2011 Has Potential to be a Really Bad Year
Paul Henry - April 20th, 2011
If we look at how 2010 ended there is perhaps good reason for IT security pros to already be nervous in 2011. According to the end of year report from IBM X-Force, at least 44% of all vulnerabilities disclosed in 2010 had no corresponding patch by end of year. Not only do we have to deal with exploits for newly discovered vulnerabilities running at all time highs, we seem to be falling behind on patching previously discovered vulnerabilities.
Take a look at the network security news for the year to-date:
- Exploit Rates
- Typically, exploit rates have ranged between 30 to 40 % but in January, 2011 they surged to 61%
Noteworthy Hacks
The bad guys are definitely targeting the money – the London Stock Exchange made the news last year when they faced cyber attacks and now NASDAQ has reportedly been hacked in 2011
Several high profile security companies also found themselves to be the victims of cyber attacks in 2011
Data Breach Stats
Data breaches in 2011 already include 120 breaches with 9,266,828 records exposed. We are only through Q1 of 2011 and we have already surpassed half of all records exposed in 2010!
Malware Stats
In this first quarter of 2011, malware is up 26% when compared to the same period in 2010. Furthermore, the number of new malware has now reached 73,000 new strains per day.
No matter how you look at it, 2011 is shaping up to be a difficult year for network security pro’s. Hackers today are regularly taking advantage of traditional issues like un-patched vulnerabilities, but they are also introducing new risks with ever-increasing usage of obfuscation to bypass traditional defenses, including a growing deluge of Day Zero Threats that – obviously – we are left defenseless.
Unfortunately, there is no single Holy Grail solution to our current issues. You’ve maybe heard me voice my opinion before – our only viable defense in this increasingly sophisticated threat environment is a proactive, layered approach to endpoint protection that includes the following approaches:
1. Flaw Remediation – Patch wide and patch fast
No one can argue the best way to mitigate the risk of vulnerability is to apply the vendor’s patch. The primary issues we face today in flaw remediation are the lack of software vendor support from flaw remediation product vendors and insufficient necessary infrastructure within the enterprise environment needed to quickly distribute vendor’s patches. Windows WSUS is a popular flaw remediation solution and is a good example of this– it is great in a small environment that exclusively uses Windows products, but it is simply not able to scale well in the enterprise. It completely misses the patches for popular third-party products and add-ons. To this point, if you are relying on WSUS for flaw remediation, you are completely neglecting the larger portion of your flaw remediation risks. To make sure you stay ahead of the hackers and remain secure, a current generation flaw remediation product should offer complete coverage for applications and add-ons including those from third-party vendors that you use within your environment. The solution must also efficiently scale to facilitate the fast delivery of vendor patches across every desktop and server within the environment.
2. AV is Still a Necessity – But it’s role is changing
The use of obfuscation and the sheer number of unique instances of malware have overwhelmed traditional, signature-based AV to the point that many consider it to be obsolete today. AV is still able to offer some level of mitigation as a screening filter at the gateway – blocking some known malware, but it will miss too much for you to rely on it as a standalone offering.
3. Whitelisting / Application Control – The perfect complement to traditional AV
To stem today’s sophisticated risks, application control / whitelisting fortifies the “block the bad” approach of AV with a “allow only the good.” Whitelisting is fulfilling the former role of AV as the network “bouncer” and AV is moving into a new role of “network janitor.” Rather than blocking an attack, AV cleans up after one.
Given these early 2011 stats, it is evident we are woefully exposed when we rely on the status quo. The time is now to get aggressive with a defense-in-depth approach. What are you waiting for?
FREE Scanner
Free eBook &
Over 48% of IT Directors say that mobile devices represent the greatest network security threat.
[...] 40 high profile breaches in just the first month of the period. Hmmm I hate to say it, but this sounds familiar. That’s one prediction I’d like to say I got [...]
[...] in April, I wrote 2011 had the potential to be a really bad year for securing our networks. I was right and I’m not [...]