Wednesday, June 11, 2008

Current Security Trends for the Enterprise.

Recently there was an article by the Chief Security officer from Cisco. He basically is telling us to stop with the "Patching" and approach things differently. I got an opportunity to review a few articles by Garter, Forrester and a few other sources, Here is how the industry sees it:

What are the Biggest risks for Windows - Worms, Viruses or Social Engineering?. What should be the recommended approach for Vulnerability management?.


Information collated in this post comes from Gartner, Forrester, Internet Searches for "Enterprise threats" and personal observation. Here is a Short answer to the question: If vulnerability/patch management is Operationalized (automated anti-virus and patching), Worms and Viruses will be contained to a great extent, which leaves Social engineering and threats from Within as the biggest risk.

Gartner identified 3 Key Issues on Infrastructure protection in a publication by Mark Nicolete in March 2008 [1 ]. While the paper does not specifically speak in terms of worms, viruses and social engineering threats, it does provide insight into what Enterprises should focus on. Operationalizing Vulnerability/Patch management while linking the effort with Compliance Projects (configuration management) such as SOX, HIPPA and PCI appear to rise to the top in the TAG cloud for this context.

Nearly Every day, new vulnerabilities are reported, but Microsoft and partner vendors patch most security holes before an actual attack occurs (A few years ago, a worm would propagate faster than the information about the worm, Not so today). The biggest risk to enterprises comes from targeted attacks, many of which are from insiders. In addition, phishing and identity theft attacks have caused the rise of "credentialed" attacks. Loss of sensitive data owing to lack of encryption on laptop computers and from Tape backup vendors is another source as we have seen recently. As attackers increasingly move "up the stack" to applications and users, signature-based solutions become increasingly ineffective. [2 ].

Security purchases were once driven by fear, especially antivirus and intrusion detection systems. Individual solutions were bought to solve individual problems. Now, purchases are more focused on the fulfillment of policy (SOX, HIPPA, PCI) and have a more-holistic view of the organization's security issues [3 ] . The primary driver of the North American SIEM (Security Information and Event Management ) market continues to be regulatory compliance. European SIEM deployments have been focused primarily on external threat monitoring, but compliance has recently emerged as a strong driver in Europe as well. More than 80% of current SIEM deployment projects are funded to close a compliance gap. Security organizations typically have funding for the technology because there is an audit gap, but there is also the realization that the technology should be deployed to improve responsiveness to an external attack and to improve the ability to sense an internal breach. Initial deployments of SIEM technology are focused on user activity and resource access monitoring for host systems, but real-time event management for network security remains a common requirement. [4 ].

From a Forrester survey of 252 Enterprises on what was driving Network upgrades, Security and Business continuity profiled as Number 1 and Number 3 drivers. Sarbanes-Oxley, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and various European Union (EU) directives are just a handful of regulatory pressures that have network managers scrambling to deploy better access control and data protection. Moreover, companies also need to make sure the network is able to resist common threats from viruses, worms, and other malicious code. [5 ].


Are there any Windows Specific threats and mitigations to watch for?

What are the "biggest Software risks that a windows platform faces and what are the recommendations to mitigate these threats": Outlook (mail), IE (Browser) and IIS (Webserver) - are the worst offenders from a historical perspective. [6 <> ] . Mitigation of these threats can be accomplished by robust monitoring tools, monitoring logs for suspicious activity, services for availability, file systems and Registry for integrity and unauthorized changes, and network packets for suspicious traffic. Threats to the enterprise are evolving and changing over time. Our security policies should be reviewed often to make sure we are keeping pace with the new drivers. Configuration management which encompasses automated Vulnerabiltiy and patch management should be operationalized as far as possible, to free up valuable resources to combat the ever changing threats to the enterprise. If vulnerability/patch management is Operationalized (automated anti-virus and patching), Worms and Viruses will be contained, which leaves Social engineering and threats from Within as the biggest risk to focus on.

No comments: