight. There is no other recommendation from experts other than to build a defense in depth from the perimeter to the applications. "Do it all," said Jonathan Eunice, a principal at Illuminata Inc., a Nashua, N.H., consulting firm.

"You can't assume you will establish a perimeter and make it perfectly secure," he said. "For viruses and worms, you need a basic firewall, e-mail mechanisms and probably a defense on each system."

Though 90% of intrusions are halted at the perimeter, the other 10% need to be stopped past that point, requiring some form of local security. "This is easy in the latest version of Windows because there is a local firewall," Eunice said.

He noted that one bright spot in the struggle is how security vendors have turned into around-the-clock watchdogs, with their staffs monitoring and responding in real time to the security exposures. "They are watching and responding in the same time frame as these things are developed," Eunice said.

Read more on IT risk management