HOUSTON – While most efforts today are focused on defending the network perimeter and endpoint machines, worms and malicious attackers can easily bypass firewalls and exploit vulnerabilities to disrupt networks from within.

Once inside perimeter defenses, intruders can conceal their presence, compromise confidential data stores, and remotely control machines for malicious purposes. These internal attacks often go undetected until data is stolen or the network is brought down.

Today?s attackers are motivated less by fame or recognition and more by profit. As a result, malicious code is getting more professional and more effective. There are fewer flashy, visible attacks that cause immediate widespread destruction across the Internet bringing down entire corporate networks at a time. Attacks these days are slower moving stealthy intrusions, such as the Zotob worm or Korgo worm, that are pervasive and difficult to stamp out. These worms are also more intelligent and targeted than past threats and are typically a means to an end rather than the end. Worms are now used more for stealthy code delivery ? code that can later be remotely controlled to perform any number of nefarious tasks such as sending spam or performing denial-of-service attacks.

The more recent style of threats also exploit newly discovered vulnerabilities much more quickly than threats of the past. The Zotob worm, for example, took advantage of a Microsoft vulnerability in a matter of only a few days. The time between when Microsoft announced the vulnerability to the first Zotob exploit code was only 3 days. By comparison, the time between vulnerability discovery and the release of the Nimda worm in 2001 was 365 days. Patches can?t be applied if the patch isn?t available yet, and even if a patch is available it?s almost impossible to keep up with every available patch as soo as it?s made available.

In the future, attackers will rely more and more on worms to deliver malicious code. Worm attacks will be even less noisy and will not necessarily rely on scanning to propagate themselves. A global marketplace that sells botnet exploit capacity and harvested information may make it easier to simply ?buy? an exploit rather than develop and mount an attack.

What can you do to help secure your internal network? You first have to get beyond thinking of network threats as only a nuisance, and stop relying exclusively on perimeter security to protect your network. Far too many businesses are spending 80 percent of their budget to fix 20 percent of their network security problem. They install perimeter security products and expect them to perform effectively against all threats. Most businesses still do not have the situational awareness that allows them to identify complex internal network threat scenarios.

To improve internal network security, you must recognize that technology alone (such as an IDS/IPS appliance) is not enough to protect your internal network. You need a combination of human intelligence, monitoring technology and a plan of action for responding to network threats quickly and efficiently. You must evaluate and understand the relative value of your information assets, and then apply people, process and technology to detect, protect and correct exposures for these assets. Fortunately there are new choices today that can help you automate and coordinate internal security, and help mitigate the growing risks to internal networks.

Misha Govshteyn is founder and CTO of Alert Logic, a provider of Network Protection On Demand that secures internal networks from threats by combining elements of Intrusion Detection, Intrusion Prevention, Security Event Management, and Managed Security Services into a seamlessly integrated turnkey service.