Better SafeThan Sorry 

In January 2003, the SQLSlammer worm brought down the Internet world in just 10 minutes. It was no ordinary attack. The virus affected thousands of computer networks around the globe and resulted in losses of undisclosed billions of dollars. Then, there were also losses in productive man-hours eaten up by the related clean up time. The more recent SobigF virus took down computer systems in 15% of the large companies and 30% of small companies worldwide. According to Computer Economics Inc., the losses due to SobigF have amounted to over $2 billion.

These are just a couple of instances that highlight the speed and virulence with which today’s security threats strike. Also, consider this: worms like SQLSlammer or SobigF are only two of the more than 200 new threats that appear on the horizon every month. There is always the traditional threat from viruses and then, there are some more. Worms like SQLSlammer, mass mailers, distributed denial of service attacks, backdoor Trojans and zombies constitute the brat pack, who’re a step ahead of viruses–they’re not only smarter but also faster.

And, in the future, when there will be a slew of newer devices–mainly wireless–used by the enterprises, the security challenge will be greater than ever before. Coupled with wireless-enabled PDAs, when these smart devices begin to carry more and valuable corporate data, networks will become an attractive target for trouble-mongers.

Be Proactive

To ward off any impending attack, enterprises need to be agile to minimize vulnerabilities. They have to be so to reduce the speed of an attack, its chances of success and their exposure. “Three key factors–blended threat attack mechanism, the rising speed of an attack, and the evolving network or device environment–create a ‘window of vulnerability’, or the period of time when an enterprise is susceptible to an attack and ensuing damage,” says Lee Boon Kuey, managing director, Southeast Asia and India region, Network Associates. This window has to be closed to ensure that all systems on the network are protected from a threat.

Strategize to secure

The recent virus attacks have shown that enterprises can in no way afford to leave virus protection strategies fragmented.

They have to ensure that virus detection tools are present at all levels of virus entry–gateway, server and the desktop. And enterprises need to work closely with virus protection suppliers and third parties to clearly define virus protection strategies.

As a threat protection strategy, a company can opt for virus assessment and client lockdown as the first step. In approaching enterprise security, the vulnerability of all machines on the network needs to be assessed by collecting essential data. This helps find devices, applications and operating systems most vulnerable to viruses. These can act as possible doorways for a potential attack. This will also help enterprises actively prevent blended threats rather than reacting to infections once they’ve taken place. “Companies are also looking at centralized and coordinated risk management, as it helps enterprises manage and contain explosive virus outbreak costs,” says Shams Islam, technical consultant, Trend Micro India. 

The next step is installing intrusion detection software and a desktop firewall as the first and second lines of defense, respectively. This will protect the desktop against malicious codes, hackers, distributed denial of service attacks and unauthorized applications. While a distributed intrusion detection/protection system can block common hacker attacks, stop Trojan horses and mitigate other threats, a distributed firewall provides robust packet filtering and application-level policy enforcement. A desktop firewall locks down desktops and servers well in advance of an attack.

One step up

It pays to be well prepared for an attack. But how does one achieve that? By anticipating new threats in advance and employing protection against spam. However, an enterprise would need its staff to work three shifts to trace such threats manually! Here is where good anti-virus software can do the trick. An efficient, an anti-virus solution should be able to update itself automatically, round the clock, from the supplier’s servers. It should be able to send out updates automatically to all machines in a company’s network within minutes after they are received. 

“Your software should be capable of advanced heuristic and generic detection. This will help minimize risk by delivering advance protection from over 40% of new, unknown threats,” says Kuey. Another method to brace up against an attack is by filtering e-mail to prevent spam. This is an absolute essential as malicious codes get transported mostly through e-mail.

React quickly when attacked 

Despite all preventive measures taken, what if a virus outbreak does occur? The first and foremost requirement is a fast and reactive response. At this point, a centrally managed defense should spring into action and ensure fast deployment of the latest DAT file across the enterprise. This policy management solution translates masses of data into business-actionable information. Also, it provides full visibility into the enterprise network and helps deploy updates across the network in no time.

Such a policy management platform should help correlate network events with business-actionable remedies. So that IT users–including remote users that are not connected to the corporate network–can manage blended threat security over the Internet.

Costly clean up

Desktops are the most expensive to completely clean up in case of a virus attack. And for companies with thousands of desktops, the cost can prove to be an extremely expensive proposition. In the case of one particular company, the total one time cost incurred on virus assessment and its remedy stood at around $3,000 and took an average of three full-time employees over three days to complete the task. On an average, an anti-virus solution for an organization with 100 machines can cost anywhere between Rs 1 lakh and Rs 2 lakh a year. 

On the other hand, enterprises can save on such costs by preparing and deploying a full-fledged security strategy. Though this too calls for an investment of a fixed amount each year, it can save enterprises the trouble of incurring unknown and variable costs each time an attack takes place, and realize sizeable return on the investments they make.

According to Niraj Kaushik, country sales manager, Trend Micro, “The return on investment (RoI) calculated from data captured from a diverse set of industries ranges from 19% to 67%. The payback period ranges from six to 10 months.”

 However, RoI is a function of many factors like downtime, damage assessment and clean up time and costs. Therefore, companies with fewer mission-critical operations face less expensive repercussions from virus infections, while higher RoIs result from companies with more mission-critical operations.

An accurate and updated scan for viruses cuts down on the resources needed for damage assessment and clean up.

Therefore, an enterprise that has a proactive approach to security not only keeps virus threats at bay but also makes huge savings, both in monetary productivity terms.

NEETU KATYAL in New Delhi