Chapter 11

Computer Networks: Protection from External Threat

The Sophos Security Threat Report for 2011 states that it processes new malware introduced every 0.9 seconds, 24 hours a day, seven days a week, all year. That is just under one per second. This is an astounding number by any measure. The implications are enormous. First, it means that current security products are not successful. By any stretch of the imagination, we are not stopping malware if it is being introduced once per second on a continuous basis—not even close—and this is just the number processed by Sophos, a security firm specializing in network attacks.

This chapter looks deeply at the current network protection available against external threat. The following chapter focuses on internal threat. Although current product approaches attempt to protect against threat with either signature detection or anomaly detection, the approach in this book divides the threat into external and internal. Why? The motivation of an external attacker and an insider is entirely different. Rather than focusing on products, I focus on the malicious human behavior that results in attacks. This chapter will peel away the layers of current network protection methods against external threat. At the same time, I will explain why we need a paradigm shift in security. Current technology is not working well. However, we cannot design new technology unless we understand the strengths and weaknesses of current technology.

As I discussed ...

Get Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.