- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
![]() |
![]() |
| Interview with security writer Deb Radcliff. |
ATLANTA -- When the sensors feeding into Internet Security Systems' Global Threat Operations Center detected a new XML HTTP vulnerability early last November, attacks exploiting that vulnerability already were occurring across the Internet.
That's when members of the X-Force, ISS' 200-person R&D team, knew they had a "level zero" on their hands. Zero, as in zero day, means there is no gap between the public discovery of a vulnerability by security researchers and the launch by hackers of an exploit based on that vulnerability.
In years past, professionals at ISS and other security companies discovered potential vulnerabilities and turned that information over to the appropriate vendors, who then had weeks to send out fixes before the hackers could turn that information into a real threat. That window has been closing fast.
In 2005, 10% of attacks came within 48 hours of a vulnerability being discovered. In 2006, there were about 1.5 zero-day attacks a month, says Lamar Bailey, X-Force COO. Increasingly, zero days are being sold on the black market and used by cybercriminals to make a quick buck, X-Force researchers say.
Level zeroes are just one of many new threats pushing vulnerability research labs such as X-Force to their limits, says Gunter Ollmann, X-Force director. For example, using polymorphism techniques, attacks now can change on command to defeat signature detections. Also on the rise is fuzzing, which tests data fields for vulnerabilities by generating and filling them in with a barrage of bizarre text strings until they break.
These new threats are enough to keep members of the X-Force up nights -- literally.
"It's always about 2 a.m., when the bad guys come knocking at your door," says Chris Schueler, who hails from a security operations center background in the Army and who directs ISS' global Security Operations Center (SOC). "The number of calls that bump up in priority that are more severe are increasing so much that I'm worried we might be getting these types of calls all the time."
Schueler was one of the first people to jump into action when the HTML exploit was captured by X-Force sensors. Those sensors were running a combination of protocol analyses and assessment and virus-protection engines, and feeding the information into the X-Force Global Threat Operations Center (GTOC).

Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...

Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...

We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment