Folks in California are so used to earthquakes that sometimes they barely notice when one happens. Folks in the security business are so busy and swamped with the noise of the market that we often miss tectonic shifts in our own world. Let me help you with that last one:
BREAKING NEWS: “Endpoint Security Earthquake Hits: McAfee Actively Endorses Application Whitelisting. Magnitude & Ramifications Are Significant.”
This week, McAfee, one of the two dominant forces in reactive, blacklist-based endpoint security, actively and unequivocally endorsed Application Whitelisting. Ironically, in hard coverage of Symantec’s recent problems with pcAnywhere, the industry is actively recommending application whitelisting too.
First, let’s cover the major quake: McAfee’s active endorsement of application whitelisting—for corporate desktops and laptops. ( Read More… )
It is a PR disaster. A group of ‘hacktivists’ have somehow managed to attack your company website and changed your content (which is actively being displayed to the entire world). Your phone won’t stop ringing, and your mailbox just melted down. So many questions running through your mind: ‘What just happened?’, ‘Who did this?’, ‘How did they do this?’, and most importantly ‘How can I prevent this from happening again???’. It certainly doesn’t help that this has the highest level of visibility within your organization. It’s going to be a very long day.
Sadly this scenario is now playing itself out more than ever. This is especially true with a loosely managed group of hactivists that call themselves ‘Anonymous’. The list of companies affected by Anonymous is large enough to raise national media attention—which is not exactly where your company wants to have its name mentioned. ( Read More… )
Earlier this week, I wrote a post comparing the cybersecurity strategies of the United States and Australian Departments of Defense. In that post, I applauded the Australians for having a strategy that was “detailed, well-researched and supported, and focused on proactively solving security problems rather than blindly reinforcing outdated and ineffective strategies.” The strategy was based on the DoD’s Defence Signals Directorate’s (DSD) analysis of attacks–learning from what happened to suggest approaches that would have prevented the attacks/breaches. The strategy outlined 35 mitigations, with a strong recommendation to implement the top 4 strategies (#4 is application whitelisting, btw):
“While no single strategy can prevent this type of malicious activity, the effectiveness of implementing the top four strategies remains unchanged. Implemented as a package, these strategies would have prevented at least 70% of the intrusions that DSD analysed and responded to in 2009, and at least 85% of the intrusions responded to in 2010.”
Also earlier this week, McAfee released a report that just about everyone in the security industry has likely now read, “Revealed: Operation Shady RAT”. The report, written by Dmitri Alperovitch, VP Threat Research at McAfee, is an eye opening read covering targeted intrusions into over 70 global companies, governments and non-profit organizations over the last 5 years. The report covers the types of organizations hit the hardest (not shockingly, defense contractors led the list with 13 of the intrusions detected), the ramifications of the breaches, estimated times each were compromised (shortest being 1 month, an honor shared by 9 victims) and even outlines the generic attack approaches utilized: ( Read More… )
Earlier this week, I came across some coverage about some of the Australian Department of Defence’s (DoD) cyber-security strategies. While not completely fair, I found it an interesting study in contrasts between the Australian strategies/tactics and those recently outlined by the United States DoD.
Toney Jennings, CoreTrace CEO and a former Air Force information warfare officer, recently blogged on the US DoD’s “Strategy for Operating in Cyber-Space”. The main objective of his “DoD Cyberspace Strategy: Is the DoD really ready to embrace new technologies & companies???” post was to openly challenge the US DoD to modify their procurement and evaluation processes to enable small and innovative companies to assist in cyber defense. However, Toney also made a few other key points. Most relevant to this post is that Toney highlighted that the document was extremely high level and highly prone to status quo thinking and actions, e.g.,
“Unfortunately, a significant portion of the document is simply reiterating the government’s ‘business as usual’ tactics. I’ve got to believe that for the five strategic initiatives, the DoD already has active programs in place. Therefore, the first question that comes to mind is how effective are these defenses? I suspect that the fundamental problem with the existing defenses is that the government is using traditional security solutions that don’t measure up against evolving cyber attacks. The root of this problem stems from the fact that the government continues to favor status-quo, ‘no one ever got fired for buying from’ large companies and contractors.”
Which brings me to the Australian DoD. In contrast to the high-level US cyberstrategy document, the Australian DoD’s “Strategies to Mitigate Targeted Cyber Intrusions”” plan is detailed, well-researched and supported, and focused on proactively solving security problems rather than blindly reinforcing outdated and ineffective strategies. ( Read More… )
In response to increasing cyber threats targeting the U.S. government, defense contractors and the nation’s critical infrastructure, the Department of Defense released its new strategy for protecting our nation’s systems and networks from cyber attacks. While it’s a nice first step, many critics are wondering if the government can actually pull it off. In the same vein, the shift to virtualization has many businesses re-thinking their existing security approaches. Will virtualization mark the end of traditional host-based antivirus solutions as we know it? Here are some of the top endpoint security stories for July 2011.
DoD’s cybersecurity plan creates more questions than answers
In July, the Department of Defense released its new strategy for operating in cyberspace, and how it plans to protect our nation’s computer systems and networks from cyber attacks. The plan includes a number of initiatives such as treating cyberspace as a domain it defends (with land, air, sea and space), introducing new network defenses to detect and stop malicious code, coordinating with the private sector, and working with other countries. However, in the article, “Critics: U.S. cyber security plan has holes, few new items,” the document has many analysts like Rich Mogull of Securosis wondering if the DoD can pull it off. ( Read More… )