- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Exploiters on the Internet have caused billions of dollars in damages. These exploiters are intelligent cyber terrorists, criminals and hackers who have a plethora of tools available in their war chests ranging from spyware, rootkits, Trojans, viruses, worms, bots, and zombies to various other blended threats.
Exploits can be grown and harvested the same day a security hole is announced - in so-called "zero-day attacks" - so they are getting much harder to stop. Open source malware code, freely available on the Internet, is enabling this phenomenon and cannot be reversed. Although the number and types of exploits "in the wild" continues to rise exponentially, there are fewer than a dozen core methodologies used for their execution and proliferation. Most exploits can be removed, but some exist indefinitely and can only be destroyed or removed by loss of data - you've probably heard of these "rootkits." Most exploits will re-infect a host if a security hole, also known as the Common Vulnerability and Exposure (CVE), is not removed.
Many exploiters are doing it for profit. Just take a look here and you'll see where the $10 billion in identity theft last year occurred the most.
Not all exploits are created equal. Most are evolutionary improvements on existing exploits. What’s very interesting is that the average exploit currently has a dozen names. With the advent of the Common Malware Enumeration (CME) standard, there will be one shared, neutral indexing capability for malware but that will take years - probably more than five years, like the CVE standard which is still just starting to catch on, since its inception in 1999 by Mitre, now funded by the U.S. Department of Homeland Security.
It is crucial today to prevent vulnerabilities across the enterprise and remove these CVEs - these security holes in your desktops, laptops and servers. Knowing what they are, where they are on your network, and how to remove them is more important than sniffing packets and listening for burglars.
According to USCERT, 95% of downtime and IT related compliance issues are a direct result of an exploit against a CVE. Your firewall, IDS, IPS, anti-virus software and other countermeasures don’t look for or show you how to remove your CVEs. So you are really only 5% secure.
Typo is one of those scams offered by greedy individuals who owns a site but they have a large bounce...- cipals15
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment