Overcoming the next generation of threat vectors
2011 SC Social Media Awards: Finalists named
Since businesses first connected to the internet some 20 years ago, there has been a race to deliver stronger security innovations faster than cybercriminals can write code and develop new tactics.
Today, the industry is seeing a broader range of companies who realize that security must now be a strategic part of their overall IT infrastructure. This is enabling them to proactively prevent security breaches and attacks from penetrating their network in the first place – versus taking the more historical approach of applying protections like a Band-Aid.
Based on a recent Check Point survey of more than 220 IT security professionals, more than 90 percent of businesses reported using firewalls and anti-virus solutions, which are important baseline protections to secure their networks. However, as companies combat traditional security threats, businesses also face a new generation of threat vectors, with the proliferation of Web 2.0 applications, mobile computing and custom attacks that are dramatically increasing security complexity for enterprises.
As internet threats become more sophisticated and data leakage becomes more prevalent, businesses need a holistic and integrated approach to security that focuses on moving from threat detection to prevention.
Key findings and industry trends, based on Check Point's research, show that organizations should consider:
- The proliferation of new threat vectors: For businesses facing a rise in the emergence and volume of new internet threats, 2010 was no exception. Survey respondents showed a 21 percent increase in the use of intrusion prevention solutions to protect against a greater volume of attacks – ranking viruses, botnets and drive-by downloads among the top internet threats to organizations. Malware, phishing attacks, trojans and keyloggers are still common and proliferating on Web 2.0 applications, which can impact enterprise security from the gateway to the endpoint.
- The call for more user awareness: Thirty-six percent of IT security administrators surveyed believe employees rarely or never consider corporate security policies in their everyday business communications. With Web 2.0 applications and technologies now becoming common tools used in the enterprise, organizations are looking to apply stronger application control to enforce corporate security policies. Because employees are essential to helping organizations mitigate security risks in the enterprise, businesses will benefit from implementing technologies that combine stronger security and more user awareness.
- The surge in mobile workers and connectivity: Mobile computing is no longer a trend but a way of life for most businesses. Approximately 54 percent of organizations surveyed are anticipating an increase in the number of remote users in 2011. In part, this is driven by employees and contractors demanding more access to business applications, data and corporate resources – from both corporate and personally-owned devices. The mobile workforce has been steadily growing, and now 64 percent of organizations are concerned the growth in remote users will result in exposure to sensitive data – as well as other security challenges like unauthorized network access and user management complexity.
- Securing the virtual environment: In the early stages, virtualization was mainly used to consolidate servers and IT resources for cost, space and energy savings. Today, however, its uses and applications are steadily growing. Yet virtualization, like every new technology, can present new risks to companies. Improper implementation of security for virtual environments can adversely affect an organization, exposing it to new security threats and risks. Therefore, implementing the proper security architecture in a virtual environment that can protect against both internal and external threats – while evolving as the business grows – is important to consider.
Organizations are using an average of nine different vendors to secure their organization's infrastructure from the network to the endpoint.
This creates more and more complexity, inefficiency and security management challenges – particularly for businesses with 500+ employees. Companies combining more than a dozen distinct security solutions are often left with large infrastructures. However, trying to piece together too many disparate point products can leave systems vulnerable.
Before adding yet another point product to the environment, businesses should consider which solutions enable them to evolve as their organization grows and new threats arise. They should also consider the operational efficiencies gained by managing a single security architecture from the gateway to the endpoint.