2008 is a special year for the digital security community. Twenty years have passed since the Morris Worm brought computer security to the attention of the wider public, followed by the formation of the Computer Emergency Team/Coordination Center (CERT/CC) to help organizations detect, prevent and respond to security incidents. Ten years have passed since members of the L0pht security research group told Congress they could disable the Internet in 30 minutes. Five years have passed since the SQL Slammer worm, which was the high point of automated, mindless malware. The Internet, and digital security, have certainly changed during this period.

The only constant, however, is exploitation. For the last twenty years intruders have made unauthorized access to corporate, educational, government, and military systems a routine occurrence. During the last ten years structured threats have shifted their focus from targets of opportunity (any exposed and/or vulnerable asset) to targets of interest (specific high-value assets). The last five years have shown that no one is safe, with attackers exploiting client-side vulnerabilities to construct massive botnets while pillaging servers via business logic flaws.

Despite twenty years of practical experience trying to prevent compromise, intruders continue to exploit enterprises at will. While they may not be successful attacking any specific asset (unless inordinate resources are applied), in aggregate intruders will always find at least one viable avenue for exploitation. The maxim that "prevention eventually fails" holds for any enterprise of sufficient size, complexity, and asset value to attract an intruder's attention. The threshold has fallen to the point where a single home PC is now considered "worthy" of the same sorts of attacks levied against multibillion-dollar conglomerates.

In a world where the adversary eventually breaches some aspect of a target's protective measures, what's an enterprise security manager to do? The answer is simple:

1) detect compromise as efficiently as possible;

2) respond as quickly as possible; and

3) investigate using digital forensics as effectively as possible.

This article will provide several ways to think about this issue and implement detection, response, and forensics capabilities to support your enterprise.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports