As technology evolves, so do cyber attacks and the security tools we use to protect our systems. With 2011 quickly approaching, I want to share my predictions for next year’s top security challenges. The five themes I’ve included are based on emerging security trends we’ve seen in 2010. I believe the following areas could have a significant impact on the security market in 2011 (for the full list, please read the article here):
- Blended threats will become the norm; Stuxnet clones will be rampant, but the real threats will be far more dangerous and sophisticated: My concern is that Stuxnet was far too public and easily discovered. While Stuxnet clones will have a profound impact in the security industry, these threats may be the tip of the iceberg for real threats that are far more powerful and dangerous. Continue reading this post…
For some time now, I’ve been wrestling with how to respond to the way so many people in the security industry misuse the term advanced persistent threat, or APT, for their own marketing purposes. Freely using the term to describe a product that claims to stop APTs is simply wrong. Endpoint security solutions don’t actually stop APTs themselves. To varying degrees, they provide protection against the various types of attacks used by APTs to penetrate a network.
In the article, “How advanced persistent threats bypass your network security,” writer Roger Grimes does an excellent job outlining how APTs are different than more traditional attacks, and their methods of circumventing network defenses. The high-profiled Stuxnet worm, of course, is a classic example of an APT’s weapon because of how advanced and targeted it is. Continue reading this post…
Each week seems to present a newly discovered strain of malicious code targeting a high-profiled corporation or system vulnerability. This week is a malware program targeting Siemens WinCC SCADA systems, which hides on USB storage devices and uses a Microsoft security breach before activating a Trojan. While Siemens is taking necessary precautions to inform customers about the potential risks of the virus, its recommendation to use traditional virus scan programs from companies like Trend Micro, McAfee, and Symantec makes me wonder whether this is really an effective solution at all.
First, while Siemens says these security solutions can detect the Trojan, then why wasn’t it stopped by customers using such antivirus software in the first place? Since there has not been an example of malware targeting control systems to this point, in all likelihood even if the antivirus was fully updated the Trojan would have got there anyway.
Second, if their customers weren’t using such security solutions, then why in the world not? Continue reading this post…
One of the hottest topics in cyberspace is the “Protect Cyberspace as a National Asset Act” (PCNAA), a bill the U.S. Senate is considering that would help strengthen the mechanisms by which government and private industry protect the safety and security of the Internet. According to the article, “Plan cyberwar defenses now, before any attacks succeed,” the flaws in America’s counterterrorism strategy continue to leave our cyber-communications network vulnerable to attacks aimed at breaching our personal privacy, stealing our secrets, and even physically harming us.
While it is good news that Congress is taking proactive steps before things explode, their solution to consolidate power within the government to legally monitor and respond to cyber threats as they occur is no way to get on top of the actual problem. Instead of proactively addressing the situation with a reactive set of solutions, they need to carry these measures through with proactive solutions that prevent the situations in the first place. Continue reading this post…
Targeted cyberattacks that use sophisticated social engineering techniques to exploit network vulnerabilities are creating advanced persistent threats (APT) to enterprise security models like never before. According to the article, “Targeted cyberattacks test enterprise security controls,” these threats pose a more immediate danger to sensitive data of U.S. commercial entities than a full-fledged cyberwar. George Kurtz, a long time colleague of mine and CTO of McAfee, expects these types of attacks to continue.
“These attacks have demonstrated that companies of all sectors are very lucrative targets. [APTs are] the equivalent of the modern drone on the battlefield. With pinpoint accuracy, they deliver their deadly payload, and once discovered — it is too late.”
One of the methods the article suggests to protect systems from targeted attacks is using a whitelist to allow specific traffic over its networks while excluding everything else. Continue reading this post…