Category: Trends

They are simply different ways of performing the same job, either using a small software “agent” or polling from a central location to collect data on the target system. Here we focus on five, which fall into the categories of accuracy, scalability, bandwidth, speed and coverage.

Some IT professionals believe that being a resident on the client or server enables agent-based systems to collect more information, and ensures they won’t miss machines that are turned off. It’s what you do with that data that matters. And while it’s true that an agentless architecture cannot poll a machine that’s turned off, it’s also true that end users can — and do — disable software-based agents.

Additionally, if a user attaches a rogue machine to the network, it won’t have an agent and may not be found unless the company has another means of detecting such machines. Even an agent-based system still needs to evaluate data that the agent collects, which means that data must flow over the network at some point — so it does need a certain amount of bandwidth. But even though some older agentless systems did consume significant bandwidth because they had to read entire copies of files across the network to check versions, more advanced agentless systems have overcome this shortcoming and now consume only moderate amounts of bandwidth.

In an agent-based scenario, if all agents are reporting in at once, you should ask whether that server can keep up. And in practice, it’s not likely that the scanning tool will be the gating factor in how quickly you can get a patch out — it’s how quickly the third-party vendor makes the patch available.

http://www.it-observer.com/articles/1288/the_truth_about_patching/

Parasites — viruses that modify existing files on a disk — are also making a comeback, McAfee Avert Labs says. While this approach was popular in the early days of viruses, parasitic infectors currently make up less than 10 percent of all malware, McAfee Avert Labs says.

While the new attack vectors are worth watching, attackers will increase their exploits using well-known methods also, according to the researchers. Password-stealing Websites, which mimic the login pages of popular Websites such as eBay, will continue to be a popular mode of attack in 2007, Marcus says.

http://www.darkreading.com/document.asp?doc_id=111707&WT.svl=news2_4

46 per cent of IT managers have increased spending on security compared to only four per cent who have decreased their level of security spend.”

“IT security has become a higher priority over the last few years, with a greater proportion of the overall IT budget being spent on security equipment and services,” said Ed Daugavietis, senior research analyst with Info-Tech Research Group.

Companies spending less than five per cent of their IT budget on security might want to ask themselves hard questions about how they would recover from disaster or how well they are protecting their networks from intrusions, he concluded.

http://www.sda-india.com/sda_india/psecom,id,22,site_layout,sdaindia,news,13533,p,0.html

According to Gartner analyst Avivah Litan, this is happening because scammers are identifying higher-income targets, moving their phishing sites more frequently and switching up the types of business they try to impersonate.

Victims click on links they receive in the body of e-mails — and, increasingly, in instant messages — from sites purporting to be legitimate businesses like financial institutions, e-commerce and auction sites.

Approximately 109 million U.S. adults have received phishing e-mail attacks, up from 57 million in 2004, according to Gartner. Total loses from phishing attacks have risen to $2.8 billion in 2006, twice the amount lost in 2004.

According to the survey, conducted by Gartner analysts in August of this year, adults earning more than $100,000 per year are attacked more often than those making less.

According to Litan, cyber criminals have done a better job of identifying high-income individuals. They sell each other credit card numbers in online chat rooms, and can identify credit cards with higher spending limits by the first six digits on the card.

http://www.internetnews.com/stats/article.php/3642971

Most of the “blocking and tackling” that was needed to handle network threats has, to a large extent, already been accomplished via technologies such as firewalls and intrusion-detection and -prevention systems, said Mark Burnett, director of IT security and compliance at Gaylord Entertainment Co. in Nashville. “We are layering technology controls to make sure we can identify where the information is passing across our network” and protect it. The overall driving force behind our [security] program is reputation management. Any one incident could ruin all that work.”

Also driving the focus are regulations that Gaylord is required to comply with, such as the Sarbanes-Oxley Act and the Payment Card Industry (PCI) data security standard, which is mandated by the major credit card companies, he said. Ann Garrett, the chief information security officer at the North Carolina state office of information technology in Raleigh, said that a new state law governing the use of personally identifiable information has elevated the need for security controls at the data level.

High-profile breaches such as the one at the Department of Veterans Affairs earlier this year have resulted in an intense scrutiny of data security practices government-wide said Patrick Howard, chief information security officer, at the U.S. Department of Housing and Urban Development.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9004914

The head of Symantec’s Asia-Pacific business, Bill Robbins, explained in an interview that the changing threat means businesses will not only have to spend more time and energy on making sure that data is secure, but also on recording which users are accessing and manipulating information stored in corporate databases.

Midsize companies should sit up and take notice because hackers aren’t choosing their targets by brand name, Robbins said.

Symantec’s warnings come at a time when fear of online crime is increasing and law enforcement agencies around the world are taking the issue more seriously.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004741&source=NLT_AM&nlid=1