Though many companies now use antivirus software, intrusion-detection systems, and firewalls, hackers and worms still infiltrate business-technology systems and cause serious damage. Attacks such as Blaster, MyDoom, and Witty cost businesses more than $10 billion annually.
To combat the growing problem, security professionals are in search of better protection. They need more-intelligent shields that can fend off new attacks as they happen, rather than relying on signatures--tiny snapshots of code used to spot and block attacks--published by security vendors only after attacks are under way.
Intrusion-prevention systems may be the protection companies are looking for. Unlike conventional antivirus, firewall, and intrusion-detection systems, these proactive tools are designed to protect vulnerable computers and thwart unforeseen attack methods.
 |
 |
New intrusion-prevention systems are better able to stop attacks, Michael Assante, VP and chief security officer of American Electric Power says. |
|
|
"Intrusion-prevention systems have a learning capability, and these engines are more intelligent and better able to identify and stop attacks," says Michael Assante, VP and chief security officer at energy producer and distributor American Electric Power Co.
That's important, especially since attacks are getting too fast for reactive security tools. Consider this: When the SQL Slammer worm hit the Internet in January 2003, it attacked a 6-month-old vulnerability in Microsoft SQL Server. But in March of this year, the Witty worm struck a buffer-overflow vulnerability only one day after the flaw was found in various Internet Security System Inc. products. Security professionals are even more concerned about so-called "zero-day" attacks, those against software vulnerabilities that have no patches or defensive signatures because they haven't yet been publicly disclosed.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
