An Opportunity for Hackers
Hackers constantly uncover and exploit network vulnerabilities. To keep ahead of the threats, security software vendors regularly release version upgrades that include new defenses against attacks. Many organizations, however, install these upgrades only once per year, and some won't upgrade for several years. Even in the best case scenario, where an organization immediately upgrades to new security software versions as soon as they become available, months can go by between installed upgrades. This lag between the availability and installation, and the new protections that the upgrades offer, is precisely what hackers exploit.
Don't Limit Ongoing Updates to Anti-Virus
Most people understand the concept of ongoing updates when dealing with antivirus; all anti-virus users get real-time updates on an ongoing basis. However, when it comes to network and web security, most organizations are just beginning to understand the importance of ongoing updates. Many network and web attacks don't take the form of viruses. Rather, the attacks exploit protocol and application vulnerabilities. As a simple example, consider the vulnerabilities that are listed in Microsoft's monthly Security Bulletin. Exploits against most of these vulnerabilities will take the form of worms, and targeted protocol and application attacks. While most security software provides various degrees of protection for such exploits -- the actual "degree" depends on the security acumen of the vendor -- organizations usually must install the latest vendor upgrade to obtain any degree of protection against recent threats. For instance, to add new protection for a protocol that was not previously supported would normally require a product upgrade. The big question that arises is: "What happens between upgrades?"
Protection Between Upgrades
Anti-virus vendors provide ongoing virus signature updates. IPS vendors provide ongoing protocol anomaly signatures. Few network and web security vendors, however, offer analogous defense updates for new protocols, applications and defense techniques. An ideal solution should provide ongoing updates not only to existing protocol and application defenses, but also dynamically add completely new defenses and defense techniques. If a completely new type of vulnerability is discovered, or a previously uncommon protocol becomes popular, new defenses should be dynamically added to the security product's arsenal - without requiring a complete product upgrade.
Don't Forget Remote Access
Remote access security is an area that often gets overlooked, but since remote access opens holes in network defenses, such traffic should be subject to the latest available protections just like other network and web traffic. SSL VPNs in particular are worth mentioning because, until recently, most organizations focused only on the connectivity aspects of the technology. However, security issues relating to SSL VPNs have been a major factor preventing many SSL VPN pilots from expanding into full production environments. Enterprises today require a means to balance the need to deliver the ubiquitous nature of SSL VPN remote access while addressing the need to keep data secure (see Check Point Connectra, the Web Security Gateway). A good example of a security threat facing SSL VPNs is discussed in a related article, Spyware: The Growing Menace. While core defenses against spyware are provided by some security gateways, new spyware programs and techniques are constantly being created by hackers. In many ways, the explosion of spyware is similar to the explosion of viruses in previous years, and as such spyware defenses require ongoing updates just like anti-virus applications.
To obtain the highest level of defense, organizations should not rely on the next upgrade of their core security product. A service that delivers real-time, ongoing, and dynamic defense updates is necessary. Learn more about how to actively protect your organization with Check Point SmartDefense Services.
©2011 Check Point Software Technologies Ltd. All rights reserved.