That perception is incorrect. In fact, when you compare the handful of successful attacks to the millions that are thwarted every year, you find the cyber security war is extremely one-sided in favor of the good guys.
I don’t want to downplay the significant risks attackers pose to organizations; a data breach can result in the loss of millions of dollars and irreparable damage to reputations. The sheer volume of attacks is staggering: in 2010 alone, Symantec blocked 3.1 billion attacks. That number is overshadowed by the few successful attacks that receive media attention.
Approximately 144,000 malicious files are detected each day. This translates to a rate of more than 4.3 million each month. This war against malware authors is constant and ongoing, similar to the ongoing war on crime. Security professionals are like the police – we don’t expect the police to eradicate crime altogether, but they play a critical role in preventing criminals from winning that war.
That raises a critical point: of those 3.1 billion blocked attacks, roughly half were stopped by intrusion prevention technologies inside of the organizations’ endpoint security software – proving that while signature-based antivirus plays a critical role in preventing threats, it’s no longer an exclusive role. Organizations must work closely with their security vendors and solution providers to ensure they have implemented the latest technologies to mitigate attacks. Vendors don’t release new versions just to generate revenue; they do so because their older technologies become less effective over time.
Because the threat landscape is constantly evolving, organizations need to be able to quickly and easily update their networks and endpoints with the latest operating system and application patches. Here’s where security software has a distinct advantage over a hardware-assisted security solution, which are more difficult to update. With more than 286 million new threats found last year alone, previously unknown and highly sophisticated threats emerge on a regular basis, requiring solutions that are nimble enough to react and effectively thwart them.
New layers of protection technology are making an incredible impact. Reputation-based security stops mutating malware by analyzing and maintaining contextual data for billions of application files and assigning each a risk score. Complement this with a layer of real-time behavioral prevention to thwart targeted attacks. Additionally policy-based intrusion prevention solutions provide solid defense for business critical server workloads, without impacting performance. Each new technology steps up to meet the latest attacker challenge.
This comprehensive and effective approach gives organizations the freedom to choose best-in class solutions and provides the speed and agility needed to respond to today’s rapidly emerging security threats.
That’s not to say that other tools cannot play an important part in an effective security posture. There simply is no silver bullet that will prevent all attacks, and companies should not rely solely on technology. Here are the necessary steps any organization can take to ensure it is not leaving itself open to attack:
• Develop and enforce IT policies. Prioritizing risks and defining policies can help you enforce policies through built-in automation and workflow to protect information, identify threats, and remediate incidents as they occur, or even anticipate them before they happen.
• Take an information-centric approach to protect both information and interactions. You must know where sensitive information resides, who has access to it, and how it is coming in or leaving your organization.
• To control access, you must validate the identities of users, sites and devices throughout your organization.
• Manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.
• Protect the infrastructure by securing all endpoints and messaging and Web gateways. antivirus alone is not adequate.
• Build a security-aware company culture which includes all levels within an organization. This best practice is often overlooked, but it is crucial to ensuring employees are contributing to the success of your security strategy. They will help you win the cyber security war.
The onus is on security professionals to continually evaluate and update security postures to keep up with the bad guys. Advances made to technologies that used to be thought of as “nice-to-have,” like DLP, encryption, intrusion prevention and reputation-based security, are making it much harder for the bad guys to get in and get stuff out. While it may be impossible to win the cyberwar, we are at least staying out ahead.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.