IT security teams must cooperate to defeat threats

Symantec report highlights the convergence of attack methods

IT security experts must pool their resources and work together more efficiently if they are to combat the increasingly converged nature of enterprise security threats, according to the latest bi-annual threat report from Symantec.

The report notes that criminals are "refining their methods and consolidating their assets" to incorporate several different attack methods in so-called " multi-staged attacks".

There are also toolkits available on the black market such as MPack, which contain malicious code, spam and exploits for browser vulnerabilities, it added.

In the face of these threats, security teams which have been traditionally been divided in their responsibilities into anti-spam, desktop protection, servers and so on, must share information more readily than before, said Symantec's chief scientist Guy Bunker.

"We're seeing an increasing sophistication of attacks and the bundling of multiple threat vectors together," he added. "People must realise security is hugely important and if you have a serious attack it can harm the brand, which is everything."

Donal Casey of IT consultancy Morse agreed that a siloed approach to security would leave firms at risk. "Only by taking a combined approach to defence will companies be able to protect against increasingly challenging attacks," he added. "These are being launched to steal funds and information, bring down networks and ultimately play havoc with business operations."

Andrew Kellett of analyst Butler Group argued that many enterprises don't have joined up teams because they have bought point products over the years.

"Large enterprises may have properly defined roles and procedures but this is not the majority – most retain a firefighting approach," he said.

But he argued that products are getting more built-in security, as firms such as CA, Oracle and Microsoft acquire security vendors to give them in-house expertise. "They don't buy these firms because it's a nice-to-have but because they protect what they really want to sell," he said.

Jean Paul Ballerini, senior technology solutions expert for Internet Security Systems, IBM, said that the siloed approach of many security departments is preventing them from implementing a defence in depth approach.

“In very large enterprises there are situations where a branch office chooses a different security solution than that of the head office, leading to a more complex management of security which challenges the capacity of actually identifying the threats,” he added. “But we cannot expect businesses to change their organisation overnight, and often this is not wise, even from the security perspective.”

But John Colley, managing director of security certifications organisation the ISC2, said that info security teams in many large firms already work in well organised groups.

"It depends on the quality of the information security people in the organisation but … the people I talk to are co-ordinated and controlled," he added.

The report also highlighted a big spike in web browser plug-in vulnerabilities and an increase in phishing attacks of 53 percent since the last report. According to Symantec just three phishing toolkits were responsible for nearly half of the attacks.