Bug Watch: Integration is the key

This week, Lucy Bunker from Symantec looks at the aftermath of the not very hard hitting MyParty virus, which played pass the parcel with a trick up its sleeve.

Another week, another virus. There was nothing special about MyParty. It was different to many in the fact that it used a .com file extension to confuse users into launching the attachment but, in terms of the impact on business, it was simply a nuisance.

Indeed, it was the kind of nuisance which IT managers should be able to respond to in an automated manner without disrupting their networks or work schedules.

There is a need to help IT managers respond appropriately to virus threats. MyParty deserved no special attention, but not all viruses are so simple.

It is generally agreed by the security industry that the real threat to businesses in the coming year will be the rise of the blended threat. The virus/worm/Trojan combination, which exploits a vulnerability and is difficult to detect, is the real issue for IT managers across the UK.

Enterprises recognise the need for a multi-tier, multi-depth approach to network security. They realise that antivirus or firewalls or intrusion detection software cannot be viewed in isolation within their security infrastructure, but must integrate and provide meaningful information against their stated security policy.

Increasingly, IT is being questioned at the board level where alignments to business objectives, strategy and return on investment are the key measurements.

How long would it take you to analyse and collate a dozen reports of different formats into a meaningful explanation of the security of your company's network? Integrated security solutions become necessary for management, protection and reporting standards.

Enterprises are therefore calling for solutions which will not only provide protection but satisfy the needs of the business. Functionality has always been the driver of security solutions but, increasingly, functionality includes reporting capabilities and integration with management consoles and other solutions across the organisation.

It has been long recognised that it is easier to prevent someone from entering your house than dealing with them once they are there. And so it is with IT infrastructure.

It is a much more effective strategy to prevent malicious threats from entering your network in the first place, than trying to detect and remove them once they have arrived.

Reducing the amount of unauthorised data on a network is becoming key to many organisations. However, putting a variety of security solutions at the gateway raises its own concerns. Gateway servers need to have a low performance impact, allowing data to enter without delay, but still be secure.

There is a need for multi-tier protection that would require a number of applications to be added. So you decide that protecting your gateway is key to your strategy, but applying up to five applications could have a negative impact on the speed of your pipelines.

If you are asking several separate applications to open each packet for antivirus, content filtering, intrusion detection, authorisation and verification then that will slow the performance somewhat.

The answer lies in integrated or converging solutions. This has already been demonstrated with the convergence of firewall and virtual private network solutions, and of antivirus and content filtering solutions, so why not with the whole range of security applications?

Choosing a variety of solutions from a variety of vendors gives you multiple supplier contracts, multiple technical support services, and various different reporting tools and analyses. Multiply this over a large organisation, and you'll soon find that you've created a monster which requires additional resources to manage.

Now that virus and worm threats use hacking exploits, intrusion detection systems are key in preventing virus infection. In the future there will be a requirement for knowledge sharing, and therefore the need for antivirus and intrusion detection solutions to work together.

As intrusion detection systems are designed to detect hackers, and as virus and worm threats use hacking exploits, we are likely to see antivirus defence solutions evolve not only to scan files, but to perform similar operations as intrusion detection does - for example watching ports, real-time network traffic, and system changes from the registry to scanning memory.

The evolution of the blended threat is driving the need for a blended response. Increasingly, enterprise companies are making clear their need for integrated internet security approaches which have minimal management overheads and offer maximum protection.