In an open network, every point that the network touches needs to be protected as well as protected against. The incidence of attacks is alarmingly high.

Simply securing your network's perimeter isn't enough. Sophisticated worms and viruses can piggyback on email, web browsers and other applications to get into the network.

Often the greatest threats to data come from people we know. Most attacks are initiated, knowingly or unwittingly, by employees who manage to cause damage to their own companies' networks and destroy data.

With the rise of remote working, the number of network access points that need to be secured and monitored is rising all the time.

This large number of threats means higher risk - and that more management time is necessary to investigate accidental situations or malicious attacks. IT and Network managers can struggle because of traditional security systems that do not respond to attacks in a co-ordinated and pre-programmed way.

All this has management implication, too. Identifying and co-ordinating the response to an attack is difficult and time-consuming - especially if an appropriate response has to be worked out for every single alarm.

Imagine the problem caused by having to log into two or more different vendor devices to analyse the nature of every single attack and check each report generated using different security management policies - some strict and some less stringent.

Some of the latest trends that highlight the increasing sophistication of attacks and threats:

1. Automation; speed of attack tools
   Today's scanning tools are faster and more effective because they use more advanced patterns. When tools can self-initiate new attacks without human intervention, the damage spreads even more rapidly. Case in point: Code Red and Nimda. Both these attacks self-propagated to saturate the globe in less than 18 hours.
2. Increasing sophistication of attack tools
   It is becoming more difficult to distinguish attacks from legitimate network traffic. Attackers can use anti-forensics techniques that make their work more difficult to detect. Many common tools use protocols like IRC (Internet Relay Chat) or HTTP (HyperText Transfer Protocol) to send data or commands from the intruder to compromised hosts. Additionally, automated attack tools can vary their techniques and behaviours; some even self-evolve so they differ in each instance.
3. Faster detection of vulnerabilities
   The number of newly discovered vulnerabilities roughly doubles each year, making it increasingly difficult for companies to install patches fast enough. Hackers often discover vulnerabilities in code before the vendors can correct them. The automated discovery of new vulnerabilities is reducing the "time to patch."
4. Increasing permeability of firewalls
   Technologies that bypass typical firewall configurations include Internet Printing Protocol (IPP) and Web-based Distributed Authoring and Versioning (WebDAV). In addition, certain aspects of code for mobile devices, such as ActiveX controls, Java, and JavaScript, make it more difficult to protect vulnerable systems and discover malicious software.
5. Increasingly "asymmetric" threat
   Attackers can use many distributed systems against one victim. This creates an "asymmetric" threat: many against one. The incidence of this type of threat will increase as hacker tools become even more automated and sophisticated.
6. Increasing threat from infrastructure attacks
   Major categories of infrastructure attacks include:
• Distributed denial of service - Multiple systems attack one or more victim systems, making services unavailable to legitimate users.
• Worms - Unlike viruses, (which require a user to take some action), worms can propagate by themselves. This can lead to widepread DoS, site defacement and peripherals crashing as they overload.
• Attacks on Internet Domain Name System (DNS) - These attacks trick the DNS into exploiting vulnerable servers to modify the data served to users, creating DoS attacks on name servers and co-opting the domain registration process to seize control of legitimate domains ("domain hijacking").
7. Attacks on routers
   Intruders use poorly secured routers as platforms to attack other sites, as well as to scan and capture profiling information. One form of attack is to direct traffic to the routers themselves, instead of through them. Routers are not designed to accommodate high volumes of traffic, so the result is DoS. Attackers can also cause damage by exploiting the trust relationship between routers - that is modifying, deleting, or injecting routes into the global Internet routing tables to redirect traffic destined for one network to another. This creates a DoS to the intended network because it receives no traffic, and to the other because it receives more traffic than it should.