At the third NamITech Trust Symposium held recently, international guest speaker Gerhard Eschelbeck, CTO of Qualys, addressed the topic of the growing need for proactive management of security threats and vulnerabilities.
Eschelbeck has conducted extensive research over the past two years into the exploitation of IT systems and why the practice seems to be increasingly prevalent, and easier to achieve.
"The core problems facilitating this trend are the continued use of multiple insecure protocols, known default settings, system design errors, software implementation, flaws and user triggered actions such as opening up an e-mail attachment of unknown origin," explained Eschelbeck.
Following his in-depth research into the subject and based on the evolution of security threats over time, Eschelbeck has classified vulnerabilities into three categories: first, second and third generation threats.
"First generation threats are generally spread via e-mail or file sharing. An example would be the common virus we are all familiar with. These threats require a human action and are now pretty well managed through the use of anti-virus programmes.
"Second generation threats differ from the first in that they tend to be active worms, meaning they self-propagate automatically," continued Eschelbeck. "This generation of vulnerabilities leverage existing and known security flaws but do have a low spreading sophistication level and are mostly non-destructive. The solution here is to clearly identify the vulnerabilities and to then remedy them as quickly and as efficiently as possible."
The evolution towards more intelligent threats, termed by Eschelbeck as third generation threats, is well under way. The spreading speed of the vulnerability can increase even further and technologies such as voice over IP and instant messaging are opening up new channels of attack.
"Third generation threats leverage known and unknown system vulnerabilities, where patches remain unavailable. They may well have a pre-compiled list of initial victims and a financial incentive component. A further development is that this generation of threats will hide behind encryption technology to evade detection."
According to Eschelbeck, traditional firewalls and VPNs, while serving an important function, are unable to protect adequately against third generation threats. For this, he advocates a proactive approach to vulnerability management.
"Organisations need to reduce the time taken to patch identified vulnerabilities because it is vital that the window of exploitation is narrowed. In order to effectively secure the IT systems of a business, an organisation needs to know what the network looks like, its topography and points of entry. It needs to know what is on those systems in terms of services; applications operating systems and it must then identify and prioritise the critical vulnerabilities. Once this process is complete, the vulnerabilities need to be timeously remedied and the fixes verified. A solution, such as QualysGuard by Qualys, offers companies the ability to conduct automated vulnerability assessments on demand," concluded Eschelbeck.
Share
Qualys, Inc is the market-leading Web service provider offering on-demand network security audits and vulnerability management. The Qualys flagship service, QualysGuard, is delivered through a global Web service architecture and performs more than 1 million scans per quarter on networks owned by thousands of organisations, including some of the world`s largest distributed enterprises. www.qualys.com.
NamITech
NamITech Ltd is part of the Altech Group, and is a secure technology provider focusing on a number of key market areas to provide leading edge technology solutions. NamITech strives to add value to business through providing leading edge innovative secure technology solutions aimed at facilitating trusted card technology, payment solutions, and digital trust services for its customers. The company is a Proudly South African member and has received an AA Premium rating from EmpowerDEX, an independent economic empowerment rating agency.
NamITech has an established reputation of credibility and integrity and operates out of two centrally located premises Johannesburg.
Editorial contacts