Yesterday, I sat in the RSA panel titled, “Cyber Security: An Arms Race.” It was an interesting panel because, of course, cyber security is an arms race. One of the recurring comments from the audience was centered around, “Who should be responsible for defending our networks?” This is a question that has been debated for some time now. The answer kept leading back to government and compliance. However, members of the audience did not realize that one of the fundamental axioms of computer security is: Compliance does not mean secure.
We are familiar with the above statement. We all know that security compliance may increase security, but not completely provide it. A great example of this occurred in the fall of 2008 within the DOD. Systems running in the DOD networks were compliant with FIPS 140-2, common criteria, and other standards. The systems and networks were operated by a staff of trained professionals. But even with all of the compliant security measures in place, Conficker still propagated throughout the DOD networks causing over $100 million in cleanup costs.
A similar problem occurred at Heartland Payment Systems. Even though Heartland was fully PCI compliant, hackers still stole information on the 100 million credit card transactions that are processed each month.
Compliance is important, but we must remember that compliance standards may take years to create and are never updated fast enough to stay current with today’s threats. Organizations must protect against the threats of the past by being compliant. They must also defend against the threats of today by being proactive. Application whitelisting is the proactive solution against today’s threats and must become the cornerstone of any security strategy.
In a month known for love, February was filled with more heartbreaking stories of security problems and problematic fire drill patching. Is it me, or does it seem like everybody’s experiencing security compromises stemming from patching flaws and vulnerabilities within their system? Instead of resulting in more secure networks, what these and other recent stories point out is that malware only highlights the fact that existing desktop security isn’t working properly. Check out some of the top stories from February 2010.
Security patches cripple Windows XP computers
Windows customers were up in arms over a Microsoft security patch that left their PCs locked down with the notorious Blue Screen of Death. This was yet another glaring example of the problems organizations experience when rolling out patches quickly. ( Read More… )
There is no question that cyberspace is a new frontline in traditional and untraditional conflict. Many nations and organizations have the ability, directly and by proxy, to target and attack critical infrastructure within the US and worldwide. The recent cyber attacks launched within China against Google and several other companies raised questions about the state of industry preparedness to help defend cyberspace.
The US government relies on commercial industry to safeguard the Internet, telecommunications, power, water, and other critical infrastructure that underpin our national economy. Elements of this infrastructure also directly support our ability to project military power worldwide. ( Read More… )
Growing evidence suggests that a rootkit infection was *one* of the culprits behind last week’s Blue Screen of Death incident that caused countless Windows PCs to lock down after installing several Microsoft security patches. While many follow-up articles have focused on the malware infection that caused the problem, including Robert Westervelt’s SearchSecurity.com article, “Windows blue screen may be result of rootkit infection,” from an endpoint security standpoint, most seem to be missing the point. And that point is even though malware may be causing this problem, rushed patching is a process that can always cause problems. ( Read More… )
Most recent comment:
Greg Newman
"What these recent stories point out is that malware infections on these devices only highlights the fact that existing desktop ...
This week I kicked off our Planet Antivirus challenge with a blog entry highlighting the top 5 failures of antivirus. My fifth point highlighted the fact that relying on antivirus resulted in a reliance on fire drill patching as a result:
Relying on antivirus ties companies to fire drill software patching — The side effect of relying on antivirus to protect endpoints is that companies are now tied to reactive software application patching as well. Because we can’t trust our antivirus software to protect the endpoint, we also must remain constantly aware and vigilant about identifying and fixing vulnerabilities in our applications on the endpoint. The resulting combination of rushed patches and signatures is a significant drain on the human resources of an organization.
It’s rare that such a post has supporting evidence appear just days after it is published, but this week, that is exactly what happened. It was reported this week that a Windows XP security update resulted in the notorious Blue Screen of Death (BSOD), locking up many users’ Windows XP PCs. In the article, “Windows patch cripples XP with blue screen, users claim,” hundreds of Windows users expressed their frustrations on the company’s support forum throughout the week. ( Read More… )