Present day solutions rely on prior knowledge as an indicator of future tactics and mandate a CSO to deploy more patches, fatter inoculation files, and further add to the depth of rules that are outdated before even written. It is a sacrificial approach, providing a band aid like fix in a global business environment that is quickly running out of patience and resources.
Are Patches and Inoculations the only solutions?
The solution set a CSO has to work with, their virtual holster of cyber bullets, is perhaps the clearest indicator of the problem. Patches, inoculations, and rules are all means of reacting to new threats? The existence of these approaches and their inability to extinguish the problem is the most ringing indictment. No one illustrates the conundrum of patches better than industry stalwarts like Microsoft®. In 2003 company executive Steve Ballmer stated,
“We have been putting out our patches on a very unpredictable schedule. We will now go to monthly patches -- no more than monthly. If we don’t need monthly, we won’t have them. But no more than once a month, except for emergency patches which will be made available essentially immediately.”2
Even Microsoft was unable to see the future - infamous ‘Patch Tuesday’ and the flurry of fixes it would encompass. Since 1998, Microsoft has delivered 478 patches of varying magnitude, not including all of the fixes included in service packs. In fairness, many of the flaws companies fight to close and expose are not all on the shoulders of the operating systems vendors. In Microsoft’s defense, the NIST3 vulnerability database lists over 4500 issues, of which only 159 are attributed to Microsoft. The astute security professional will note that leaves well over 4300 vulnerabilities to deal with. Those inclined to panic will note these vulnerabilities are only those that are known.
Inoculation files have grown to such bloated sizes, many exceeding 2MB, that several leading anti-virus vendors are stopping support for their traditional distribution media and grandfathering virus definitions written only months earlier. Many make mention of the toll on network bandwidth produced by the distribution of inoculation updates and their efforts to reduce distribution sizes. But at what cost to security?
Dr. Johannes Ullrich, chief technology officer at the SANS Internet Storm Center recently stated;
“Two years ago, 80 percent of what we had seen were well-known issues, and now only 30 percent of attacks fall into well-known patterns. The rest are very different kinds of attacks. None of these attacks are getting much attention so they stay at a pretty low level and can continue to penetrate systems unrecognized.”4
This begs a potentially overwhelming question; how effective will inoculations be moving forward? If the best defense a company can muster is the constant application of patches and the ever-present scanning of terabytes of information for miniscule, potentially unknown viral footprints, how can a CSO expect to turn the tide?
Page 2 of 4 :: First | Last ::  Prev | 1 2 3 4 | Next 
|
