In the mid 1980s, programmers in Pakistan released the very first PC virus, dubbed “the Brain.” In 1988, a graduate student at Cornell University released a program on the early Internet that disabled over 6,000 computers. This was the first widely distributed computer attack, and marked the first sentence levied for this sort of computer crime. Computer viruses were now a very real threat and the endpoint security market was born.
According to Gartner, the market is dominated by three antivirus vendors (McAfee, Symantec, and Trend Micro), which represent 85 percent of the market share. As of 2005, enterprise antivirus, antispyware, personal firewall, and desktop HIPS (host-based intrusion prevention) products made up the majority of the $2.2 billion endpoint security market. By 2010, Gartner anticipates the market will grow to nearly $3.6 billion.
Evolving Security Solutions Face an Evolving Threat
Viruses and attacks have come a long way since the 80s. In a recent study conducted for the European Network and Information Security Industry (ENISA) by S21sec, a Spanish information security consulting firm, the most common infection methods detected include browser exploits (65 percent); e-mail attachments (13 percent); operating system exploits (11 percent); and downloaded Internet files (9 percent). The same study also estimated that more than 60 percent of the exploits related to botnets (a particularly insidious threat that ultimately leads to a computer being controlled by a malicious outside party) are browser exploits. The combination of infection vectors is an indication of the rise of blended threats, or threats that combine vulnerabilities to violate computer security. Only a multi-layered security solution can hope to successfully confront blended threats.
The market is steadfast in its march to keep up with these new threats, but the attacks continue. The majority of spyware is propagated by spam or phishing e-mails, or by users unwittingly accessing inappropriate URLs that automatically download “script” files to generate spyware programs. The rise in adoption of local and wide area networking and the Internet has brought even more new threats to the table.
Viruses passed around on floppy disk eventually gave way to viruses spreading via networks. This brought about an emphasis on network security solutions such as firewalls, devices that sit on a network perimeter and approve or reject network traffic based on security policy. This strategy worked for a while, but the malware community responded by making attacks more complicated and disguising them as legitimate network traffic and applications. These new threats include bots, viruses, trojans, worms, banned content, and spam, and are propagated primarily through e-mail, Web pages, and instant messaging.
Contemporary attacks and viruses have become more frequent and much more complex. In 1999, “Melissa” debuted as the first self-propagating virus and was soon followed in 2000 by the “I Love You” virus, which compromised the usernames and passwords of millions of computer users virtually overnight. The virus “Code Red” introduced exploitation of the ubiquitous Windows operating system and the “Nimda” virus was the first with multiple means for infecting its target. The cost of the cumulative damage and productivity loss attributed to these exploits was in the billions of dollars.
Today’s viruses and malicious attacks are incredibly complex, deploying a multifaceted approach to obtain their desired result. These new blended threats package several stand-alone viruses into one extremely elusive attack vehicle. One of the most recent blended threats, “myDoom,” used e-mail as its main infection vehicle. And while it contained backdoors, flooders, and e-mail agents, its success was based on a new level of social engineering, a technique in which the attacker manipulates targets into performing a task that they otherwise would not. In this case, the myDoom virus sent an e-mail message that appeared to be a mail-server error message, instructing the user to open an attachment for further instructions. Once the attachment was opened, the virus was activated and began harvesting the victim’s e-mail address book, then propagated itself to a new set of targets. It was estimated that within three days of the outbreak, nearly 30 percent of all worldwide e-mail traffic could be attributed to myDoom, and the London-based firm mi2g estimated that the myDoom outbreak caused over $38 billion in damage worldwide.
Endpoint Security Today
Endpoint security products are typically software suites that include antimalware (antivirus, antispyware), desktop firewall, HIPS, device control, and application control features. The software runs on desktops, servers, laptops, and increasingly on handhelds. They also feature a central management console that can be used for reporting and policy updates. The general trend in the endpoint security market is to consolidate many separate security software products into one suite that can be centrally managed.
In February 2008 the Sarrel Group conducted an in-depth competitive analysis of endpoint security products offered by Cisco, McAfee, Trend Micro, eEye Digital Security, and Symantec. Overall, we were pleased with recent advances in the market, particularly increases in the robustness of solutions and the addition of greater centralized management and reporting capabilities. We feel that appropriate solutions for small to medium-size business include eEye Digital Security’s Blink Professional 3.5 and Symantec’s Endpoint Protection 11; both products contain an excellent mix of ease of use and effectiveness against current malware threats and network attacks.
Steve Taylor, president of Plan B Technologies, a value added reseller (VAR) based in Bowie, Md., has good things to say about eEye Digital Security’s thorough approach to endpoint security. “Their use of application firewalls, antivirus, and antispyware services is strong, but everybody has that now,” says Taylor. “Where eEye steps it up is with their vulnerability assessment and zero-day risk mitigation technology. They protect not only against things that we know about, but also help us deal with zero-day risks and outbreaks, which are becoming more common in the business environment today.”
Many organizations are not only facing increased security risks, but also increased regulatory compliance such as that of HIPAA or PCI, both of which mandate that certain security measures be taken. These two factors combined result in increased attention being paid to security across every level of organizations both large and small. In addition, as security plays a greater role in IT purchasing and implementation decisions, there is an increase in centralized management and reporting to provide a holistic picture of corporate information security.
At the end of the day, what’s most important is that you employ some kind of endpoint security solution, regardless of which type you choose. If you’re running a business, you already have enough to worry about, so give yourself some peace of mind by employing one of today’s advanced endpoint security solutions.
Matthew David Sarrel is currently executive director of Sarrel Group, an editorial services, product test lab, and information technology consulting company. He is a contributing editor for PC Magazine as well as tech/games editor and technical director for YRB Magazine.