Modernizing Authentication — What It Takes to Transform Secure Access
You might just call it the Windows factor. The more widespread the technology, the higher-value target it becomes to crackers, hackers and attackers.
But network and personal computing safety go beyond the operating system you're running. Even Linux and Macs have seen their share of security issues. Maybe your databases aren't up to code in order to thwart a SQL injection attack (define) that could bypass your firewall.
Maybe the folks using free IM clients are not aware that they just got a message with a link containing malicious code. Do they know not to click on it? And how about the proliferating endpoints hitting the network beyond the laptops?https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iThe issues will always be with us in the wooly Web as long as there are folks bent on breaking into your system or who happen to think it's worth getting the digital equivalent of peeking over your e-mail.
With all the concerns swirling around IT staffs each day, herewith, in no certain order, are a few of the top trends in network and computing security.
Endpoint Security: Can We Just Agree?
It's important, yes. But are you using it in the same way as your colleagues? Research suggests otherwise.
As internetnews.com has reported, firms such as IDC define endpoint security as centrally managed client security and liken it to a 21st century digitized watchdog protecting users.
Ask the folks at Check Point, and they'll likely tell you "endpoint security" means centrally managed personal firewall-based security.
One thing they do agree upon: Enterprises need to be a lot more picky about their network access protocols and figuring out just who those endpoints are.
But that's not all. Research firm IDC's January survey of enterprise security issues noted that intellectual property siphoning and corporate espionage, as well as attempts to steal personal and company information, are increasingly hitting on business networks.
Phishing begets spear-phishing
While phishing attacks are still a growth industry, spear-phishing attacks are the breakout trend, according to IDC's survey of enterprise security.
Spear-phishing means just what it suggests: a targeted approach to fool a specific end-user into turning over sensitive data that could enable the identity theft.
"Trusted employees deliberately or inadvertently distributing sensitive information are quickly becoming a major concern in many organizations," IDC said, dubbing the concern outbound content compliance (OCC).
Makers of smartcards and two-factor authentication tokens are selling their wares with a pitch that they can cut that problem down.
Even the Security Center features in Microsoft's next Windows Vista release are rounding up security needs.
For example, with one click, end users can check security status across all levels of the operating system and applications -- from Outlook to the IE browser.
Smartcards are also moving into more widespread use in order to make sure the endpoints are who they say they are.
Neal Creighton, CEO of GeoTrust, said recent industry mandates and government regulations, such as Sarbanes-Oxley data retention rules, are driving more organizations to begin deploying smartcards and tokens, as well as adding new audit features to keep track of who has access to what.
But for now, ask folks such as Kelly Dowell, executive director of CUISPA, the Credit Union Information Security Professionals Association, and John Brozycki, CISSP, Hudson Valley Federal Credit Union whether spear-phishing attacks are mere hype. Their staff were targeted by select phishing scams.
The banking executives brought on security firm Cyveillance to help track down the attacks and even take down phony Web sites that were just waiting for the bamboozled banking executives to turn over their information.
Old UTMs still around
On the network level, we're seeing enterprises take a closer look at Unified Threat Management (UMT) appliances that deliver firewall, intrusion detection, packet sniffing and policy enforcement among endpoints gain traction in the marketplace.