Symantec CEO warns of new threats

John Thompson, Symantec chairman and CEO, delivered a call to arms to Comdex attendees in Las Vegas Wednesday, when he detailed how the more business is done on the Internet, the more everyone needs to do their part to secure the wired, and wireless, world.

"Unfortunately, there will come a point where users will view Internet technology as a liability because of the risk it represents to their business," Thompson said. In his keynote address to conference attendees, Thompson said the threat of attack increased 19 percent in the last year and that the type of attacks has become more sophisticated.

In addition to Blaster and Slammer worms, he said enterprise IT and security managers can expect to encounter "Warhol" attacks, which spread in 15 minutes, taking a cue from Andy Warhol's much quoted "15 minutes of fame" theory.

Another new type of attack will be in the form of flash threats, which take hold within 30 seconds, much like a flash flood. Also, day-zero threats will exploit previously unknown and unprotected vulnerabilities on corporate networks.

Thompson said the best way to protect a network from the myriad attacks is to address security at multiple levels in an organization. Because about 70 percent of attacks happen inside a firewall, security managers need to proactively secure the application servers, databases and host servers within an organization.

"There is no single technology that can protect against today's complex, blended threats. The security focus must shift to the gateway, the application server and so on," Thompson said.

New security tools working to help security managers find and plug holes and prevent attacks on unknown vulnerabilities include host-based intrusion preventions systems, generic exploit-blocking systems and protocol anomaly protection. These types of tools can detect abnormalities in behavior and warn security managers of malicious actions being taken on their nets.

Thompson said security needs to be built in at the application design level. "The industry needs to write bulletproof code that works out of the box and that has the security features enabled in the default settings," he said.

Thompson also plugged Symantec's new client compliancy initiative designed to promote the enforcement of remote and mobile client security policies. The initiative addresses the growing need for administrators to verify that client machines are secure before they connect to enterprise networks. The initiative supports automated enforcement of pre-defined security policies, Thompson said.

Show Comments