With the emergence of computer networks and the rapid development of the Internet, applications based on network are also increasing rapidly.

 

Enterprises are expanding, and at the same time, the scale of the enterprise network is also growing. Network information system brings greater economic benefits to enterprises, but the accompanying security issues are also persecuting the users.Many companies build their branch offices in various areas and have the headquarters and branches connected, setting up bigger network.Such an enterprise network in which network are connected with one another improve efficiency and enhance competitiveness for enterprises, but meanwhile, this brings more complicated network security problems to enterprises.

 

 

Since the birth of the Internet, network attacks follow very closely. According to the means and purposes of the attacks, there have been three periods:

 

  

The first period is from the emergence of network to 2003.  

During this period, generally the purpose of network attack was not for obtaining some kind of interests, but for showing. The attacker did not get benefits. Popular network attack techniques were viruses and worms. The infection would just continuously expand, and the virus authors don't get any commercial interests.

 

The second period is from the second half year of 2004 to the end of 2007.   

Most network attacks during this period were for commercial interests.The hackers were becoming increasingly more purposeful in attacking, targeting the users who would bring them profits.

  

 

The third time is from the end of 2007 to the present.  

Network attacks during this period were for not only economic interests, but also a lot of political interests. Hackers engage in espionage through the Internet, stealing commercial secrets, military secrets, economy information, science and technology information, etc. Insiders of security industry call this kind of attacks APT (Advanced Persistent Threat), namely "attack against a particular target".

 

 

The attack techniques of hackers tend to be perfect, and sometimes even social engineering methods are applied.  

 

Now network attacks are often hidden in applications and using non-standard ports to escape from being identified by traditional quintuple security equipment based on IP ports. With the development of mobile Internet, many threats began to hide in the mobile applications and stretch out the hand of evil to enterprises by wireless access. For the infected botnet hosts hidden in the enterprise network, the hacker send commands to them through remote control, stealing the company’s confidential information or attacking third parties using the company’s network.

 

It is more difficult to find APT attacks than before. Attack incidents seem to be the least important security events and are usually ignored because they are not critical. But they will be slowly accumulated and pose threats to businesses. Therefore, there need be a special security equipment to integrate these seemingly irrelevant security events, do intelligent correlation analysis and help users judge which might be potential threats.