September 6, 2016 By Paul Griswold 2 min read

You don’t need to be a security expert to know that malware is a problem. Anyone with an internet connection or a TV can see that security threats and breaches are constantly in the news.

But security analysts know that organizations need to worry about more than just sophisticated attacks; simple (yet extremely effective) malware campaigns, such as ransomware, are leading to complex security issues like never before. With nearly 500 million unique samples of malware appearing every year, trying to individually detect every single variant is not an effective defense strategy.

Zero-Day Exploits: A Serious, Rare Threat

Security professionals spend a good deal of time worrying about zero-day exploits — brand new attacks that no one has ever seen before. While it only takes one zero-day to really ruin your day, the rate of malware infection via unknown threats is relatively low.

In fact, Gartner estimated that 90 percent of exploits occur on vulnerabilities for which a patch has been available. The Verizon’s “2016 Data Breach Investigations Report” noted that newly exploited CVEs are “mostly and consistently older than one year.”

With such a high success rate, attackers are much more likely to focus their efforts on publicly available exploit information since it is more cost-effective and less time consuming than discovering a new zero-day exploit.

Learn how How Old Technology Can Fight Today’s Most Advanced Cyberthreats

Going Through a Rough Patch

So how do you prevent malware infections? The easy answer is to simply apply the available patch, right?

Well, anyone who has ever implemented a vulnerability management program knows that real life is not that simple. Patch rates of 100 percent are exceedingly rare for a number of reasons: For instance, critical systems that can’t be brought down for maintenance on a moment’s notice can delay patching. With bring-your-own-device (BYOD) programs, it is often hard to even identify what devices need to be patched in the first place.

Of course, this presumes a patch is even available. Of the more than 9,000 vulnerabilities disclosed in 2015 and tracked by IBM X-Force, more than 22 percent did not have a patch available. For this reason, it’s imperative to deploy compensating controls to protect unpatched systems — which is a key part of an effective vulnerability management program.

IPS: A Simple Solution to Complex Security Issues

One such compensating control is a vulnerability-aware intrusion prevention system (IPS). While IPS is a mature technology that has been in the market for nearly 20 years, it has stood the test of time for one simple reason: When properly deployed, it can be an extremely effective countermeasure against even the most sophisticated attacks.

Even more, a next-generation IPS not only protects against known threats, but those that are unknown as well. IBM’s Protocol Analysis Model (PAM), for example, is unique in that in protects against entire classes of vulnerabilities and not just specific, known exploits.

To learn more about preventing simple threats to solve complex security issues, watch the on-demand IBM webinar, “Back to Basics: How Decades-Old Technology Can Fight Today’s Most Advanced Cyberthreats,” featuring Gartner research director Craig Lawson.

More from Network

Databases beware: Abusing Microsoft SQL Server with SQLRecon

20 min read - Over the course of my career, I’ve had the privileged opportunity to peek behind the veil of some of the largest organizations in the world. In my experience, most industry verticals rely on enterprise Windows networks. In fact, I can count on one hand the number of times I have seen a decentralized zero-trust network, enterprise Linux, macOS network, or Active Directory alternative (FreeIPA). As I navigate my way through these large and often complex enterprise networks, it is common…

Easy configuration fixes can protect your server from attack

4 min read - In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents. It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today