Over the years, companies have relied on stateful detection firewalls, intrusion detection systems, host-based anti-virus systems and anti-spam solutions to ensure the security of enterprise users and resources. But the situation is changing rapidly, and the traditional one-point defensive security device faces a new attack that is hard to handle. In order to detect the latest attack, the security device must improve the detection technology. This paper focuses on the detection and protection of unknown threats and harmful traffic, combining multiple frontier detection techniques in the firewall, providing heuristic scanning and anomaly detection, and enhancing anti-virus, anti-spam and other related functions.
Characteristics of a new generation of attacks
1. Hybrid attacks use a mixture of technologies-such as viruses, worms, trojans, and backdoor attacks-that are often sent through email and infected websites, and are quickly passed to variants of next-generation attacks or attacks, making it difficult to block known or unknown attacks. Examples of this hybrid attack are Nimda, codered, and bugbear.
2. Attacks on new vulnerabilities are now being generated much faster than before. It is particularly important to prevent new and unknown threats, known as "0 Hours" (zero-hour) or "0" (zero-day).
3, with social engineering trap elements of attacks, including spyware, network fraud, mail-based attacks and malicious Web sites, such as the number of significant increases. Attackers spoof legitimate application and messaging information to deceive users into running them.
Figure 1 Gartner released vulnerability and patch schedule
Traditional security methods are failing.
The most popular security products today are stateful detection firewalls, intrusion detection systems, and host-based anti-virus software. But they are less and less effective in the face of a new generation of security threats. Stateful detection firewalls work by tracking the initiation and status of a session. Stateful detection firewalls allow, deny, or forward network traffic based on a set of user-defined firewall policies by examining the packet header, analyzing and monitoring the network layer (L3) and protocol layer (L4). The problem with traditional firewalls is that hackers have developed a number of ways to circumvent firewall policies. These methods include: