Today, most security solutions use a combination of signature detection and heuristics-relying more on one or the other, depending on the vendor-to offer protection from new and existing threats. For businesses, it is a balancing act-use a solution that is highly proactive, relying heavily on heuristics, or one that relies more heavily on signature-based detection. One thing is clear, heuristics are a vital part of any security solution, especially if the organization is heavily engaged in social networking.
Types of risks:
Before a company decides to put their data on a social networking site, or to enhance their channels, groups or profiles, private and corporate users should be aware of the following social or technical security risks they will face.
- Data Theft-A social networking site is, basically, an enormous database that can be accessed by many individuals, increasing the risk that information could be exploited.
- Involuntary Information Leakage-Firms should be aware of the implications that arise from the data their employees post on social networking sites-for themselves or for the company. In the absence of a strong policy that sets clear lines between personal and corporate content, legal implications are likely to occur.
- Targeted Attacks-Information on social networking sites could be used as preliminary reconnaissance, gathering information on size, structure, IT literacy degree and more, for a more in-depth, targeted attack on the company.
- Network Vulnerability-All social networking sites are subject to flaws and bugs, whether it concerns login issues, cross-site scripting potential or Java vulnerabilities that intruders could exploit. This could, in turn, cause vulnerabilities in the company's network.
- Spam and Phishing-If an employee uses their work e-mail on a social networking site, there is a 98 percent chance they will receive spam and be targeted for phishing attacks, causing issues on the company's network.
- Content Alteration-Without constant efforts to preserve the identity of the displayed content, and in the absence of reinforced security measures, blogs, channels, groups and profiles might be spoofed or hacked.
- Malware Dissemination-Social networking sites provide an ideal and cost-efficient platform for the distribution of viruses, worms and bots, Trojans, spyware and more. Companies with a presence on these sites could be adversely affected.
- Business Reputation-Attackers can distort information on companies and people on social networking sites, adversely impacting their reputation.
- Infrastructure and Maintenance Costs-Using social networking sites requires additional infrastructure and maintenance resources to ensure the appropriate defensive layers are in place to protect the company.
- Productivity Loss-Companies should carefully monitor their employees' activities on the network to ensure that security is maintained and resources are not being wasted by social networking activities.
Heuristic-Based Security Solutions: Proactive Protection
In a business environment using the newest methods of communication, like social networking, heuristic-based security solutions provide the proactive protection that is vital to security. By emulating the software in a virtual computer-inside-a-computer, heuristic security solutions run pieces of software and check for potentially malicious behavior. This provides proactive protection and increased detection of zero-day threats and unknown malware. While there is a risk of "false positives"-where "safe" information is classified as malware, the benefit is that new threats that have not been identified by the signature-based method can be caught before they enter a network.
The rapid development of social networking Web sites has opened up new ways for business partners, companies, and customers to connect, narrowing the communication gab. But, they have also introduced new dangers and risks to corporate networks. Companies that are planning use social networking as a communications tool need to be aware of the risks that could affect their business, and take steps to protect themselves.