Companies told: Guard against new IT security threats or lose millions
A failure by companies to adequately defend against IT security threats can cost them millions. And a failure to recognise that these threats are evolving, and the importance of continually upgrading to ensure appropriate security measures are in place, can cost them even more. Viruses, worms and hacking are no longer the only threats that must be tackled.
"Threats are evolving. We still worry about viruses, but spyware and Trojans are also concerns, and a more mobile workforce also means that corporate PCs are exposed to direct hacking," states a new report released by Forrester Research entitled: "The Forrester Wave: Client Security Suites, Q3 2006",
It says that viruses are becoming less common and "have been replaced by much more targeted attacks that seek financial gain or competitive intelligence. Furthermore, the risk of noncompliance, both regulatory and corporate, is becoming too severe to ignore. The risk of not protecting confidential information opens a company up to mandatory disclosure laws, which in turn can sufficiently harm its reputation and thus sales." This is particularly important in the Middle East as corporate governance steps up a notch and companies must place greater emphasis on transparency.
As it stands, an ideal security package would bring together antivirus, antispyware, personal firewalls and host intrusion prevention systems in one integrated suite. And even though these systems have advanced they still "lag behind the current threats posed by PCs", said Forrester.
Client security suites provide protection against malicious code, hackers and unauthorised network access which, according to Forrester, "go after the threat of yesterday". They include many of the following: antivirus, antispyware and personal firewall. Forrester explains these as follows:
Antivirus software is generally a signature-based tool that protects machines against viruses. And as new viruses are found, antivirus vendors create signatures, a form of digital fingerprint, to detect and remove specific viruses.
Antispyware software defends against a code that "spies" on the user to obtain passwords and other sensitive information like corporate data. Like antivirus, antispyware defence is primarily signature-based and sometimes behaviour based. As new spyware is found, additional signatures are created to identify this malware.
A personal firewall is client software that controls network connections to and from a user's PC, permitting or denying these connections based on a security policy. It is designed to prevent unauthorised access both to and from the machine. It can prevent hackers from taking control of a user's computer through inbound port blocking and can prevent worms and other malicious code from spreading by using outboard port blocking.
Host Intrusion Prevention System (HIPS) is a behaviour-based technology that monitors traffic in and out of the PC and notifies administrators when it suspects suspicious activity by blocking traffic over a suspicious port or blocking a suspicious programme from running.
Network Access Control (NAC) is a mix of hardware and software technologies that dynamically control client systems' access to networks based on their compliance with policy.
To protect against the latest security risks, and for companies to comply with the rules of a much tougher operating environment, Forrester predicts that client security systems will evolve to include patch management to prevent malicious code; encryption, to ensure information is protected on every machine; and information leak prevention (ILP) software. This can identify confidential data and monitor its use.
To aid companies in identifying the most appropriate client security suite, Forrester evaluated and positioned eight vendors and their offerings. The companies are: McAfee, Symantec, Sophos, Trend Micro, Panda Software, Kaspersky Lab, F-secure and CA.
According to the report, McAfee received top scores for its current offering, strategy, administration and management. On a scale of zero to five (strong) McAfee earned a five for its host Intrusion Detection System.
Reproduced from an article published by menafn.com
© menafn.com
The original article can be viewed here:
http://www.menafn.com/qn_news_story_s.asp?StoryId=1093129565
Permalink Bookmark Digg this story
