RE: Are sophisticated attacks just FUD?

["Steve Hall" <steve () tarkie net>]

I doubt all the firewall logs between you and the Internet will stop the
potential for Internal Hackers (disgruntled employee's) from attacking your
systems.

I forget the stats, but its somewhere in the region of 70% of hacks are from
an internal source.

Don't allow him to underestimate the impact of worm/virus attack getting on
your internal networks too, the ability to detect and respond to a threat
quickly is part of your defence, not a nice to have.

Regards


-----Original Message-----
From: Sam Heshbon [mailto:sheshbon () yahoo com] 
Sent: 29 June 2004 17:12
To: focus-ids () securityfocus com
Subject: Are sophisticated attacks just FUD?

I had a big discussion with my boss who claims most of the IPS, SIM and
other new tools are just a
hype protecting from sophisticated threats, which only exist in labs.
He thinks multi staged attacks and so on do not often happen in the wild and
shows our firewall's
logs as evidence. It is true we see mostly worms.(NMAP) scanning happens
once in a while, but he
claims it's a script kiddy and the fact we have never seen a breach means it
is not a real threat
(we run a large network operation).
I'm looking for statistical data showing how frequent sophisticated attacks
and advanced tools are
evolved and what there damage is to the corporate. If anyone knows of a
research showing if this
is FUD or a real problem, I'd love to prove him wrong (I'm willing to admit
I'd be happy to have
some new toys ;)



        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------------

---------------------------------------------------------------------------



---------------------------------------------------------------------------

---------------------------------------------------------------------------