July 13, 2024

Deploying New Tools to Stop the Hackers

Trying to secure a computer network is much like trying to secure a building — the challenge is trying to screen out real threats without impeding the normal traffic that needs to go in and out.

And as the recent hacking attacks against Citigroup, RSA Security and Lockheed Martin show, even sophisticated security systems can be breached.

“We’re seeing an inflection point where the attackers are extremely smart, and they are using completely new techniques,” said Nir Zuk, the chief technology officer at Palo Alto Networks, a firewall company based in Santa Clara, Calif. “Every piece of content that you receive can attack you.”

Historically, the first line of computer defense, the firewall, is like the guard desk at a building. It scrutinizes the traffic going in and out of the system, looking for obviously suspicious characters.

Virtually every company also has antivirus software, which typically keeps an eye out for anything on a “black list” of well-known malware and prevents it from entering the computer system or causing havoc once inside. A more rare type of security grants access only to programs on a “white list” of safe software— the equivalent of allowing employees with ID cards to come and go as they please but preventing anyone else from entering.

But as hackers unleash ever-sneakier attacks, big corporations and government agencies are scrambling to deploy new tools and procedures to deal with all the delicate gray areas in between — the cool-looking new smartphone app, the funny Facebook link, the unknown foreign Web site. The flood of malicious software is also prompting renewed debate over how to balance access and protection.

“Right now, if an application is not known, we let it run,” said Peter Firstbrook, an analyst at Gartner, a research firm, referring to the prevailing view in most companies. “That’s the wrong thing to do.”

Companies like Symantec, the giant Internet security firm, are introducing services that assess the “reputation” of software, weighing factors like how old it is and how widely it is used to decide if it is safe. Other vendors are selling enhanced firewalls and products that can sniff out impersonators by detecting unusual file-usage patterns.

Nearly everyone agrees that a mix of defenses is vital, and that even so, some hackers will still slip through. Experts also say that the proliferation of smartphones, the growing workplace use of Facebook and other social media tools, and the shift toward storing more data in a computing cloud are providing new avenues for attackers.

Symantec’s chief executive, Enrique Salem, acknowledged at a conference in February that traditional antivirus scans “long ago failed to keep up.” As points of entry into corporate and government networks “proliferate on this seemingly insane trajectory,” he added, “so do the threats they attract.”

The growth in malicious software has been staggering, as criminal organizations seek to ferret out credit card numbers and other ways to make money and hackers in China and Russia are believed to be seeking national security secrets.

Last year, Symantec discovered 286 million new and unique threats from malicious software, or about nine per second, up from 240 million in 2009. The company said that the amount of harmful software in the world passed the amount of beneficial software in 2007, and as many as one of every 10 downloads from the Web includes harmful programs.

Unlike past blitzes of spam with clunky sales pitches, today’s attacks often rely on a familiar face and are extremely difficult to stop. In a practice known as spear phishing, hackers send e-mails that seem to come from co-workers or friends and include attachments that can release malware to steal passwords and other sensitive data. In other cases, malware can be activated when a Web link is clicked.

Article source: http://feeds.nytimes.com/click.phdo?i=818a48414feb6ce9fda7d7b2c74cb550

Speak Your Mind