Version upgrades from software, infrastructure, and security vendors give businesses the impression that their enterprises are protected from new threats — but is it a false sense of security? The answer is yes if your security deployment doesn’t address the elements that comprise today’s threat landscape.

Hackers Don’t Wait for Patches
To stay ahead of hackers, security software vendors release version upgrades on a regular basis. These upgrades typically include new defenses against the most recent attacks. However, major upgrades take time to implement, and to maximize operational efficiency, many organizations install upgrades once a year or less. Some larger global organizations upgrade their security mechanisms only once every several years. Even in a best-case scenario, when an organization immediately upgrades to new security software versions as soon as they become available, months can go by between installed upgrades. Hackers are acutely aware of this lag time between availability and installation, and are increasingly looking to exploit it. Without real-time security updates, businesses are powerless to stop them.

An April 4 InternetWeek article reports that “more than 70% of virus writers are now writing spyware under contract.” Daily news items, such as a New Zealand Press Association report on March 9 that an Internet cafe attack made $500,000 of New Zealand Bank funds available to hackers, or the theft of $200,000 from Internet users through a fake auction site in Romania reported two days later in the Financial Times, indicate that today’s hackers are increasingly motivated by real financial return. They’re a more pernicious bunch than those of yesteryear who seemed motivated by the simple “challenge” of breaking in. This is precisely the type of hacker aiming to exploit the window between the availability and installation of security upgrades.

Keeping Up with Emerging Protocols
Networks are constantly supporting new protocols — like VoIP or 802.11x — before their security products do. New protocols mean new vulnerabilities, but what happens between upgrades? The answer would probably alarm most executives.

Anti-virus vendors provide ongoing virus signature updates. Intrusion-protection vendors provide ongoing protocol anomaly signatures. But few network and Web security product vendors offer analogous defense updates for new protocols, applications, and defense techniques. In other words, an ideal solution should provide ongoing updates not only for existing protocol and application defenses, but also dynamically add completely new defenses and defense techniques for protocols and applications as soon as they are supported. So if a completely new kind of vulnerability is discovered, or a previously uncommon protocol becomes popular, new defenses can be added dynamically to the security product’s arsenal without requiring a complete product upgrade.

Remote Access: Another Can of Worms
No discussion of ongoing defense updates for network and Web security would be complete without mentioning remote access security. Often overlooked, remote access opens holes in network defenses because remote access traffic is often not subject to the latest available protections like other network and Web traffic.

SSL VPNs, in particular, contribute to the insecure nature of remote access. Most organizations think of SSL VPNs as secure connectivity, but security issues have prevented many SSL VPN pilots from expanding into full production environments. Spyware is a prime example of the vulnerability of SSL VPNs. While core defenses against spyware are provided by some Web security gateways, hackers are constantly creating new spyware programs and techniques. In many ways, the current spyware explosion is similar to the virus proliferation of previous years, and like their virus counterparts, spyware defense requires constant updates.

Preventative Medicine: AV Isn’t Enough – But What Else Is Out There?
There’s a misconception in the marketplace when it comes to upgrades and patches, and the antivirus software industry is the unwitting culprit. Many enterprises believe that their entire network is being protected once AV patches are installed. While it does much good, anti-virus software distribution isn’t enough to protect all of the vulnerabilities in your network.

Viruses get a lot of press, but many network and Web attacks aren’t, in fact, viruses, and aren’t prevented by AV software. They’re actually more complicated attacks that exploit protocol and application vulnerabilities. Consider Microsoft’s monthly “Security Bulletin.” Most exploits targeting the vulnerabilities in the bulletin will take the form of worms, and targeted protocol and application attacks. While most security software provides basic protection against such exploits, few protect against the most recent threats.

The bottom line in today’s threat environment is that to obtain the highest level of defense, organizations simply can’t rely on the next upgrade of their core security products. Achieving a truly secure network requires getting real-time, ongoing, dynamic defense updates for all types of network and web vulnerabilities, not just computer viruses. While you’ll still have to do the heavy lifting involved in occasional product upgrades and patch management, a service that provides ongoing updates for defenses and security policies can save your business from the danger that lurks in-between upgrades.