Yesterday, I sat in the RSA panel titled, “Cyber Security: An Arms Race.” It was an interesting panel because, of course, cyber security is an arms race. One of the recurring comments from the audience was centered around, “Who should be responsible for defending our networks?” This is a question that has been debated for some time now. The answer kept leading back to government and compliance. However, members of the audience did not realize that one of the fundamental axioms of computer security is: Compliance does not mean secure.
We are familiar with the above statement. We all know that security compliance may increase security, but not completely provide it. A great example of this occurred in the fall of 2008 within the DOD. Systems running in the DOD networks were compliant with FIPS 140-2, common criteria, and other standards. The systems and networks were operated by a staff of trained professionals. But even with all of the compliant security measures in place, Conficker still propagated throughout the DOD networks causing over $100 million in cleanup costs.
A similar problem occurred at Heartland Payment Systems. Even though Heartland was fully PCI compliant, hackers still stole information on the 100 million credit card transactions that are processed each month.
Compliance is important, but we must remember that compliance standards may take years to create and are never updated fast enough to stay current with today’s threats. Organizations must protect against the threats of the past by being compliant. They must also defend against the threats of today by being proactive. Application whitelisting is the proactive solution against today’s threats and must become the cornerstone of any security strategy.
There is no question that cyberspace is a new frontline in traditional and untraditional conflict. Many nations and organizations have the ability, directly and by proxy, to target and attack critical infrastructure within the US and worldwide. The recent cyber attacks launched within China against Google and several other companies raised questions about the state of industry preparedness to help defend cyberspace.
The US government relies on commercial industry to safeguard the Internet, telecommunications, power, water, and other critical infrastructure that underpin our national economy. Elements of this infrastructure also directly support our ability to project military power worldwide. Continue reading this post…
Looking back, I have to say that January brought some security industry setbacks, highlighted by Operation Aurora and the publicity surrounding Google’s claims of highly coordinated attacks from China. Particularly relevant to us in these attacks is the fact that application whitelisting would have stopped the attacks while anti-virus was once again helpless to prevent new and targeted attacks. As always, I appreciate your readership and hope that this blog continues to bring value and insight to what we as security professionals are up against in 2010. So without further delay, here were some of the top stories from January 2010. Continue reading this post…
Back in December, I wrote about Cisco’s 2009 Security Threat Report and made the comment that application whitelisting was “the patch for the common user”. My point was a simple one: we cannot stop our people from accessing resources, and instead we should focus on stopping the real threat: the payload.
Yesterday, Stan Schroeder at Mashable wrote a great blog about the French and German governments strongly urging users to stop using Internet Explorer and to use other browsers like Safari and Firefox. The recommendation was made because of a similar vulnerability in Internet Explorer 6, 7, and 8 that allows malicious hackers to remotely execute arbitrary code.
I do not want to cause an international incident (especially with countries that I love to ski in), but I think the recommendation is shortsighted and purely based on the status quo mentality of reactive responses to the du jour threats. Continue reading this post…
Earlier today, CoreTrace announced a record breaking 2009. The results are further proof that CoreTrace’s award-winning BOUNCER technology continues to be one of the leading endpoint security solutions in the application whitelisting market.
Some of the highlights include:
- Eighth consecutive quarter of record growth.
- 500 percent revenue growth over 2008.
- GlobalSCAPE Inc. investment of $2.3 million. Continue reading this post…