Security industry faces attacks it cannot stop
Analysis: Today's security products not much help for advanced persistent threat attacks
IDG News Service - At the RSA Conference in San Francisco last week, security vendors pitched their next-generation of security products, promising to protect customers from security threats in the cloud and on mobile devices. But what went largely unsaid was that the industry has failed to protect paying customers from some of today's most pernicious threats.
The big news at the show had to do with the takedown of the Mairposa botnet -- a massive network of hacked computers that has infected half of the Fortune 100 companies. So-called advanced persistent threat (APT) attacks, such as the one that compromised Google systems in early December, were another hot topic.
Both Mariposa and the Google attacks illustrate the same thing, however. Despite billions of dollars in security spending, it's still surprisingly hard to keep corporate networks safe.
That's because for these advanced attacks to work, the bad guys need to find only one vulnerability to sneak their malicious software onto the target network. Once they get a foothold, they can break into other computers, steal data, and then move it offshore. The good guys have to be perfect -- or at least very quick about spotting intrusions -- to keep APT threats at bay.
Traditional security products are simply not much help against APT attacks, said Alex Stamos, a partner with Isec Partners, one of the companies investigating the APT attacks. "All of the victims we've worked with had perfectly installed antivirus," he said. "They all had intrusion detection systems and several had Web proxies scan content."
The problem is that the bad guys can buy this technology too, and test and re-test their attacks until they slip through. "Anybody can download and try every single antivirus engine against their malware before they ship it," Stamos said.
Emphasizing this point, antivirus testing company NSS Labs created a variation on the known Internet Explorer 6 attack, used in the Google incident, and tested it against seven popular antivirus products. NSS also tested the original attack code against the same antivirus products. The tests, conducted two weeks after the bug was made public, found that only McAfee's antivirus product stopped the new variant of the attack.
One company, AVG, didn't even stop the original attack, according to NSS. Eset, Kaspersky, Symantec, Sophos, AVG and Trend Micro all failed to block a variant of the Aurora exploit.
But AVG said in response that its products detect the Aurora attack. A spokesman said the results were due to flaws in NSS's testing methodology. However, the company does not dispute the claim that its product failed to detect variants of Aurora.
- Security execs express surprise over CISO's firing following RSA talk
- Security industry faces attacks it cannot stop
- Pennsylvania fires CISO over RSA talk
- Google attacks, Web 2.0 fuel FUD at RSA
- Analysis: Does the storm over cloud security mean opportunity?
- Microsoft's tax-for-hacks 'horrible' idea, say security experts
- FBI Director: Hackers have corrupted valuable data
- CISOs rain on cloud-computing parade at RSA
- FBI embeds cyber-investigators in Ukraine, Estonia
- Tweet this: Social network security is risky business
- 2014 Gartner Magic Quadrant Report For the 7th year in a row, Riverbed is in the "Leaders" Quadrant of the 2014 Magic Quadrant for WAN Optimization Controllers. In...
- Improving Business Value of WAN Optimization Want to achieve faster ROI with WAN optimization? Read the latest IDC report and discover how you can cut IT costs without compromising...
- IDC ROI Infographic Trends such as evolving communication patterns, connection types, applications and bandwidth can have an impact on enterprise organizations. Learn how IT organizations can...
- Riverbed Optimization System: Technical Overview View now>>
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Applications White Papers | Webcasts