Research firm Gartner has said that detecting advanced and hidden intrusions on enterprise systems is one of the biggest challenges facing information security. It added that systematic workload reprovisioning (SWR) is required to counter such threats.

Mostly, advanced intrusions are financially motivated and targeted, said Gartner, adding that such threats include state-sponsored "advanced persistent threats" and that such intrusions can remain undetected for extended periods of time.

Gartner fellow and vice-president Neil MacDonald said once an advanced attack has gained a foothold in a system, the intrusion can remain undetected for extended periods of time, either because a signature is not available to detect the intrusion or because it has compromised the host operating system at a deep level, so that it remains cloaked and undetectable by endpoint security controls.

MacDonald added, "New approaches, such as systematic workload reprovisioning, are needed to counter these advanced threats, and will require fundamental shifts in the way security professionals think about the ongoing security and management of server and desktop workloads."

SWR periodically rebuilds and reprovisions server and desktop workloads from a high-assurance library of base image files.

Gartner analysts urged businesses to adopt a SWR strategy considering new scale-out resilient application architectures, the uptake of server and desktop virtualisation techniques at the OS and application level, and today’s advanced threat environment.

"A SWR strategy reduces the dwell time of an intruder and will appeal to information security professionals looking for new ways to counter advanced intrusions for high-risk workloads," Mr.MacDonald said.

"Systematic reprovisioning of workloads from high-assurance repositories will become an accepted strategy for high-risk workloads to counter advanced intrusions during the next five years."

Gartner predicts that by 2016, more than 20% of enterprises will adopt a SWR strategy for high-risk, server-based workloads, and more than 60% of enterprises will adopt a SWR strategy for hosted virtual desktop workloads.