I came across an interesting post on the darkREADING website yesterday titled PCI More Of A ‘Check-Box’ Than Security For Most Retailers. Particularly interesting was the following excerpt:
Nearly 80 percent of retailers and organizations that handle credit card transactions have been hit with a data breach, but more than 70 percent still don’t consider security strategic to their operations, according to a new report released today.
This apparent incongruity has more to do with organizations accepting a certain level of risk with doing business on the Internet, says Brian Contos, chief security strategist at Imperva, which commissioned the 2009 PCI DSS Compliance Survey conducted by the Ponemon Institute.
“Roughly 30 percent take [PCI security] seriously,” Contos says. “And the others see it as a check box.”
Despite the fact that 80 percent of retailers have experienced a data breach, only 70 percent consider security strategic to their operations and only 30 percent take PCI security seriously. The question is, is this an indictment of the retailers or the PCI standards themselves? ( Read More… )
Jason Holcomb, from Digital Bond, recently attended a live implementation of CoreTrace’s award-winning BOUNCER application whitelisting product. He has a great post about his impressions on whitelisting in general, as well as his experience using BOUNCER on a control system server. His reaction?
“My overall impression: this is an elegant and effective solution to some of the security challenges we face with Windows servers and workstations in control systems.”
Jason hits on many of the reasons why application whitelisting has been so popular in the energy industry and why, more than ever, it is being used to protect critical SCADA and DCS systems as well as met NERC CIP requirements. ( Read More… )
The U.S. Department of Homeland Security takes the security of our power grid seriously and with good reason. A disruption to our power distribution systems could have devastating effects for our citizens, businesses and our economy. That is the driver behind the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) regulations; keeping our national power grids safe.
Yesterday came the latest report of how fragile our power infrastructure can be. ( Read More… )
Anti-virus simply isn’t effective anymore at providing desktop security. We have posted on this topic quite a bit recently, but it seems to have an endless supply of new information and postings that support the growing trend away from reactive, signature dependent anti-virus.
Consider the recent post from long-time industry expert, Robin Bloor, titled The Beginning of the End For AntiVirus. Robin has been a long time advocate of moving away from a clearly broken anti-virus technology and moving toward a more proactive solution that can solve the problem of zero day threats and root kits. He had this to say about the growth of whitelisting and the fall of AV in his article: ( Read More… )
This week we published a research report conducted on our behalf by Dimensional Research titled “Anti-Virus and Anti-Malware: A survey of IT Professionals.” The results are illuminating. It is clear that dissatisfaction with existing desktop security is at an all time high, but that people feel locked into a solution without alternatives.
Last week, I highlighted Gartner Group Analyst, John Pescatore’s call to start over again on desktop security and it appears that the over 200 IT professionals that we surveyed agreed. 52% of the respondents to our survey indicated that they were considering discontinuing blacklist anti-virus all together. Given their lack of faith in its effectiveness and their concern over the performance impact of an increasingly bloated application, it should be no surprise.
We will be talking about these and many other trends in a webinar next week presenting the details of the survey. I hope that you are able to join us and begin participating in the discussion of how to start over on desktop security.