Information Security Glossary
Auerbach Publications

"Top Seven in '07" Predictions and Resolutions for IT Security Managers

Vernier Networks

Mountain View, CA -- January 03, 2007 -- Vernier Networks today issued a list of "Top Seven in ’07" IT security predictions and resolutions to help IT security managers improve overall security and increase enterprise-wide control and compliance.

Vernier Networks’ IT security researchers predict the following seven trends will change the overall security landscape in 2007:

1. Usage of Zero-Day attacks to get "botnet" software into computers will dramatically increase. Black-market prices for these remote exploits requiring no target-user intervention sold for $5,000 in 2004 but have skyrocketed to as much as $80,000 in 2007.

2. Business-oriented social networks, such as LinkedIn and ZoomInfo, will gain the attention of malware writers, particularly those who target specific businesses. Hackers will use these networks to penetrate organizations starting with human-resources departments. Expect more phishing-like attacks to target these social networks.

3. Hackers will continue to focus attacks on stealing identities and corporate data, instead of disrupting IT services.

4. Vista intrusions will take center stage despite the massive improvements in the product’s security. Don’t be surprised to see hackers drive home the point by creating a "Month of Vista Bugs," as they did with the "Month of Browser Bugs" and "Month of Kernel Bugs."

5. The Apple community, which is currently in denial over security issues, will suffer a rude awakening from the "Month of Apple Bugs." Apple will react poorly but show much improvement at handling such issues for the long term.

6. Aggressive criminal attacks will double in 2007 for two main reasons. First, there are a finite number of available PCs to compromise and "zombify" into becoming spam relays and other malicious conduits. Second, cyber criminals face little law-enforcement risks but increased competition for the millions of dollars available, so hackers will take greater risks and employ more aggressive tactics. The centerpiece of cyber crime are "botnets," a group of compromised computers that enable coordinated, remote manipulation by an attacker who has compromised a large group of computers and installed remote-controlled, backdoor software. The battle for control of large botnets will result not only in an escalation of cyber crime, but an increase in online criminals attacking each other, both with casualties on innocent users’ computers.

7. Phishing and identity theft will move from the consumer market to the corporate market, and internal identities; i.e., names and passwords, will be hijacked. Hackers will use these identities to penetrate corporate networks and steal high-valued trade secrets and customer information and sell it on the black market.

"At Vernier’s Threat Labs our job is to predict security threats and proactively address criminal trends to help our customers defend their networks," said Mark 'Simple Nomad' Loveless, senior security researcher for Vernier Networks and founder of the Nomad Mobile Research Center. "This ‘Top Seven in ’07’ list reflects what we anticipate will bring our greatest challenges and accomplishments of the new year."

IT Security Managers’ Top Seven in ’07 Security Resolutions

As enterprise IT-security professionals shift their focus from maintaining isolated security technology to implementing comprehensive security and policy-management systems, Vernier Networks offers this list of the top seven IT resolutions for defending networks:

1. IT will assess its overall security by deploying end-to-end security-risk management solutions that monitor perimeter, datacenter, network-infrastructure and endpoint-security risks and vulnerabilities.

2. IT will gain complete visibility into all internal network activity by employees, guests, contractors, and business partners. The visibility must be continuous, identity-based and highly detailed. Further, IT will be able to detect and monitor network activity, application usage and content exchanged to prevent the loss of corporate information such as trade secrets, customer information and intellectual property.

3. IT will deploy an extra layer of security inside the network to secure IT corporate assets from unauthorized access, as well as the internal proliferation of spyware and malware.

4. IT will develop and enforce corporate endpoint-security compliance systems to ensure that end-user devices comply with security policies prior to being granted network access.

5. IT will automate its security operations allowing it to block attacks and intrusions in real-time without having to resort to lengthy and expensive forensic and log-management solutions to detect attacks after they have occurred.

6. IT will implement corporate-wide security dashboards allowing organizations to correspond endpoint-security posture with detailed network-usage telemetry data based on identities stored in corporate directories, such as Microsoft Active directory.

7. IT will start planning for the internal usage of IPSEC VPN solutions, especially with the adoption of Microsoft Vista. Security solutions will be aggregated at VPN termination servers strategically deployed within the network switching fabric. Network Access Control appliances will be used as the platform for internal security policy enforcement for VPN and traditional clients.

About the Author
Vernier Networks delivers the industry’s leading Network Access Control products that are designed to ensure network compliance. The award-winning EdgeWall product line authenticates, validates and authorizes compliant endpoints, quarantines and remediates infected devices and continuously inspects traffic for policy compliance. Vernier’s products are deployed at over a thousand enterprises, higher education institutions, healthcare organizations and government agencies worldwide. Headquartered in Mountain View, California, with sales operations and channel partners worldwide, Vernier can be found on the Web at

© Copyright 2007 Auerbach Publications