You’ve all been there before. You’re having dinner with friends and out come the baby pictures. Inevitably, you are listening to a set of parents who are gushing about the fact that their child is the next Fabio or Christy Brinkley and THEN you see the picture…
Well, I find myself in the position today of being the doting parent. Only in this case, the “child” is a major overhaul of our flagship product, BOUNCER V6.0. With this new release the “child” has grown into an adult. You’ll have to pardon my metaphor here, but I believe building a product is, in many ways, like watching your kid grow up. With V6, we’re realizing the vision we developed for the product when I joined CoreTrace more than 3 years ago. Continue reading this post…
Each week seems to present a newly discovered strain of malicious code targeting a high-profiled corporation or system vulnerability. This week is a malware program targeting Siemens WinCC SCADA systems, which hides on USB storage devices and uses a Microsoft security breach before activating a Trojan. While Siemens is taking necessary precautions to inform customers about the potential risks of the virus, its recommendation to use traditional virus scan programs from companies like Trend Micro, McAfee, and Symantec makes me wonder whether this is really an effective solution at all.
First, while Siemens says these security solutions can detect the Trojan, then why wasn’t it stopped by customers using such antivirus software in the first place? Since there has not been an example of malware targeting control systems to this point, in all likelihood even if the antivirus was fully updated the Trojan would have got there anyway.
Second, if their customers weren’t using such security solutions, then why in the world not? Continue reading this post…
There’s been much debate about the National Security Agency’s program, “Perfect Citizen,” which is designed to protect the country’s most widely used and critical infrastructure such as electric grids and nuclear-power plants from emerging cyber attacks. While one camp says monitoring systems is an intrusion into domestic affairs, another sees it as an important step for combatting impending security threats that could cause significant damage to our government, citizens, and national economy. In either case, it is not an actual, proactive solution to securing our critical infrastructure. Continue reading this post…
An explosion of fresh customized malware continues to leave even the industry’s top security products lagging behind as organizations are doing everything they can to protect their networks and customers. Congress has even stepped up their efforts to pass legislation that better protects our digital and critical infrastructures from new cyber threats. But with more targeted attacks successfully exploiting enterprises, the question that still remains is: Are we doing enough? Here were some of the top security stories from June 2010. Continue reading this post…
One of the hottest topics in cyberspace is the “Protect Cyberspace as a National Asset Act” (PCNAA), a bill the U.S. Senate is considering that would help strengthen the mechanisms by which government and private industry protect the safety and security of the Internet. According to the article, “Plan cyberwar defenses now, before any attacks succeed,” the flaws in America’s counterterrorism strategy continue to leave our cyber-communications network vulnerable to attacks aimed at breaching our personal privacy, stealing our secrets, and even physically harming us.
While it is good news that Congress is taking proactive steps before things explode, their solution to consolidate power within the government to legally monitor and respond to cyber threats as they occur is no way to get on top of the actual problem. Instead of proactively addressing the situation with a reactive set of solutions, they need to carry these measures through with proactive solutions that prevent the situations in the first place. Continue reading this post…