| |
 | | http://www.securitymanager.net/magazine/news_h10411_skybox_security_introduces_breakthrough_worm.html |
Skybox(R) Security, Inc., provider of Security Risk Management (SRM), unveiled the company's Worm Defense Management (WDM) initiative and introduced a new worm attack simulation feature for its latest version of software, Skybox(R) View 2.0. With the availability of worm simulation Skybox View becomes the first enterprise software platform to deliver continuous and proactive defense against destructive and difficult to isolate worms for large enterprises. Under a separate announcement Skybox introduced the availability of a new compliance risk management capability that dramatically lowers the risk of being out of regulatory compliance due to control and infrastructure weaknesses. With these significant additions to the highly acclaimed software, Skybox View version 2.0 sets a new standard for risk assessment, threat analysis and vulnerability remediation planning by bridging the analytics gap and driving IT security to a "pre-attack" defense posture.
"Today there is no way to know if your network is worm-resilient," said Gidi Cohen, CEO and founder of Skybox Security. "And because of the epidemic way in which worms spread, it is impossible and impractical to patch everything just to prevent one worm attack. A smarter, more proactive approach is needed," Cohen concluded.
Worm Defense Challenge
Worms are the number one IT security threat and considered the most difficult to defend against. A worm is a self-replicating piece of code that rapidly propagates itself over an entire network infrastructure by exploiting known vulnerabilities or weaknesses in controls. A zero-day worm exploits a vulnerability not yet published. Even well managed change and patch management systems have worm defense limitations because:
* Worms can arrive before a patch becomes available and applicable
* Patching everything is not an economic or safe alternative for most enterprises
* The time between the appearance of a new vulnerability to its exploitation by a worm is rapidly decreasing from months to days, and in some cases, hours (zero-day worm)
Added to these issues is the trend toward more vicious cybercrime worms. John Pescatore, Security Research Fellow for Gartner, writes, "While the majority of worm attacks were once strictly vandalism, Gartner believes that the recent waves are more tied into cybercrime -- that is, hacking for financial gain," (Mount A Solid Defense Against Worms and Viruses, September 2004). Since enterprises have little time to react, coupled with the speed of propagation and the malicious behavior of worms, a successful attack can result in significant damage to network services, applications and regulated assets and ultimately financial loss. In order to achieve the undeniable goal of not falling victim to a worm attack, organizations must take a proactive and more preventative approach to worm defense. Concludes Gartner, "Enterprises can get better at patching, but they can never move as fast as attackers," (Mount A Solid Defense Against Worms and Viruses, September 2004).
According to Pete Lindstrom, CISSP and research director for Spire Security, LLC, "Worms are not going away anytime soon, yet we are jury-rigging our networks with point products that address specific parts of the problem. Skybox takes a strategic approach by helping enterprises understand how the characteristics of their networks impact the behavior patterns of worms so they can design a way to address vulnerabilities."
Worm Defense Management (WDM) Initiative
As part of a new Worm Defense Management (WDM) initiative, Skybox believes that enterprises should embark upon a proactive, disciplined and pre-attack worm defense approach based upon five fundamental tenets:
1. Worm defense is not just technology -- but a methodology. Early warning, network resilience assessment, isolation planning, prevention and recovery procedures are keys to success.
2. Plan for peace -- prepare for war. Enhance the network infrastructure resilience for existing and future worms while balancing between tight controls and supporting the needs of the business.
3. Proactive -- not reactive. A regular and proactive worm defense management process of which the goal should be reducing the worm exposure window and maintaining worm-resilient network infrastructures rather than relying solely on perimeter and reactive defense technologies.
4. Continuous effort. One time planning is not enough due to constant network change, publication of new vulnerabilities, and the emergence of new worm-based threats.
5. Integrated -- not separate. Worm defense management should be an integral part of existing security risk management program.
The introduction of a worm attack simulation, and worm risk analysis, represents the first in a series of Worm Defense Management initiatives that Skybox plans to introduce during 2005.
Skybox View 2.0 Worm Attack Simulation Benefits
Skybox View 2.0 worm attack simulation feature empowers security professionals to simulate, understand and predict potential worm exposures due to infrastructure vulnerabilities before an attack. Skybox View maintains a comprehensive worm dictionary, simulates potential attack paths and propagation behavior of worms and displays the most effective mitigation alternatives. By leveraging unique network modeling, access analysis, attack simulation and "what if" prediction, organizations can justify which remediation alternatives make the most sense in terms of resources and worm prevention or containment effectiveness.
By simulating the propagation behavior of worms, Skybox View 2.0 helps enterprises understand which vulnerabilities or controls could be exploited and guides them on how to cost-effectively mitigate these weaknesses with the highest ROI. Because this automated process can be regularly conducted, the network infrastructure becomes more worm-resilient, effectively reducing the magnitude and scope of potential damage. With Skybox View enterprises can adopt a best practice of proactive worm defense management:
* Integrate worm defense into the risk assessment and management process
* Uncover the specific vulnerabilities that are being exploited by worms
* Predict worm propagation, simulate attack behavior and calculate business impact before exploitation
* Understand the most cost effective remediation steps to justify efforts (ROI)
* Maintain worm resiliency across the network infrastructure proactively
* Measure and report the overall effectiveness of worm defense controls
* Increase visibility of future worm impact across the entire organization
Price and Availability
Skybox View 2.0 is immediately available. Skybox View pricing starts at $50,000 and increases based on size of network.
14.12.2004, Skybox(R) Security, Inc.
| |
| |
| |
© 1999-2009 | |
| |
