IBM's X-Force team delivers best-in-class security information for free
Security is no place for compromise. Faced with increasing pressure from a diverse range of security threats, organizations must respond with smarter, more proactive security solutions and strategies than ever before to address those threats as early, and as comprehensively, as possible.
That's why twice every year the IBM X-Force® research and development team releases a trend and risk report—a summary of the insights and discoveries made by this group of security specialists over the course of six months. Each report delivers valuable analysis of just how the security landscape is changing (and because security evolves rapidly, that implies quite a lot of change indeed). It also provides guidance on how organizations can respond in kind, and better protect their infrastructures and services against the complete range of threats, ranging from malware to attackers to criminal organizations to botnets.
This is extraordinarily valuable information. Many organizations today are increasingly focused on core competencies as a competitive strategy in a difficult economy; not all will have the internal resources or expertise to stay abreast of security while also pursuing their conventional business goals. Therefore, downloading and reading the Trend and Risk Report is a great way to keep current—a consultation with the best experts in the security field, and available for free.
The recently released 2010 Trend and Risk Report serves as a great example of that premise. It was informed by many sources—to begin with, the X-Force team's database of more than 54,000 security vulnerabilities, the world's largest, as well as a global Web crawler, international spam collectors, and, perhaps most impressively, the aggregate attack information derived from IBM Managed Security Services.
Every day IBM's nine global Security Operations Centers monitor the IT infrastructures of almost 4,000 clients in more than 130 countries. As you might imagine, this translates into a tremendous wealth of security information, which is constantly updated and analyzed for new patterns, developments, and discoveries.
How much information are we talking about? Try 150,000 security events per second—more than 13 billion per day. That data stockpile gives IBM an incredible real-time perspective on how security threats are evolving. It also suggests strategies that can help organizations minimize both the odds of a breach and the business consequences when a breach does occur.
Security threats are more sophisticated and diverse than ever
"More than 8,000 new vulnerabilities were documented by the X-Force team in 2010. That's a daunting statistic, but consider also that it represents a 27% increase over 2009 and you get a clear sense of how quickly security is evolving-and how seriously organizations need to take the threat."
2010 was a year of considerable change—one in which attacks became more intelligent, more sophisticated, more targeted, and in some cases, driven by a different motive. For example, so-called "hacktivism"—the concept of using hacks to express political beliefs or drive political change—was certainly on the rise. This is expected to continue to scale up as the Internet continues to play a central role in linking organizations, governments, systems, applications, services, and data.
Certain forms of malware, such as the Stuxnet worm, also demonstrate the rising intelligence of this class of threat, as well as the fluid way it can adapt to defensive measures and attack in new ways. The potential consequences for IT-driven production facilities—even entire power grids, which are increasingly coming online and monitored and managed via IP-based digital tools—can be considerable.
While browser-based weaknesses remain the dominant form of corporate attack, organizations should also be aware that new assets and service delivery platforms represent an increasing area of interest for attackers.
Mobile assets, for instance, are more popular than ever, giving workers access to key services anytime and anywhere, but they also imply new attack vectors, which in some cases are already being exploited. Cloud computing, similarly, has acquired increasing momentum as a resource-optimized way to render services inside and outside company walls. Yet for it to deliver on its full promise, the cloud will have to be as comprehensively secured as possible—a new challenge for many IT teams, given the way clouds rely on automation and virtualization at a deep level. New developments in networks and network protocols, such as the ongoing shift from IPv4 to IPv6, also involve security ramifications and require a change in security strategies.
Vulnerabilities and botnets are on the rise—and security patches are in short supply
In all, more than 8,000 new vulnerabilities were documented by the X-Force team in 2010. That's a daunting statistic, but consider also that it represents a 27% increase over 2009 and you get a clear sense of how quickly security is evolving—and how seriously organizations need to take the threat.
Almost half of the new vulnerabilities were due to Web applications, and of them, most involved cross-site scripting and SQL injection—tactics familiar to security specialists and variations of which have been in use for a decade. However, IBM believes that such threats are even more prevalent than the statistics suggest as a result of unreported vulnerabilities that exist in internally-developed software which—because that software is not sold to the public—go unreported.
Patches are often the first line of defense against newly discovered vulnerabilities, but unfortunately, IBM estimates that almost half—44%—of existing vulnerabilities still weren't patched by vendors as of the end of 2010.
