Botnet invasion at 2,500 companies underscores need for comprehensive managed security approach

Posted February 18, 2010, 10:23 am by

Image of

The broadly reported disclosure today that nearly 2,500 companies have been victimized by carefully planned botnet attacks should come as no surprise if you're following this type of threat (http://bit.ly/dj7U2v).  The ZeuS spyware is widely available to hackers and can escape detection by many standard antivirus programs.

 

What is surprising is the number of companies that haven't adopted a more comprehensive and multi-layered approach to information security.  Too many companies believe that desktop antivirus programs alone are sufficient to protect against the growing scope of threats.  They aren't.  The same can be said about basic firewall protection.  Companies need to ensure that all incoming and outgoing traffic to the Internet is inspected for suspicious patterns and signatures.  The ever expanding use of peer-to-peer applications has greatly increased risks from botnets and other forms of malware.

 

Now more than ever, companies of all sizes should take the following actions:  1) ensure that network vulnerability assessments are completed at least quarterly, 2) conduct a formal review of security and firewall policies at least twice per year, 3) implement multi-factor authentication for remote access users, 4) ensure that endpoint security policies include the capability to inspect non-company owned PCs as this is a common vulnerability.

 

Most companies find that implementing these actions are easier said than done.  Demands on IT resources coupled with flat or reduced IT budgets are significant hurdles to improving security.  Now more than ever, companies should consider partnering with an experienced managed security provider.   That may sound a bit self serving as I work for a managed security company, but it's good advice.  Managed security companies provide the necessary technology and perhaps more importantly, the broad based security management expertise needed in today's threat landscape.  We're no longer in the "set it and forget it" era of security.  Policies, technology and practices need to be constantly be revisited and adapted as threat vectors change.   If you haven't yet researched the advantages of managed security versus 100% do-it-yourslef, make it a 1Q10 goal to at least complete this level of assessment. 

 

Learn more about ANXeBusiness security services

 

 

 

 

 

 

 
Filed under: Security Threats
Edited February 2, 2014 by
Listed in Communities:


You must be logged in to post comments.