Symantec CTO Robert Clyde warned Thursday that there is a growing gap between the speed at which security attacks are being launched and the industry's ability to respond.
Speaking at the Global E-commerce Summit at the United Nations, Clyde said that historically most attacks on Web sites are classified as Class III threats because they tend to take several hours and even days to execute. But in recent months, the industry has seen the emergence of Class II attacks--also known as Warhol attacks--that manifest themselves in minutes.
"Over 90 percent of hosts that came under attack from SQL Slammer were hit in under 10 minutes," said Clyde. "We call these Warhol threats because they make themselves famous in about 15 minutes."
Before long, Clyde predicts that groups of hackers working in concert will be able to launch attacks in seconds to create a set of Class I attacks, also known as Flash attacks.
"The attacks are increasing in frequency and in complexity," noted Clyde. "And the bar to becoming an attacker is being lowered because the tools are getting more sophisticated. Someone can now learn to use the tools effectively in weeks to months rather than years."
The eventual rise of Flash attacks means that the industry will have to take a more proactive approach to security because the attacks will happen faster than humans can respond, said Clyde.
"The vulnerability threat window is shrinking and in theory could become zero. We used to have six months between when a vulnerability was discovered to come up with a patch before somebody exploited it. But for Code Red, the time was only 28 days."
To deal with this eventuality, Clyde said patches would need to be developed more quickly and deployed continuously in an automated mode. Other areas that need to be worked on include adaptive management and lockdown of networks so an attack on one router is automatically recognized by all routers on the network; the ability to throttle back the throughput of suspicious packets on the network in order to limit damage; automated tools for ensuring that all network clients are compliant with security policies; and advances in securing Web services technologies that do not interfere with application performance, he said.
In addition, Clyde said Symantec will also begin focusing beyond the network layer by researching application-level security to protect business processes.
All of these efforts will be needed to combat hackers that Clyde expects will soon be working as coordinated sets of teams.
"It will not be long before well-funded teams of hackers sponsored by countries or other organizations begin to create Flash attacks that can be launched in seconds," said Clyde.
Copyright (c) 2003 CMP Media LLC