I truly believe that 2010 is a turning point in endpoint security. The old antivirus model has reached the end of its practical usefulness and the disadvantages of an approach with a foundation of blacklisting far outweigh its benefits. Operation Aurora and the attacks against major online brands perfectly illustrates the failure of our old paradigm to protect endpoints.
Later this week, we are launching a fun (and funny) awareness campaign, called Planet Antivirus, highlighting the weaknesses of antivirus and focusing on the need to completely rethink our approach to how we defend endpoints. Today I am kicking this campaign off by highlighting the top five failures of antivirus technology: Continue reading this post…
More companies than ever are looking at alternatives to blacklist antivirus. It isn’t hard to see why. Rampant botnets, endless patching, and signature distribution that simply can’t keep up with the threat are just a few of the reasons why IT and security professionals are looking for viable alternatives to protect their endpoints. Even Gartner group has said it is time to start over on desktop security. Continue reading this post…
I’m here this week in Boston, MA attending the IANS 2009 New England Information Security Forum. It’s a great, interactive conference of security professionals sharing their experiences and observations of the current environment for enterprise security. Here are my thoughts from Wednesday’s sessions.
The IANS founders kicked things off with some into “keynote” observations.
- Signs of economic recovery may bode well in the fight against crimeware. According to the founders (I am not sure I completely agree yet) economic indicators (using the Dow and NASDAQ) show that we are back to where we were this time last year. The founders made a point that a tough economy is correlated to an increase in crimeware. Continue reading this post…
Jason Holcomb, from Digital Bond, recently attended a live implementation of CoreTrace’s award-winning BOUNCER application whitelisting product. He has a great post about his impressions on whitelisting in general, as well as his experience using BOUNCER on a control system server. His reaction?
“My overall impression: this is an elegant and effective solution to some of the security challenges we face with Windows servers and workstations in control systems.”
Jason hits on many of the reasons why application whitelisting has been so popular in the energy industry and why, more than ever, it is being used to protect critical SCADA and DCS systems as well as met NERC CIP requirements. Continue reading this post…
Last week Microsoft issued an advisory on a new vulnerability with the IIS FTP service. This vulnerability already has a published exploit and can result in allowing the attacker to execute unauthorized code on the target. Details of the vulnerability are available at the US-CERT website. If you have an anonymous account on your ftp server then you are especially at risk because no theft of credentials would be needed to execute this exploit.
To me the key to this issue is that a fix won’t be included in today’s Microsoft security patch release. There simply wasn’t enough time to identify, code and test the patch before it was released. Microsoft complained that the security researcher didn’t report the vulnerability responsibly. While this may be true, it certainly highlights the weakness of a desktop security plan that relies on patching and antivirus signatures. Continue reading this post…