Cisco’s recent announcement that it will incorporate Trend Micro virus and worm technologies with its intrusion-detection system software used on its routers and switches, is excellent news for anyone concerned with IT security. With the rise of more sophisticated attacks – blended threats - a more proactive approach to security is not just necessary, but vital. This is an approach we've been taking for two years now, so it’s always pleasing to see Cisco validating our market by adopting it in such a way.
But the announcement does not go far enough and provides only part of the solution. Companies don't only need anti-virus on a security appliance - they also need spam filtering, VPNs, firewalls, URL Filtering, web caching, local logging and unified management. The fastest growing security problem is the blended threat, and to combat this effectively you need an all-in-one appliance that provides all of the above.
A blended threat is one that combines multiple characteristics such as worm, spam and intrusion. That is, once it penetrates the edge of the network and embeds itself onto one client system, it replicates and propagates very rapidly. The most high-profile examples of this breed of virus are myDoom and Sobig.F, which used complicated and evasive blended threats that end-point security fails to secure.
The best solution is to deploy an integrated platform, with auto-updates for AV, spam and URL protection, at all corners of the network. The truly integrated security platform, in which all applications communicate and pattern match against a full context inspection network filter, offer the best automated defence against destructive blended exploits.
As security threats change so quickly, speed to closing the windows of vulnerability is important. MyDoom had several different variants within a 24-hour period, which means if you don't have real-time response, your response time to the changing makeup of a virus gets truncated. Integrated platforms with auto update capability, caught MyDoom within three hours of its release, or an 800 per cent faster rate of time-to-protection. This severely limits the potential damage of an attack and contains further internal outbreaks.
The greatest intrusion is a worm wrapped inside a virus deeply embedded in a spam attack. The best prevention strategy is a multi-threat management system that closes the gaps between the network layer and the application layer. Intrusion detection systems and intrusion detection systems (IDS and ISP) standalone or point solutions are not effective without the full integration of network and application layer attack prevention onto one dedicated, hardware-accelerated device purposefully built for multi-layer security. Further, a fully integrated, contextually aware approach to IDP makes more sense than a stand-alone solution because the technology can easily automate rules-based preventive actions, rather than installing an after-the-fact detection alert system, which requires heavy human intervention and unexpected cost for preventive action or forensic activity.
Currently, a full-blown IDS/P solution is very expensive and inordinately complicated for all except the biggest organisations, and in many cases remote or distributed large enterprise locations where an integrated, dedicated system is easier and more cost-effective to deploy, maintain and update. IDS/P is typically a complex system to manage and requires in-house expertise to implement, maintain and monitor in the central data centre environment.
But the biggest single challenge faced is educating people about the limitations of conventional firewalls, software-based or fixed-function appliances, that lack the application intelligence, performance and integrated content security to defend against today's most threatening exploits. Recent ServGate research revealed that an astonishing 23 per cent of IT managers don't know what a blended threat is. The industry needs to wake up to the danger blended threats can pose, and the solutions available to combat them, or we are going to see damage on a scale that will make MyDoom look like a walk in the park.
Bruce Hendrix is president and CEO of ServGate Technologies