Blog dedicado al estudio de la Seguridad de la Información - Privacidad - Seguridad Informatica - Auditoria informática.
(Recopilación de principales noticias, eventos, politicas de seguridad, guías de buenas practicas, normas, estándares, herramientas, otros)
viernes, 8 de abril de 2011
Reporte de análisis de riesgos de ciberseguridad 2010 (Hewlett Packard)
2010 Full Year Top Cyber Security Risks Report
In-depth analysis and attack data from HP DVLabs.
Key findings from the report include:
• The number of discovered vulnerabilities has plateaued, but the number of attacks against known vulnerabilities continues to rise. Data from the report indicates that the annual number of vulnerabilities being discovered in commercial computing systems has remained steady from 2009 to 2010. At the same time, targeted exploits that take advantage of these known vulnerabilities have continued to increase in both severity and frequency.
This means that unpatched or unupdated systems are putting enterprise data centers at a huge risk for being compromised.
• Web application vulnerabilities continue to be a gaping hole in enterprise security deployments.
Data from the report indicates that nearly half of all reported vulnerabilities exist in Web applications – meaning services that use the Web as the portal for
users to access or interact with a piece of software.
In this report, HP DVLabs takes a close look at the security of some of the most popular content management systems (CMS). The leading cause of vulnerabilities in a CMS are unpatched or poorly patched plug-ins rather than the core system. For the
always online enterprise, poor patch management represents a large hole in the overall security of the organization.
• Attacks are becoming more productized and marketable. The report looks at Web exploit toolkits, which are essentially attack frameworks that can be bought, sold, or traded. HP DVLabs delves into the toolkits themselves to explain the sophistication of today’s security exploits and how they compromise enterprise systems. The creation of security exploit toolkits follows similar processes
as are used in the development of commercial software, resulting in extremely sophisticated and well thought-out attacks.