With the rate that variants of viri, trojans, and other attacks are coming out (approx 50,000 per day) signature based AV tools just can't keep up without bogging down the systems on your corporate network. So what are the AV companies doing to deal with this?
The leading AV companies are making a shift to where only a small subset of signatures are downloaded to your PC/network. The bulk of the testing happens "in the cloud" where the AV companies use cloud-based technologies to identify threats and note sites/exploits that need to be blocked and send that info to your AV clients.
The philosophy behind this is that there are basically two types of attacks; social engineering (downloads, phishing, etc) & computer attacks (exploit involved - identifies & exploits a vulnerability pre-existing in your computer).The theory is that they only need to worry about protecting against the vulnerabilities, if they are effectively dynamically blacklisting the social engineering risks via their cloud-based work.
#2 Increased Use of Application Whitelisting
The concept of whitelisting is that you block everything except a concise list of sites, addresses, or ports you wish to allow access to. This technology is being led by companies like Bit9 who have been working in this area for some time. Not a good technology for home users or large organisations to use for desktops because of the nightmare in keeping the list up-to-date, but this is a great tool for appliance-like technologies - ATMs, or any other purpose-driven technology. It is also worthy of consideration for use on servers.
#3 Enhancements in Firewall Rule Optimisation
More and more IT Managers are finding that they are struggling to keep pace with the rate of change they must apply to their firewall rules. This process also leads to omissions and redundancies in the firewall rules and ACLs. Firewall vendors and third parties have been releasing tools like Skybox's Firewall Compliance Auditor that bridge simply optimising your rules for increased efficiency and now start ensuring that they meet compliance rules .
#4 Increased Social Engineering via Social Media
Social Media sites like Facebook, LinkedIn, and others are continuing to become rampant hunting grounds for cyber-crooks, whether they are associated with organized crime or just script kiddies.
Creative cyber villains will continue finding new ways to exploit people that they'd consider high-value targets - this doesn't necessarily mean wealthy people; but instead it means a combination of the "low hanging fruit" - the people who seem to put a lot of information about themselves and their employers out on the Internet - and people who can be identified as working in organizations that are targeted for attack.
#5 Continual Evolution in Regulatory Compliance
Certainly not last but it rounds off this list as an important topic in computer security for 2010. Regulatory compliance continues to be a pressing topic for the leaders of our various organisations and therefore also for IT managers. As an IT manager, there are some key things that compliance should mean to us:
- audits & audit trails in place & working
- documentation showing current state of network & security (i.e.: configuration management)
- change management processes in place & operating
- clear understanding (& documentation) outlining key business risks how those risks are managed
For more in-depth analysis of these topics please contact itManageCast for a copy of the whitepaper titled "Top IT Security Trends for 2010."