The saying “prevention is better than cure” can be applied to more than just human health. It pertains to everything. Even automobile companies advise buyers that their vehicles should undergo regular maintenance, because it is far more cost effective than having to fix a problem after it arises. 
The same goes for companies and their IT security, especially now that threats to networks and systems are happening faster, becoming increasingly sophisticated, complex and more targeted than ever before. In this instance, prevention ought to be a genuine concern.
Security software firm Symantec recently published its 2013 Internet Security Threat Report, and the results are alarming. It shows that small and medium businesses (SMBs) have seen the greatest increase in threats and attacks, with targeted attacks in 2012 increasing to 42%, with 31% of those attacks specifically being aimed at companies with less than 250 employees.
There were 14 zero-day vulnerabilities reported in 2012, up significantly from the previous year’s eight.
“These zero-day attacks, which are also known as zero-hour attacks, are when hackers exploit vulnerabilities and bugs in software systems before the software companies and users are even aware of them or, in the event that the software manufacturers are aware of it, have had time to create patches to prevent attacks,” explains Jayson O’Reilly, director: Sales and Innovation for DRS, a company that specialises in enterprise-wide security risk management.
“When hackers and cybercriminals find such security holes, they use the opportunity to create a virus or worm that wreaks havoc and harms computer systems in a myriad of ways and cause complete network and application outages.
“Fixing it can be costly and time consuming and, depending on what kind of software was targeted, temporarily halt productivity of many or even all employees in a company, which leads to loss of income.”
Not even giant corporations have been spared. Earlier this year, Apple, Microsoft, and the social networking sites Facebook and Twitter all had their systems compromised by exploits that were traced back to zero-day vulnerabilities in Java.
O’Reilly advises that the way to thwart such attacks is by employing intrusion prevention management (IPM).
“This pre-emptive approach to security aims to protect networks against vulnerabilities before they arise. It is used to identify potential threats and to respond quickly,” he says.
An intrusion prevention system (IPS) is used to monitor network traffic. Since attackers can carry out attacks very quickly after gaining access to a network, IPS has the ability to take immediate action, allowing the network administrator to block all further traffic from a certain IP address or port, while continuing to forward legitimate traffic to the recipient without any delay or disruption of service.
O’Reilly says DRS is one of the first companies in South Africa to have adopted IPM technologies.
“Using the latest, pro-active state of the art technologies, DRS’s IPS specifically offers protection against zero-day attacks and we have had many successes locally with its implementation. DRS understands how to integrate IPS technology into a client’s environment and to tune the equipment to eliminate false positives.
“In addition, DRS also offers a 24/7 IPS monitoring service to monitor and maintain the client’s IPS implementation.”
O’Reilly adds that all events are monitored, logged, assessed and addressed according to individual customer requirements.