Understanding multi-tiered protection (page 1 of 2)

But it's even more important today because threats are spreading too quickly for any reactive signature-based security mechanism to adequately protect against them. Consider the following:

• During the summer of 2003, the Blaster threat was released 27 days after the associated system vulnerability was announced.

• Sasser, discovered in May 2004, launched just 18 days after its target vulnerability was publicly disclosed.

• The Zotob worm, discovered on August 16, 2005, was released less than a week after Microsoft announced a Plug and Play vulnerability in Windows.

While antivirus protection provides a critical safeguard for corporate networks and clients, it is not enough. Beyond antivirus, organizations need to consider a full range of measures and approaches they can apply to enhance the security and availability of their critical information assets. This article will show how the most effective safeguard of that information is a multi-tiered system of integrated technologies that enables a proactive -- rather than reactive -- posture.

Today's threats and vulnerabilities

Today's threats use multiple methods and techniques to infect a host and reproduce themselves. They can combine the characteristics of different types of malicious code -- such as viruses, worms, and Trojan horse programs -- while also exploiting system vulnerabilities. They may also attack simultaneously from different directions, improving their success rate and making them more difficult to defend against. The multiple propagation mechanisms used by these threats enable them to circumvent an organization's security in a variety of ways, allowing them to simultaneously overload system resources and saturate network bandwidth.

At the same time, known vulnerabilities continue to increase in number and severity. Between July 1 and December 31, 2004, for example, Symantec documented 1,403 new vulnerabilities. That's an increase of 13% over the 1,237 vulnerabilities disclosed in the first six months of 2004. Moreover, during the second half of 2004 nearly 97% of all reported vulnerabilities were rated as "moderate" or "high" severity, which could result in the complete or partial compromise of a system. In addition, over 70% of all the vulnerabilities reported during this period were easy to exploit. This means that no exploit code was needed or that exploit code was readily available, making the compromise of systems relatively easy. Compounding this problem was that nearly 80% of all the documented vulnerabilities in this reporting period were remotely exploitable, which can increase the number of possible attackers.

Needless to say, this volatile threat landscape takes on even more significance when business impacts are considered. Potential losses associated with successful attacks may include the loss of money, computer resources, and information. However, less obvious long-term problems can also result. These include loss of potential sales, negative brand impact, loss of competitive advantage, and loss of goodwill.

Clearly, protecting an enterprise's critical information assets is a strategic business issue as well as a technical one, and organizations need to approach this challenge with the right combination of technologies, people, and processes.

Securing the enterprise at every point

Safeguarding the enterprise means applying protection to every network tier, from the Internet gateway to individual clients and everywhere in between.