Unknown Attacks: A Clear and Growing Danger

White Paper
Missing Link Security Services Unknown Attacks:Mark Bouchard, Founder A clear and growing dangerSponsored by: Secure Computing Corporation
AbstractUnknown attacks are quickly becoming the next great information security challenge for today's organizations. As the window of time between the disclosure of a new vulnerability and the emergence of unique threats that operate against it continues to diminish, so does the effectiveness of many conventional countermeasures, including patch management. This paper explores the details of this growing danger and subsequently provides an evaluation of the various technologies available to counter the risk it introduces.
Table of contentsEstablishing a common language .........................................................................................2 Vulnerability ..................................................................................................................2 Exploit ...........................................................................................................................2 Threat ...........................................................................................................................2 Countermeasure/safeguard/control ...............................................................................2 Attack and unknown attack ...........................................................................................3 Negative-model countermeasures .................................................................................3 Positive-model countermeasures ...................................................................................3Unknown attacks: The ugly details ........................................................................................3 Trend #1- Building threats is getting easier and quicker .................................................3 Trend #2- Threats are spreading across networks more quickly ......................................3 Trend #3- Threats are getting more elusive ....................................................................4Conquering unknown attacks ...............................................................................................5 Negative-model countermeasures .................................................................................5 Positive-model countermeasures ...................................................................................6Conclusion ...........................................................................................................................7Footnotes .............................................................................................................................7About the author ..................................................................................................................7
© January 2006 Missing Link Security Services, LLC. All rights reserved.Unknown attacks: a clear and growing dangerUnknown attacks are quickly becoming the next great information security challenge for today's organizations. As the window of time between the disclosure of a new vulnerability and the emergence of unique threats that operate against it continues to diminish, so does the effectiveness of many conventional countermeasures, including patch management. This paper explores the details of this growing danger and subsequently provides an evaluation of the various technologies available to counter the risk it introduces.
Establishing a common languageA seemingly insigni?cant yet all-too-common obstacle for organizations trying to achieve an effective information security solution is the inconsistent usage of related terminology. For example, what is the difference between a threat, an exploit, and an attack? Thus, the following clari?cations and de?nitions are provided to help alleviate any confusion, at least for the duration of this discussion.
Vulnerability This is a ?aw/weakness in the code of any program (e.g., application, operating system) that presents an opportunity to force the program or its underlying system to conduct unintended, often malicious, operations. For example, the familiar Zotob worm from August 2005 exploited a buffer over?ow vulnerability in the Microsoft operating system's Plug-and-Play service that enables a remote attacker to gain complete control of 1the affected system. Note: A vulnerability could also be... [download for more]