The rise of Internet attacks via computer viruses and other techniques has caused significant financial damage to many corporations. Current anti-virus software operates by comparing incoming files against a list of “offensive” code (e.g., known viruses). If a file looks like one of these offensive codes, then it is deleted and the system protected. There are several major problems with this approach, however, with regard to modern virus attacks.
First, if the virus is new and not in the list of known viruses, the anti-virus solution will not identify it is a virus and therefore it will not keep it from spreading. Second, modern worms such as “code red” and “SQL slammer” do not rely on any of the methods of transmission guarded by most virus protection systems. These new strands of viruses are designed to attack the computer system directly by exploiting faults in the software used by the computer to perform its operations. The viruses are therefore able to crack corporate networks and replicant without the intervention of anti-virus software.
Another critical factor in preventing anti-virus software from protecting modern networks is the speed of modern virus replication and propagation. Whereas years ago it could take years for a virus to disseminate across the United States, modern viruses can spread across the whole world in a matter of minutes.
At the root of the modern virus problem lies system management and maintenance. All network applications are vulnerable to some level of attack, but the software manufacturers work diligently to resolve these errors and release fixes to the problems before they can be exploited by virus producers. In fact, most of the time the application manufacturers have released the fixes to the application that would have prevented a virus from utilizing these holes before the viruses are even released. Unfortunately, due to the complexity of modern networks, most system administrators are unable to keep pace with the increasing number of security patches and hot fixes released from the software manufacturers on every computer in the network.
What is needed is a solution that automates the process of identifying and managing network application security holes. What is also needed is a mechanism that allows distributed portions of the solution to communicate with each other in an effective manner.