|
Channel can help in protecting end users against zero-day
attacks
21 November, 2004
by Mark Riehl
The day in which a worm attacks organizations that has no
immediate fix and can leave them vulnerable for days could
happen as soon as next year. Stuart McClure, senior vice president
of risk management and product development at Foundstone,
a new division of McAfee, has been touring North America this
month making McAfee customers and channel partners aware that
zero-day attacks can soon be reality.
Back in early October, McAfee completed its acquisition of
Foundstone, Inc. In 1999, McClure laid claim to authoring
the best selling computer security book ever sold with "Hacking
Exposed: Network Security Secrets and Solutions." His
latest book is the fourth edition of Hacking Exposed.
"By and large what we see in the industry is just an
ever greater sophistication of hacker attacks," McClure
said. "We have these worms that are going to a zero-day
event, which means there is going to be a worm coming out
probably within the next year that has no fix for it."
Up until today every worm that has came out has a fix because
many of them are vulnerability-based, leaving a way to mitigate
and fix them.
McClure said that the vulnerability-to-worm cycle has gone
from 280 days back in 1999, all the way down to 10 days today.
"It's clear that the zero-day worm is going to happen,"
he said. "What resellers and VARs can do is provide value-added
services to help mitigate the risk on an ongoing basis."
Channel partners can find opportunities today by performing
firewall reviews of their customer's security and networking
boxes, and perform health checks and risk mitigations checks
of their systems.
"That is not going to make their customers a 100 per
cent secure -- nothing is, but at least they get a head start
on mitigating the biggest risks out there, and then hopefully
it will take a very sophisticated zero-day worm to really
impact them."
Technologies like intrusion prevention software on the network
or host side will also help prevent those types of attacks.
Other future threats to look out for according to McClure
are the concept of multi-vector, multi-platform worms that
are very complex and take advantage of different operating
systems.
"All of those things are making for a challenging future
ahead. I am a big believer that security is a process and
it's not a finish line that you can go and run across,"
he said. "It's all in an effort to understand that security
is at the heart of everything you do and if you don't understand
it or take it seriously, it will hurt you eventually."
When it comes to a zero-day attack becoming a reality, McClure
said it may take some time or even days to figure out what
type of worm it is, and what type of vulnerabilities are being
taken advantage of. Once that occurs and the vulnerable software
is identified then the vulnerability in the software will
basically need to be rediscovered to be fixed.
"So you are looking at a huge exposure window potentially
where you could not fix anything," he said. "Ramifications
of a zero-day worm could be devastating. It just depends on
the worm."
|
