I truly believe that 2010 is a turning point in endpoint security. The old antivirus model has reached the end of its practical usefulness and the disadvantages of an approach with a foundation of blacklisting far outweigh its benefits. Operation Aurora and the attacks against major online brands perfectly illustrates the failure of our old paradigm to protect endpoints.
Later this week, we are launching a fun (and funny) awareness campaign, called Planet Antivirus, highlighting the weaknesses of antivirus and focusing on the need to completely rethink our approach to how we defend endpoints. Today I am kicking this campaign off by highlighting the top five failures of antivirus technology: ( Read More… )
Looking back, I have to say that January brought some security industry setbacks, highlighted by Operation Aurora and the publicity surrounding Google’s claims of highly coordinated attacks from China. Particularly relevant to us in these attacks is the fact that application whitelisting would have stopped the attacks while anti-virus was once again helpless to prevent new and targeted attacks. As always, I appreciate your readership and hope that this blog continues to bring value and insight to what we as security professionals are up against in 2010. So without further delay, here were some of the top stories from January 2010. ( Read More… )
Much has already been written about the impact of Operation Aurora on the threat landscape. The international attacks on some of the world’s leading Internet companies reminded us once again of the vulnerabilities within interconnected networks that can be accessed from virtually anywhere in the world.
These attacks also illustrate the growing need for, and strength of, application whitelisting solutions. As Aurora first gained access by attacking an endpoint within Google’s network to trick a user into installing malware, even leading antivirus software designed to detect such viruses and malicious code couldn’t stop it from running within the network. ( Read More… )
As I’ve mentioned before, Microsoft’s inclusion of AppLocker, the embedded technology that decides which software should or should not run based on an IT administrator’s rules, in Windows 7 was further validation that application whitelisting has emerged as the anti-malware solution of the future. While the Windows 7 default security model certainly provides a level of protection against malware threats, for enterprises that require stronger protection with less manual tuning, it is not enough. ( Read More… )
Despite consorted efforts to detect and block one of the world’s most dangerous forms of malware, security experts predict the Conficker worm will continue to deactivate security defenses and wreck havoc on computer networks throughout 2010. That’s bad news for security professionals who are actively doing everything they can to protect their networks from more harmful botnets and malware. ( Read More… )