You’ve all been there before. You’re having dinner with friends and out come the baby pictures. Inevitably, you are listening to a set of parents who are gushing about the fact that their child is the next Fabio or Christy Brinkley and THEN you see the picture…
Well, I find myself in the position today of being the doting parent. Only in this case, the “child” is a major overhaul of our flagship product, BOUNCER V6.0. With this new release the “child” has grown into an adult. You’ll have to pardon my metaphor here, but I believe building a product is, in many ways, like watching your kid grow up. With V6, we’re realizing the vision we developed for the product when I joined CoreTrace more than 3 years ago. Continue reading this post…
Cisco recently initiated the End-of-Life process for the Cisco Security Agent (CSA) endpoint security solution.
Even before Cisco announced CSA’s end-of-life, CSA customers have been interested in CoreTrace’s application whitelisting solution, BOUNCER, because of BOUNCER’s ability to protect endpoints at a fraction of the HIPS administration effort. BOUNCER can do this by:
- Rapidly secure endpoints without requiring manual tuning
- Auto-generate whitelists for each computer
- Protect against even the most sophisticated malware like memory attacks
- Prevent unauthorized applications
- Dynamically update each system’s whitelist for new authorized applications and upgrades
Today, we announced the Cisco Security Agent (CSA) Transition Program Continue reading this post…
Yesterday, we saw yet another example of how antivirus — not malicious code — can leave thousands of PCs useless.
What intended to be a routine McAfee software update to its antivirus definitions for corporate customers has likely turned into a costly nightmare for the antivirus software maker and many of its customers. Instead of updating the security software, the faulty virus definitions removed the Svchost.exe file, a critical component of the Windows operating system. Continue reading this post…
Targeted cyberattacks that use sophisticated social engineering techniques to exploit network vulnerabilities are creating advanced persistent threats (APT) to enterprise security models like never before. According to the article, “Targeted cyberattacks test enterprise security controls,” these threats pose a more immediate danger to sensitive data of U.S. commercial entities than a full-fledged cyberwar. George Kurtz, a long time colleague of mine and CTO of McAfee, expects these types of attacks to continue.
“These attacks have demonstrated that companies of all sectors are very lucrative targets. [APTs are] the equivalent of the modern drone on the battlefield. With pinpoint accuracy, they deliver their deadly payload, and once discovered — it is too late.”
One of the methods the article suggests to protect systems from targeted attacks is using a whitelist to allow specific traffic over its networks while excluding everything else. Continue reading this post…
Back in December, I wrote about Cisco’s 2009 Security Threat Report and made the comment that application whitelisting was “the patch for the common user”. My point was a simple one: we cannot stop our people from accessing resources, and instead we should focus on stopping the real threat: the payload.
Yesterday, Stan Schroeder at Mashable wrote a great blog about the French and German governments strongly urging users to stop using Internet Explorer and to use other browsers like Safari and Firefox. The recommendation was made because of a similar vulnerability in Internet Explorer 6, 7, and 8 that allows malicious hackers to remotely execute arbitrary code.
I do not want to cause an international incident (especially with countries that I love to ski in), but I think the recommendation is shortsighted and purely based on the status quo mentality of reactive responses to the du jour threats. Continue reading this post…