There are new tools on the horizon that will help enterprises fight malware as well as provide trajectories for new malware attacks. If you listen to this podcast a security architect for Intel discusses their new hardware virtualization.
The advantages given in the presentation include:
* ability to embed intrusion detection deep packet inspection directly in the hardware, thus avoiding the need for separate appliances
* the ability to ensure that all machines on the network have minimum security configurations
* the ability to wake up machines in sleep or down mode, scan the system, deliver updates and put them back into sleep or down mode
* prevent rootkit attacks from a response perspective, isolate the system and use the out of band management channel to remotely clean the system
What wasn't mentioned was the new types of attack vectors that hardware virtualization brings...i.e. Blue Pill type attacks. Currently, there are no defense barriers to this type of attack.
Further, the interview portrays the ability to have "deep packet inspection" as the main way to deter malware attacks. The problem with current attacks is that the attack signature patterns are changing every 30 minutes. Thus no matter how deep the inspection goes, if only signature patterns are used, this type of defense on its own won't prevent malware attacks from succeeding.
Generally, the overall management of the enterprise's security systems should be helped by the ability to update patches quickly regardless of whether the computer is off or in sleep mode. Further, the ability to embed security intrusion detection systems in the hardware will also reduce operating costs long term.
BUT, the rest of the spiel is just that, a sales spiel. There is no one technology that is going to provide a silver bullet. In fact, the new technologies come with their own challenges. Therefore, you need to have multiple layers of strong identity authentication security behind the firewall to contain the damage when attacks pass through the perimeter.