Everyone agrees protecting Internet users from malware and social engineering exploits like phishing is a valuable thing to do. At minimum these attacks are a nuisance because they degrade the Internet experience, worst case they can be costly and dangerous. But protecting networks and end users is becoming more difficult because attackers are making their exploits more dynamic and thus harder to detect. This is stressing some solutions, like client software, that have been a primary means of protecting end systems.
To some extent this problem is not a surprise. Client software was originally developed in an era when exploits propagated far more slowly (remember infected floppy disks?) so it wasn’t necessary to update signatures continuously. Now attackers have all the resources of the Internet at their disposal – and use them. Exploits can be morphed and redeployed in seconds.
The problem is not an inherent inability of client software to detect dynamic threats. It’s human factors or technical constraints preventing the very latest signatures and algorithms from always being installed on every machine. Security vendors have done a remarkable job of identifying and tracking even the most agile attacks, but the value of their efforts is substantially diminished if people are unwilling, or unable, to keep their client software current.
Agile attacks require agile defenses. Since virtually every threat today originates in the network, moving protections into the network is a sensible thing to do. Because threats operate at Internet scale security solutions need to scale as well. Aggregation is a natural benefit of moving security protections into the network. A few systems, strategically situated, can provide effective protection for potentially millions of hosts. Fewer systems means updating threat information is simpler and far more reliable which greatly improves agility and responsiveness to a rapidly changing threat landscape. Consumers, network administrators and other IT staff get relief too, and the burden on hosts can be reduced, especially as network based protections become pervasive.
The idea of network based security is not new, it’s been happening since the Internet was first commercialized and firewalls arrived on the scene to protect corporate networks from outside intruders. But what’s needed now are solutions that are as dynamic, adaptable and scalable as the threats they are designed to deter. The question to ask isn’t whether additional security protections should be deployed in the network, but how.