Invisible software microbes that silently enter computer networks and serve as ruthless digital moles for outside agents, also known as "active Internet content," now pose a greater threat to enterprises than viruses, according to a new report.
In its "Active eIRM: New Realities for Managing Electronic Infrastructure Security" report, Aberdeen Groupsays many enterprise networks, most consumer PCs and almost all ISPs are now infected with active Internet content containing malicious software exploits that can surreptitiously capture e-mail handles, passwords and keystrokes; silently enable hidden network services and ports, from PCs through firewalls; and redirect outbound data to offshore sites by spoofing DNS addresses, among other things.
Signs of active harmful Internet content infections include incoming e-mail with the user's e-mail address; unauthorized and uninvited instant messaging (IM) and peer-to-peer (P2P) protocols; degraded throughput and excessive disk drive chatter; unauthorized outbound connections to routers; Web site defacements; Trojan horses embedded in IT maintenance software; and automated redirection of network IP destinations, among others.
Unlike traditional viruses, active Internet content is generally not detectable using traditional pattern matching security technologies, which do not look for active content or can not keep up with the content's rapid rate of change. In addition, such content has been delivered by a wide variety of means, including e-mail spam bombs, on Web sites and in simple text-based e-mail, the research firm said.
This active Internet content is being used for electronic reconnaissance, electronic probing, spamming, electronic theft, cybercrime, cyberterrorism, electronic identity theft and financial loss, Aberdeen said.
In the past year, Aberdeen said many IT managers have begun to alter their plans and shift their focus to defend against harmful Internet content as well as leaks and assaults in and on the enterprise network. They're also looking more closely at business risk occurring from the misuse and abuse of e-mail and Web servers.
What's the answer to this problem? The report says the automation of security processes is a step in the right direction, especially for IT buyers who are perpetually overloaded and underfunded. Active electronic infrastructure management (Active eIRM) security, as it is called, promises more accurate measurement and management of risk when applied to the IT infrastructure, Aberdeen said.
"The age of harmful active Internet content means that a dynamically moving electronic Maginot line must now be deployed to mitigate new risks," said Jim Hurley, vice president and managing director for Aberdeen Group. "Active eIRM is well placed to assist IT in combating the new era of software exploits."
Hurley also authored this report, which was prepared to coincide with the release of the Federal Government's National Strategy to Secure Cyberspace (related story).
Boston-based Aberdeen Group is an IT market analysis and positioning services firm that helps Information Technology vendors establish leadership in emerging markets.