Several security software firms recently released their reports on evolving security threats.
While traditional malware is not retracting, all reports agree that the mobile platform, as well as a cloud environment, provide a growing attack surface which needs to be taken seriously by organizations. Users themselves appear to be learning and understanding potential threats, but additional education will be necessary.
IBM Security's X-Force Trend and Risk report (which can be acquired after registration free of charge here), paints a rather worrisome picture of vulnerabilities for the first half of 2012. While there are positive trends such as a decline in vulnerabilities affecting office software as such as PDF related products, and while enterprise software from the ten largest software companies monitored by IBM accounted for only 22 percent of all disclosed vulnerabilities and has received a 94 percent patch rate, IBM said that the industry has been slipping overall. In H1, 47 percent of vulnerabilities disclosed remained without a patch.
It appears that especially small web apps are affected and IBM believes that most of those issues will be unpatched for the lifetime of the products.
The most significant traditional threats for enterprises in H1 remained SQL injection attacks, the SQL Slammer worm, PsExec access, directory traversal attacks, as well as cross site scripting attacks (XSS), which now represent 51 percent of all web application attacks. A total of 4,400 new vulnerabilities were detected in the first half of the year.
IBM expects to see about 9,000 for all of 2012. McAfee echoes in its latest Q2 Threats Report the significance of SQL injection attacks (even if it sees remote procedure calls as the top network threat today), and noted that most attacks originate in the U.S. and target places in the U.S as well.
A key remedy and defense for organizations to keep web application attacks at bay is the use of sandboxed software, which, in modern web browsers, can alleviate the threat of Flash or PDF attacks and allow secure viewing of Microsoft Office documents. There have been examples of sandbox exploits themselves, but there is no denying that this technology is one of the key security opportunities for enterprises, even if the development of custom sandboxes can be pricey.
Wolfgang GruenerWolfgang Gruener is a contributor to Tom's IT Pro. He is currently principal analyst at Ndicio Research, a market analysis firm that focuses on cloud computing and disruptive technologies, and maintains the conceivablytech.com blog. An 18-year veteran in IT journalism and market research, he previously published TG Daily and was managing editor of Tom's Hardware news, which he grew from a link collection in the early 2000s into one of the most comprehensive and trusted technology news sources.
See here for all of Wolfgang's Tom's IT Pro articles.