It’s really puzzling to me to think about how today’s IT security professionals are trying to stop cyber threats. I mean, why go through the trouble of detecting 60,000 newly discovered threats each day, not to mention endure the performance impact that scanning has on a system, when you can quickly and automatically identify the few dozen applications that you would like to run on your endpoint computers?
In this week’s release of the McAfee Threats Report: Third Quarter 2010, the security software maker claims that malware reached an all-time high, averaging 60,000 new threats each day in the third quarter. That number has nearly quadrupled since 2007. ( Read More… )
In my previous post, I talked about my personal crusade to update security and operational professionals about application whitelisting. Part of that mission is to dispel some of the misconceptions about application whitelisting that people are spreading across the Internet, and shed some light on how application whitelisting is now a widely accepted security and operational solution that secures thousands of systems across all major vertical markets and organizational sizes.
The recent article, “Taking Cybersecurity Lessons To The Bank,” articulates outdated perceptions of application whitelisting, the limitations of blacklisting, and how education is virtually helpless against the growing magnitude of today’s targeted cyber threats. While I agree with most of the article’s assertions around blacklisting and education, the viewpoint on application whitelisting is an example of the quick and trite, and completely outdated, perception of whitelisting that incumbent antivirus companies want people to believe. If security professionals read articles like this one and continue believing the outdated notions, our computers and data will remain easy targets for hackers — and they really don’t have to be. ( Read More… )
In all my years in the security game — as an officer in the Air Force Information Warfare Center to my current role as president and CEO of CoreTrace — I’ve seen many changes along the way. Through it all, the one thing I’ve learned is that you can’t make sound security decisions relying on outdated information or perceptions, particularly in today’s vastly changing technology arena.
This is why I’ve made it my personal crusade to make sure security and operations professionals everywhere have the most updated information about application whitelisting. Not only did I feel compelled, but I felt it was my obligation to publish the new security brief, “Top Seven Things You Need to Know about Application Whitelisting,” to dispel the myths and outdated perceptions that surround application whitelisting. ( Read More… )
October saw another fake antivirus alert make the rounds, only this time masquerading Microsoft Security Essentials. This trend, along with more information about the Stuxnet worm, are making security experts wonder if these are signs of things to come. So, with cyber threats up and growing in severity, why then are security budgets down? According to McAfee, this is the paradox facing the IT security industry. Here are some of the top endpoint security stories of October 2010. ( Read More… )
In boxing, the job of any prize fighter is to understand your opponent’s weakness. In doing so, it takes a few rounds to figure out what tactics are going to be the most effective. Once they do, that’s when they let loose.
The Metasploit Autopwn Browser framework is an excellent tool that security professionals use to deliver a set of known exploits for pen-testing. It basically mimics possible actions that a real world “bad actor” could use to penetrate a computer’s defenses–much in the same way a prize fighter does. It enables us to mock up a typical scenario wherein the bad actor uses some type of social engineering tactic to deceive somebody into clicking on the exploit, then carefully analyzing what’s running on the victim’s computer before determining the best way to exploit the endpoint and take over the machine. For computers protected by CoreTrace’s BOUNCER application whitelisting solution, the right defenses are in place to stop the real world exploit from getting on the machine in the first place. In other words, with BOUNCER the fight is over before it even begins. ( Read More… )
Most recent comment:
Greg Valentine
It was brought to my attention by a reader of this blog that we had incorrectly characterized Metasploit as malware. ...