Cisco/IronPort: amateur security threats are a thing of the past
December 6, 2007
Cisco and IronPort's latest security report identifies that security incidents are getting worse.
According to chairman and CEO John Chambers, you cannot predict when and where spam attacks will happen, therefore "you'll have to understand the how". To do that will require the type of integrated protection and security management solutions that are starting to evolve from the remaining pure-play security companies.
The Cisco and IronPort trends report identifies that "amateur hour is over". The overall movement in malware shows that a larger number of more targeted, stealthy, and sophisticated attacks are evolving. During 2007, spam volumes increased 100% to more than 120 billion messages daily. To quote IronPort, that represents about 20 spam messages per day for every person on the planet. Spam has evolved to become more targeted and dangerous this year, and according to the company, 83% of spam contained a potentially dangerous URL link.
The future drift is towards the blending of different malware techniques, the so-called "self-defending bot network" has arrived, Storm Trojan is said to be one of the most sophisticated botnets ever observed, and IronPort believes that the level of quality and technical sophistication shows that the latest set of threats are being developed by professional engineers. Viruses no longer make headlines, but the writers have not gone away; they have evolved their techniques to deliver more sophisticated attack models.
The key findings from IronPort for 2008 were, unsurprisingly, that spam volumes will grow without limit; the use of blended attack techniques will continue; and malware will remain the "silent killer". Therefore, what the business community now needs is a better prepared, more integrated security industry; an industry that uses the skills of its leading solutions providers within an infrastructure that rewards consistency, quality, and innovation. Integrated protection and innovation is what will drive the sector forward. Malware may continue to be the "silent killer" of enterprise systems, but in the past it has been a lack of forethought and post-acquisition lethargy that has been the silent killer of many good quality security companies.
