Intel Software Adrenaline

Next-Generation Network Security

Issue link:

Contents of this Issue


Page 1 of 4

I n enterprise network security, the only constant is change. That may sound cliché, but it's accurate on many different levels. In the 1990s, most attackers were teenagers and college students looking to take down or deface corporate websites. Or they were hackers creating malware to harvest credit card information. Those criminal types are still around—and increasing—while new breeds of attackers are emerging to expand the threats that enterprises, government agencies, and other organizations have to fend off. "Organized crime has taken on hacking," said Nat Smith, senior product marketing manager at McAfee. "There is evidence that some of the viruses and attacks that have occurred throughout the world have been sponsored by actual countries." The newcomers have different motivations and techniques, which create additional complexity. They're not interested in mischief or creating an alias for themselves. Instead, they're slipping quietly into a network to set up bots that stay under the radar for days, weeks, or months until their mission of destruction is accomplished. This development undermines the effectiveness of traditional strategies such as using a list of signatures to screen traffic for threats. Ten years ago, all of the bad guys were known, so a signature list was effective. Today, the threats are advanced, persistent, and stealthy: things that can evade detection. Security is not so much about preventing bad guys from putting graffiti on your website, but it's about your data being taken or watched. The new breed of threats are typically highly targeted, such as on a government agency or a specific financial institution. Each attack is customized, which further undermines the 2 I nte l ® Sof t w are Adren al ine effectiveness of signature-centric security. Corporate and nation-state espionage is becoming a major, emerging threat. The days of feeling safe with up-to-date signatures are gone. Security operators need to look beyond that approach. McAfee isn't alone in warning organizations about the risks of overreliance on signature-centric protection. "The sophistication of attacks increases to a level where traditional signature-only solutions no longer provide adequate protection," Gartner1 cited in a recent report. Additionally, the new threats add to the workload for IT staff and other people in the security trenches. In fact, the deluge of alerts and other information from intrusion prevention systems (IPS) makes it increasingly difficult for staff to keep up—and easier for attacks to slip through unnoticed. All of these emerging challenges add up to the need for next-generation IPS. As Gartner2 recently described the situation, "Targeted malware can often bypass existing protection technologies, and the resulting data breaches are not detected until a long time has passed and significant data exfiltration has occurred." BUILDING A NEXT-GENERATION INTRUSION PROTECTION SYSTEM (IPS) To enable enterprises, governments, and other organizations to counter the new breed of attacks, McAfee and Intel collaborated to produce a next-generation IPS appliance. McAfee Network Security Verizon 2012 Breach Investigations Report, Gartner 2012 2 Gartner, December 2012 1

Articles in this issue

view archives of Intel Software Adrenaline - Next-Generation Network Security