McAfee executive outlines risk and protection factors ORGANISATIONS should have a clear understanding of their environments to be in a position to formulate an effective IT security strategy, which should include a focus on what is important to the business, according to McAfee senior security analyst Greg Day.

Speaking at McAfee`s Live Attack Roadshow in Johannesburg last week, Day commented that enterprises should also have an understanding of today`s attackers, as well as their motives and methods, and how these could impact the business. Furthermore, he said, organisations should build on existing security strategies and integrate them with existing technologies to better leverage current investments.

Family jewels

"We all have security protection in place. Our security investments are driven by new threats or perceived threats, new technology, new security solutions, new business requirements and regulatory compliance," Day stated. He added that a priority-based approach to risk management should be adopted.

Organisations should focus their strategies on important assets, and automate the risk management process to effectively streamline and create efficiencies, while creating baseline metrics and continuously measuring improvements against policy.

"The risk-ranking of assets prioritises threat response, so that the most important hosts are protected first," Day stated.

In terms of lifecycle threat management, organisations need to establish intelligence alerts on critical breaking threat events, such as worms and exploits, which work faster than a check, and show a threat`s impact immediately without running another scan.

Getting worse

Currently, threats are on the increase, and almost 150 000 different types of malware had been identified by September this year, he said. These include boot sector viruses, DOS viruses, Win32 viruses, macro viruses and Trojans.

Recent trends have indicated that static malware (which does not spread automatically, but has to be executed against a system) is currently more prevalent than traditional viruses, Day noted. He added that the amount of malware in the "medium and above" threat levels category has doubled every year between 2002 and 2004, prompting McAfee to provide daily updates for its products.

The majority of attackers, Day said, still use e-mail as a means to spread malware, and this trend is expected to continue, but browser attacks are likely to become as prevalent in the near future. Attacks on Linux are currently also on the rise, while the incidence of script virus attacks are currently high and expected to continue.

Meanwhile, Day reported, mobile and wireless threats are also on the increase, with PDAs and other mobile devices becoming a portable threat to corporate networks, as USB drives and wireless drives are emerging as the "floppy disk" of the new millennium. While still low in prevalence, Day said "promiscuous" networking will help spread mobile viruses through the 802.11 protocol, as well as Bluetooth.

He pointed out that phishing attacks, which rely on users` desire to "do the right thing", such as submit requested banking information to seemingly legitimate sites, are also expected to continue.

But no proactiveness

This means that anti-virus updating has become a continuous process for businesses, but this is still, in most instances, done reactively. Day warned that more infections are occurring even though anti-virus solutions are used.

"Attacks are having indirect impact on businesses, and organisations need to protect against the method, as well as the attacks."