RipTech provides security monitoring and remediation services, so it is in the company's interest that people are worried about security issues; fear makes for good business. But given that the company has intrusion detection software installed at customer sites, it is also in a good position to collect data about attempted intrusions. Which is exactly what the company did in order to come up with the Riptech Internet Security Threat Report.
For six months, Riptech collected data from more than 300 of its customers in 25 countries. From the more than 5.5 billion firewall log entries and IDS alerts it collected in that time, the company investigated 128,678 cyber attacks on behalf of its clients. The data in its report is based on those 128,678 attacks. The fact that it is based on actual attack data makes Riptech's report a different animal from others that are based on user surveys, such as annual Computer Security Institute/FBI study.
Among Riptech's findings:
Size Doesn't Matter
There are many other interesting tidbits in the report, including some that are rather puzzling. Companies with more than 500 employees were attacked at least 50% more often than those with fewer than 500 employees. But after that threshold, size doesn't seem to matter much; the attack rate remains about the same for companies in the 500 to 999-employee category as it does for those with 1,000 to 4,999 and 5,000 or more employees.
Another more frightening finding is that Riptech says it detected "several thousand" different types of attack. Of the top 10 types of attack, the top five targeted known vulnerabilities in Microsoft IIS, all exploited by Code Red and/or Nimda. (This was one category where Riptech included data relative to those attacks.)
What the company finds to be of greater concern is the increase in attacks on public services like the Web or remote access services, including FTP and SSH, which is a secure alternative to Telent. SSH scans increased by 341% during the six-month test period. Riptech expects such services will continue to be prime targets because they may be accessible even where firewalls offer protection against more common vulnerabilities.
For a copy of the full report, go to: http://www.riptech.com/securityresources/form9.html. You'll have to be willing to give Riptech your contact information, however.