Article

Malicious code takes a toll, but not for vigilant security managers

Melissa Marcum, Contributing Writer

With the overabundance of various computer viruses and worms slithering relentlessly all over the Internet, 2003 alone saw nearly 80% of businesses disrupted even if they used antivirus protection software, according to the Yankee Group.

It's a daunting task for security managers to constantly keep up with their network's vulnerabilities, bringing up the question: How do you best protect a network without spending a ridiculous amount money or allocating an unrealistic amount of time to do so?

The answer might be easier than you think. According to the Dynamic Best Practices in Vulnerability Management report commissioned by the Boston-based technology research firm, security managers need to incorporate four simple best practices when securing their networks from vulnerabilities.

They include: classifying network assets by their value to business; integrating the most current vulnerability management solutions, measuring a network on a 30-day cycle and charting the security team's performance so the end result is risk reduction; and auditing critical assets every five to 10 days to identify vulnerabilities and protect against exploits.

"Security landscapes are constantly being exploited and businesses must now take a proactive approach by performing regular security audits to their networks or risk losing critical information," said Eric Ogren, a senior analyst at the Yankee Group.

The Yankee Group report is based on findings

    Requires Free Membership to View

from the Laws of Vulnerabilities, a document about external network vulnerabilities authored by Qualys Inc., a provider of security audit and vulnerability management services.

Gerhard Eschelbeck, chief technology officer at Qualys, collected data from more than three million IP scans across thousands of business enterprises networks around the world.

"In conducting this research, I found more than 2,000 different vulnerabilities on the Internet and realized that even vulnerabilities that are patched, can still resurface, due in part to application upgrades," stated Eschelbeck.

Qualys plans a follow-up on this report and also will conduct research into studying internal network vulnerabilities; both reports are due out this summer.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: