The increasing number and complexity of viruses and other threats means companies need to take a more sophisticated approach to them, says security company Symantec.
Jeff Ogden, Symantec Managed Security Services director for Europe, the Middle East and Africa, says many companies are not collecting data about attacks.
This makes them unable, when a new threat arises, to assess the risk and the ability to take counteractive steps.
"Many companies have outsourced their firewalls to their Internet service provider, but usually the ISP doesn't provide visibility, so they don't know what is coming in, what viruses are attacking," Ogden says.
The group's most recent Internet Security Report, which covered the second half of last year, showed that the number of vulnerabilities was only slightly more than the preceding six months. However, the nature of the threats to exploit those vulnerabilities is changing and their complexity is increasing.
Adding to the situation is the fact that distributed open networks are now the norm. "Technology is also not integrated enough, with the result that an anti-virus solution will not always detect a worm attack," he says.
"There are point products being implemented, but threats are evolving faster than technology."
Targeted attacks
Attacks are now increasingly targeted events rather than general code being put out over the Internet. Attacks on confidential data are increasing, as are incidents of "phishing".
Phishing involves sending spam mail appearing to come from a bank, asking the mail recipient to click on a link to confirm his or her details. The linked site appears to be genuine, but is not related to the bank. Details gathered through the site could be used for fraudulent purposes.
Symantec is promoting the concept of managed security to deal with increasingly sophisticated threats. It involves the collection of data and the consolidation of the data from across a corporate environment.
That information is then correlated so that attacks at different points are combined into a single event. It is then possible to comment on what attack took place, what vulnerabilities exist and so on. Appropriate countermeasures are then identifiable.
The process can be managed through operational centres, which can take quick action on countermeasures such as closing ports and installing patches. This can be done in partnership with others, including ISPs.
Ogden emphasises that security is not just a technology issue, but a business risk matter, which is why many security officers now report to the financial director rather than the IT director.
Related story:
Security strategies 'not working'
Share
