Discovery

Protecting your enterprise from the latest security vulnerabilities requires continued vigilance and ongoing awareness. Knowledge has become a key factor in the defense against the latest threats. The time that an organization has to respond to threats in today's environment has shrunk dramatically from that of a decade ago. The time between the identification and disclosure of a new security vulnerability and when it manifests itself in an attack has been reduced to days. Attackers have become increasingly proficient at developing new exploit code, and in turn incorporating that code into both worms and bots. In addition, the growing knowledge base that attackers have to work with continues to grow, and the increasing number of attackers further serves to drive this trend.

Today's threats move at lightning speed, and will only continue to grow faster. Recent worms have saturated our networks, not as a result of a coordinated attack, but simply as a result of their propensity to spread.

In addition, the sheer number of new security vulnerabilities found on a weekly basis is sufficient to overwhelm even a well-resourced incident response capability. As a result, organizations today extend substantial resources in an effort to search for, track, validate, and research security information.

The first challenge in the vulnerability management process is the act of gathering, processing, and prioritizing this vulnerability information itself. Given the assortment of vulnerability sources, this is no small task. There are a variety of sources from which information on new security vulnerabilities originate. These can be broken down into freely available sources and commercial sources.

Free Vulnerability Sources

Free sources of vulnerability information existed long before commercial security intelligence services became available. The first such example of this was the BugTraq mailing list. Created in the early 1990s, BugTraq was the Internet's first forum for the discussion of security vulnerabilities. From its charter: "BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them."

While this charter may sound alarming ( especially the "how to exploit them") part, it is important to note that the concept of full disclosure has been debated now for well over a decade. There are arguments both for and against disclosure of vulnerability details. Proponents of full disclosure argue that it is the only sure way for organizations to test the security of their networks and to motivate vendors into issuing a patch. Opponents argue that the additional risk to which systems are exposed as a result is unnecessary and irresponsible.

The BugTraq mailing list has over 50,000 members who contribute and discuss software vulnerabilities. In order to subscribe to this free forum, readers can send an e-mail message to bugtraq-subscribe@securityfocus.com. The contents of the subject or message body do not matter. You will receive a confirmation request message that you will have to reply to.

As an industry we have now learned to live with responsible full disclosurethat is, the disclosure of vulnerability details after the nine-step vulnerability lifecycle has been followed. Researchers and vendors have learned to work together, which was certainly not the case a decade ago. Outright publication of vulnerability details without doing so is frowned upon and results in backlash towards the researchers. While security professionals at one time argued for the full disclosure of vulnerability details, threats such as Slammer, CodeRed, and Blaster have changed this perspective dramatically.

In addition to BugTraq and other mailing lists, hundreds of vendor web sites exist where individual software (and hardware) vendors announce new security and non-security- related updates.

Security Intelligence Services

In order to manage the influx of public information sources, a new industry was born to provide reliable and consolidated security intelligence. A variety of commercially available services have become available in order to provide organizations with timely and up-to-date information on the latest security vulnerabilities. These services, for an annual subscription fee, can serve as an extension of your own internal incident response capability. They provide a number of benefits:

  • Prioritization One of the biggest benefits of for-pay intelligence services is that they can provide you with the information required to prioritize the deployment of patches within your organization. With the volume of vulnerabilities disclosed on a daily basis, it is critical for organizations to weigh the risks between them.

  • Single Source An intelligence service offers a single validated source of vulnerability information. Rather than expending resources on culling through dozens of external sources, those resources can be better applied to solving the core problem of resolving the vulnerabilities themselves .

  • Alerts They offer around-the-clock alerting using a number of delivery technologies including e-mail, phone, fax, short message service (SMS), and pager. In addition, alerts can be delivered to different destinations based on their urgency and the technologies that they impact.

  • Customization Intelligence services offer customization, allowing administrators to receive only those issues that are pertinent to them.

Commercial intelligence services are an attractive alternative to free sources and provide a cost-effective approach to outsourcing this capability. As they continue to evolve , they also seek to tie their content directly into technologies located within the enterprise to provide a real-time assessment of an organization's posture based on the latest threats.



Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net