I came across this article in infosecisland.com on Securing PCs posted by Michelle Drolet who is the founder and CEO of Towerwall. In the post, she noted several interesting vulnerability facts that most businesses need to be aware of. Right off the top, I found these to be shocking:
- SecureList and Kaspersky Labs researchers agree that the average PC has at least 12 vulnerabilities at any given time
- Across all industries and platforms, the Window of Exploit (WOE) that is, the time lag between announced discovery and the availability of a patch for web-based vulnerabilities is a whopping 233 days, according to WhiteHat Security.
- Conficker and its infection of millions of unpatched systems since 2008. Three years after Microsoft issued a patch against the flaw, the worm is still looked upon as the most commonly encountered piece of malicious software, representing 15% of all infection attempts (as seen by Sophos customers) in the last six months
What are the chances that the above is impacting your IT department? What additional proactive security steps is your CSO taking toward detecting malware? It is important to consider these questions. The article went on to state:
“You are never totally secure. There is never a point when you can say the infrastructure is secure and walk away.” The TechNet post asks, can you be 100% secure? and gives the following reasons:
- Because people are involved.
- Because users make mistakes.
- Because administrators also make mistakes.
- Because systems don’t always get updated when they should.
- Because software itself is never completely secure.
This is a fundamental concept that needs to be understood. There are too many variables and too many dependencies. The take-away lesson here is this: a false sense of security can be your worst enemy.
What can companies do? Patrick Sweeney (VP, SonicWALL) provided several good ideas in this post on Securing BYOD Environments that also apply to traditional desktops and remote access. It is definitely worth comparing to your own security measures.
What else can be done? Monitor internal traffic patterns using NetFlow. Flow technology is excellent for network traffic analysis because it doesn’t rely on signatures rather it looks for odd communication patterns.
Threat detection solutions also known as Network Behavior Analysis systems like the one above are one of the best ways to detect if internal hosts are communicating with known Botnets or Command and Control (C&C) servers. By sending NetFlow and IPFIX from the Internet facing routers to a NetFlow collector that can compare all flows to the host reputation database, internal machines talking with known compromised Internet hosts can be identified.