Security Market Segment LS
Saturday, 28 August 2010 17:03

IBM X-Force Report says security threats have reached record levels

By

This week, IBM released its half-yearly X-Force Trend and Risk Report - a detailed analysis of the state of security threats and vendors responses to them.  Vulnerability disclosures are increasing, as well as the responses to them although the report found that 55% of the vulnerabilities reported in the first half of 2010 remained unfixed by mid-year.

Available here (registration required) the very extensive report can only be very briefly summarised in this short space.

"Threat dynamics continue to multiply and evolve at a furious pace, making it more crucial than ever to look at unfolding trends so we can better prepare our clients for the future," said Steve Robinson, general manager, IBM Security Solutions. "This year's X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities. This underscores the increased focus among our clients to continue looking for security solutions that help them better manage risk and ensure their IT infrastructure is secure by design." 

As well as observing a 36% increase in vulnerability disclosures to 4,396 in the first half of 2010, the X-Force team also noted that over half of these remained unfixed by mid-year.

The leading attack vectors remain web-based (55%) with particular interest in JavaScript and PDF files also remaining high.  Obfuscation of the attack code is also a growth area.

On a positive note, the report also observes that "In the first-half of 2010, organisations were doing more to identify and disclose security vulnerabilities than ever before. This in turn is having positive effects on the industry by driving more open collaboration to identify and eliminate vulnerabilities before cyber criminals can exploit them."


Interestingly, the report notes a significant decline in phishing but financial institutions remain the top target.  "Phishing volume has fluctuated wildly over the past few years. The first half of 2010 has only seen a fraction of the phishing attacks that were seen at the peak in 2009, a decline of almost 82 percent.

"Despite this drastic decline, financial institutions are still the number one phishing target, representing about 49 percent of all phishing emails, while credit cards, governmental organisations, online payment institutions and auctions represent the majority of other targets."

Looking to the future, the report notes two growing technologies that are expected to attract the increased attention of the nasty people.

Firstly, there is Virtualisation.  "Questions have been raised about the wisdom of sharing workloads with different security requirements on the same physical hardware. X-Force's vulnerability data shows that 35 percent of vulnerabilities impacting server class virtualisation systems affect the hypervisor, which means that an attacker with control of one virtual system may be able to manipulate other systems on the same machine. This is a significant data point when architecting virtualisation projects."  This area was also identified as a potential area of concern with respect to the physical management of the virtualised environments.

Identifying the second area of concern, the report observes, "As an emerging technology, security concerns remain a hurdle for organisations looking to adopt cloud computing. As organisations transition to the cloud, IBM recommends that they start by examining the security requirements of the workloads they intend to host in the cloud, rather than starting with an examination of different potential service providers. Gaining a good understanding of the needs and requirements first will help organisations take a more strategic approach to adopting cloud services."

In both of these areas, it is clear that a race to the "latest and greatest" technologies should always be tempered with a careful analysis if the risks involved.

DIGITAL MARKETING HAS NO SOCIAL DISTANCING OR TRAVEL RESTRICTIONS

As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email andrew.matler@itwire.com

CONTACT US!

LAYER 1 ENCRIPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments