Once upon a time, attacks on computers and networks were relatively simple. Our primary worry was viruses and their variants – worms, Trojans, rootkits. Their authors set out with malicious intent, to create software that can cause harm by shutting down a system or an entire network, destroying data and/or programs, or collect information and send it back to the attackers.
From the Melissa virus in 1999 to the Stuxnet worm that made headlines all over the world in 2010, whether originally intended as pranks or tools of mass electronic destruction, these malevolent programs have consequences ranging from mere annoyance to loss of millions of dollars and even loss of lives. Even so, protecting your computer from such threats was relatively simple.
Today’s world is a lot more complicated. Connectivity is ubiquitous. We still have plenty of the old style malware, but modern attackers are sophisticated and adept at taking advantage of the “accidental danger” posed by the inevitable vulnerabilities that creep in when multiple people are working on the thousands or millions of lines of code that make up complex applications, operating systems and even the security software designed to protect us.
The recent Heartbleed vulnerability was a prime example of this. The flaw came about due to an oversight – a mistake – in the way the open source code was written. Because of a missing bounds check, the SSL encryption didn’t work as it was supposed to, and millions of passwords and other data may have been exposed over a period of years. This isn’t just a failing of open source software, though. The Apple “goto fail” bug that was fixed in February – after several months of existence. A similar flaw was found in Linux in March, and of course Microsoft has its share of vulnerabilities, which you read about here every month on Patch Tuesday.
Many of these are labeled zero day vulnerabilities because they’re disclosed to the public before a patch exists to fix the flaw. Of course, even after patches are released, some machines remain vulnerable because they don’t get patched for whatever reason (incompatibility, fears that the patch will “break something,” or even mere laziness).
Because we’re battling malware on these two different fronts now, it makes sense that the one-size-fits-all solution of installing a good antivirus solution and keeping its definitions updated, as we did in the old days, is no longer enough. You need a two-pronged solution, one that can take both a reactive and a proactive approach. The reactive method applies to addressing threats of which we’re already aware, but in order to protect you from potential threats that we don’t know about yet, the proactive tactic is necessary.
Defense in depth is more important than ever. Exploits get in through many different channels. It’s vital that you block all their avenues of ingress, and that means you’ll need a wide range of solutions to create a safety net at multiple levels from the perimeter to the endpoints. The two most common ways for attackers to deliver their malicious code are through email (either in attachments or in HTML content within the messages themselves) and across the web (through “drive-by” downloads at malicious sites or injected into legitimate sites).
By cutting off these entry points, you can deny them the access they need to exploit any existing vulnerabilities. At the same time, it’s just as important to harden your systems so they won’t be vulnerable to any malware that does slip through.
If you haven’t already, it’s time to evaluate your security strategy and make sure your security vendor can meet this criteria. If not, your network may fall victim to these accidental – but deadly – dangers that 21st century attackers are all too ready and willing to exploit. GFI offers a wide range of products and cloud-based services from which organizations can pick and choose, customizing the overall solution to fit the organization’s individual needs. GFI WebMonitor and Email Essentials can block web- and email-based exploits, while GFI LanGuard and cloud security services monitor for suspicious activity, protect the end points and keep them updated against known threats. For more info, see the GFI website.