Converged Threats, Integrated Defences
Symantec Hosted Services takes a look at converged threats and what organisations can do to protect themselves from the latest Internet security problems
Historically, malware attacked using a single Internet protocol. Either they spread by email; they attacked specific ports or known software vulnerabilities; they infected Web sites or they were embedded in seemingly innocent-looking files. This meant that organisations could erect point defences in the firewall, mail server and on end users' PCs and be confident that they could stop the different types of attacks.
The problem today is that malware-writers have a strong financial incentive. As a result, malware has become more sophisticated. Like real-world viruses, malware spreads and mutates rapidly. The most insidious attacks use multiple protocols - for example:
- An email contains a link to an infected Web site that installs a virus
- Spam messages install a tiny precursor virus that bootstraps the full payload over the internet
- Botnets use instant messaging (IM) to send links to malicious Web sites
- Hacked accounts on social networking sites send trusted (but actually malicious) messages containing malicious links
This presents a new and growing danger to organisations - malware that can bypass traditional point defences. To protect against these so-called 'converged threats', organisations need security that spans different protocols. As malware authors are so prolific, organisations also need protection that learns and adapts quickly to new threats.
POINT DEFENCES AREN'T ENOUGH
Attacks are much more common than people think. Symantec Hosted Services asked 143 IT Managers if their organisation or (to spare their blushes) another organisation they knew well had suffered a malware attack. Nearly half (47%) said 'yes'. HM Government research found that 72% of large organisations had suffered a security incident in the preceding year.
Imagine a typical organisation's IT security set-up - they have desktop anti virus, a corporate firewall, regular updates plus signature-based anti virus protection for their email server and a spam-filtering appliance. It looks like an IT Manager has ticked all the boxes. Not so.
This configuration has some drawbacks - multiple servers per site, laborious updates/management and multiple vendors to manage with varying levels of support. The biggest problem, however, is that it isn't secure.
CONVERGED THREATS
Paul Wood, Senior Analyst at MessageLabs explains that the malware threat has evolved. For example, Web-hosted viruses are getting smarter. "They can tell what browser you're using and try to target exploits in browser plugins," he says. "For attacks via email or instant messaging, the problem starts with a small 'dropper' that receives instructions to install something bigger and more dangerous. Since the bad guys get paid for each installation, they are highly motivated."
Traditional IT security struggles to cope with these new threats. Email scanners have to also check Web sites to make sure that links aren't malicious. Spoofed messages from friends might bypass unsophisticated spam filters. Most organisations don't scan instant messaging at all.
From an IT perspective, it is very difficult to join up all the different scanners, filters and firewalls into a comprehensive, integrated defence. They have different control panels, different reports and different levels of support. Worse, they don't talk to each other or share threat information.
UNDER ATTACK
Not only is malware becoming more sophisticated, it is also becoming more common. In 2009 MessageLabs Intelligence revealed that:
- 2,465 new sites with malware are created every day. Four out of five of these sites were legitimate sites that had been hijacked
- It takes, on average, 138 days for legitimate Web site owners to remove malware from an infected site
- One email in 286 contains some kind of malware. Of these, 15% contain a malicious link
- Spam is more than a nuisance. 90.6% of it contains a Web site link, many of which are disguised. This makes it hard for conventional anti-spam filters to identify unwanted or malicious messages
- One instant message in 405 contains a hyperlink of some kind. One in 80 of those points to a malicious Web site. Since 90% of organisations use instant messaging, this exposes millions of users to malware infection
- The vast majority of security breaches involve organised crime targeting corporate information
The MessageLabs Survey of IT Managers showed that they recognised these dangers. Despite existing protection, they were anxious about IT security threats:
| Security Threat | Percentage who were seriously concerned |
| Malware attack via email, Web or IM | 51% |
| Targeted Trojans that bypass scanners | 57% |
| Employees wasting time online | 55% |
| Corporate data theft or loss | 59% |
Many IT Managers felt that these threats were "a big concern and we struggle to stay ahead of the threats." Perhaps this is not surprising since many organisations lacked even basic protection.
INTEGRATED DEFENCES
This is where MessageLabs Hosted Services come in. It’s an integrated suite that combines email security, email management with Web and IM protection. All-round defences like this have significant benefits.
MessageLabs Hosted Services work seamlessly across different types of Internet communications. They keep email, Web browsing and IM virus free, reduce the risk of data loss and enforce your acceptable use policies. As they are multi-protocol, MessageLabs services can share threat intelligence in real time. For example, they detect just under one in twenty (4.5%) of malicious Web sites because of a link embedded in an email.
They use the same multi-layered protection for email, Web and IM. It includes multiple scanning engines and the MessageLabs proprietary Skeptic technology. This provides a final line of defence using heuristics to detect new and insidious threats that other scanners may miss. Securing more than 6.4 billion email connections and one billion Web requests every day for organisations all over the world illustrates they are likely to see emerging threats sooner.
These services don't require lots of expensive capital equipment on your premises. Maintenance, continuity, disaster recovery and updates are all taken care of. Their approach makes it easy for them to support multiple offices and remote users. It also means that Internet criminals can’t download their software and use it to test their malware. It's an integrated solution from a single supplier which gives you easier management, a single management console, better reporting and economies of scale.
Only MessageLabs Hosted Services offer integrated hosted gateway security products that include email, Web and IM security.
* First virus and virus timeline: http://en.wikipedia.org/wiki/Timeline_of_notable_computer_viruses_and_worms
FIND OUT MORE
If you would like more detail on the content included in this article, download your free white paper today at www.phoenixs.co.uk/converged-threats.aspx
For further information on the Symantec Hosted Services available from Phoenix Software, please contact your Phoenix Account Manager on 0845 265 1265 or email info@phoenixs.co.uk