New advanced persistent threats (APTs) emerged in 2010 as well. These are sophisticated, targeted attacks designed to exploit the weaknesses of a particular individual, group, organization, or infrastructure, rather than generic attacks aimed at mass audiences, which are more commonly associated with malware. One example: an escalation in "spear phishing," an attempt to collect information from a particular source. This approach is seen as reflecting a general trend in which cyber-criminals, typically motivated by profit, are increasingly focusing on the quality of their attacks rather than their quantity.
Botnets—automated groups of software agents deployed on many computers, often without knowledge of their owners—also continue to pose a considerable challenge to organizations of all kinds. Although the Waledac botnet was shut down, resulting in a substantial and measurable decline in command and control traffic designed to penetrate corporate security, the Zeus botnet family is more advanced and widespread than ever. At the present time, hundreds of instances of it exist on the Internet; these are often used to obtain sensitive banking information.
Spam, phishing, and the malicious Web
As the Internet continues to scale up as the world's primary conduit of digital traffic, it also represents a primary delivery platform for Web-based attacks of all types and levels of sophistication.
One way to gauge this trend: the number of anonymous proxies, popular among attackers because they obscure the attack's point of origin. IBM estimates that in the last three years, proxies have quintupled in number.
One tactic that can be used by organizations in reducing potential attacks is creating security policies, such as firewall rules, that take into account the country from which incoming e-mail, service requests, or packets originate. According to the 2010 Trend and Risk Report, the major players in spam origination are the United States, India, Brazil, Vietnam, and Russia. India was the leading nation for phishing e-mail attacks, at more than 15%; Russia was a distant second at 10%.
In the specific case of phishing e-mails aimed at financial institutions, three-quarters of them targeted US-based banks; the rest targeted banks in Europe.
IBM can be the trusted partner your organization needs to enhance security
As the 2010 Trend and Risk Report clearly demonstrates, it's more important than ever to create a security architecture that's secure by design—a proactive architecture in which end-to-end, intelligent security is incorporated at a deep level, rather than a reactive architecture that addresses only particular points or particular threats.
For many organizations, a trusted partner will be needed to help them navigate the complexities involved—and IBM is exceptionally well positioned to serve as that trusted partner. Thanks to more than 40 years of security development and innovation, IBM is the only company capable of serving as the single-source security provider for organizations of all sizes, in all industries around the world.
IBM offers a rich array of modular, integrated solutions—both hardware and software—as well as an extensive range of services, including consulting, assessment, implementation, monitoring, and many others. With IBM's help, organizations can first objectively determine their strengths and weaknesses, then develop a security architecture tailored for their needs in order to shield core services and data against the complete range of threats, both known and unknown, that apply to their particular contexts. IBM offerings can then be selected accordingly.
For instance, IBM recently released the industry's fastest and most comprehensive network security appliance, the IBM Security Network Intrusion Prevention System (IPS) GX 7800. This new appliance helps organizations protect their data and infrastructure from unauthorized access and attacks, without compromising on the performance and availability of business-critical applications. IBM Managed Security Services can monitor an organization's complete IT infrastructure, including endpoints, servers, and the general network—thus allowing that organization to focus instead primarily on its core strengths, clients, and customers. IBM Cloud Security Services allow clients to lock down key services via a hosted subscription model—thus reducing a wide range of operational costs while also mitigating a wide range of security risks. In the specific case of Web applications, IBM Rational AppScan On Demand is a great way to proactively analyze new applications, discovering possible vulnerabilities both before and after those applications are rolled out into production environments. And threats aimed at mobile assets—an emerging security challenge for many organizations—can also be addressed via new IBM endpoint-management tools specifically designed to bring all endpoints under security policies enforced from a single point of command.
Going forward, IBM continues to build on its proven thought leadership via two Institutes for Advanced Security. These are forums for collaboration between major security solution providers, the corporate sector, and governmental agencies, at which emerging threats can be discussed and best practices to respond to them can be developed.
The first Institute, in Washington D.C., was launched last year and has already been serving the United States; it has recently been joined by a second Institute in Europe to combat the security threats emerging specifically in that area of the world, such as spear phishing aimed at European banks.
- IBM X-Force site
- X-Force website
- IBM X-Force Threat Reports archive
- IBM Security - Threat landscape
- Latest X-Force 2010 Trend & Risk Report
- IBM Security
- IBM Institute for Advanced Security
- IBM X-Force Frequency X Blog