Changing Threat Landscape And Increased Risk To The Web 2.0 Enabled Enterprise

WatchGuard Technologies, a provider of secure appliances and unified threat management (UTM) solutions, warns that the changing nature and scale of security threats will pose more strenuous challenges for security administrators as they embrace the Web 2.0 world.

Research over the last three years by WatchGuard's Rapid Response team has tracked attack patterns and identified five key threats: DNS system attacks, virus and malware, buggy web applications, hacking for profit, and the end users themselves.

"The increase in the range and sophistication of threats, combined with more complex architectures and the move to Web 2.0, will make the job of securing enterprise networks more difficult than ever before," says Steve Fallin, director of WatchGuard's Rapid Response team.

"Other factors putting organizations at more risk include increased levels of remote access, continued poor user behaviour and the shift from hobby hackers to organized crime."

According to WatchGuard's survey, many of today's attacks are targeted and done for profit, such as the sale of personal information or blackmail. The focus of web based attacks has also shifted to applications running on the web server and the data systems that back them up by exploiting flaws in website design.

On the desktop, relatively harmless virus infections have now morphed into a devil's brew of sophisticated viruses, spyware, root kits and botnets. At the same time, attacks such as phishing and drive-by downloads target the most vulnerable portion of the network infrastructure - its users - with surprising levels of success.

"The last few years have seen a considerable change in the nature of security challenges faced by the internet enabled enterprise," says Fallin. "As we are now on the verge of widespread adoption of Web 2.0, with its promise of the collaborative enterprise, it is vital to adapt enterprise security to address the threats posed by a Web 2.0 world."

WatchGuard's Rapid Response team is responsible for monitoring threats on the Internet, assessing the nature and severity of the threat and rapidly delivering threat defences to all WatchGuard UTM appliances on a 24x7 basis. Notes for editors: the need for a more comprehensive security solution:

Increasingly complex architectures As we expect our networks to do more for us than ever, they are growing more complex and becoming an increasing management burden. This is reflected by the growing number of network 'discovery' tools. The security impact of this trend is straightforward - what is not seen is not managed and what is not managed can't be kept secure and operational over time.

Excessive User rights Most administrators give end users local administrator rights on their machines to cut down on support calls. But it also means that an attacker may inherit administrator rights and gain a more useful platform to launch further attacks against other network resources. Administrators should weigh carefully whether this risk is worth the inconvenience of the added support burden.

Phishing Attacks More sophisticated forms of this type of attack are targeting organizations or individuals with schemes that seek network access credentials and confidential corporate communications. All users must be reminded that if it sounds too good to be true, it probably is - so don't click on it.

Malware Targeted at end users and typically exploiting unpatched software such as browsers or email clients, malware is the new 'virus' threat. Today's malware uses the web to lay traps and email to draw victims to the site where they are susceptible to all manner of dangerous code. The secure network must manage these threats in a holistic manner, including user education and perimeter security to protect the end users from themselves.

Users With most end users having excessive permissions on their computers they are prime targets. For them, security as an impediment to getting their jobs done and they are seldom as knowledgeable as they need to be when it comes to being safe on the internet. These factors create a major risk and organizations must reach out to educate their end users in critical network security skills.

Ubiquity of AV/ file decompression software

For the past two years, a dedicated group of researchers has released a steady stream of security advisories pointing to specific flaws in how popular anti-virus software handles compressed data. With over 90% of organizations running AV software with a high level of security permissions, any vulnerability leads to attackers with administrator access. Perimeter security solutions must provide defence in depth to counter this threat, protecting the AV systems from harmful file types.

New application servers New application servers such as those supporting VoIP and collaboration applications are now found in data centres which, in most cases, have been optimized for mature, stable applications such as web and email servers. This means that future security solutions must support these business requirements and shelter the servers from abuse.

New web applications While web servers in general are quite stable and secure, the web sites that run on them are another matter. If not designed properly and securely, the web site can be used as a platform to attack the data behind it leading to information disclosure and online fraud.

Attacks against DNS servers The global DNS system is the 'phone book' that makes the internet possible, translating names into numbers. With DNS, we trust that when we type the address of a web site into a browser, that we will end up at that right web site. But attackers are increasingly probing this system for weakness and attack techniques such as fast flux and pharming exploit this trust placed in the DNS system to deliver malware or harvest personal information from trusting users.