A recent study by NSS Labs revealed just how ineffective some of today’s top anti-virus software solutions are at stopping one of the most highly profiled and successful cyber attacks of 2010. According to the article, “More Anti-Virus Fail,” NSS Labs created variants of the Operation Aurora attack to see how many AV products caught the malicious code. The result: Only one out of the seven products tested correctly thwarted multiple exploits and malicious code payloads.
This says a lot about the current state of the AV industry. With so many new viruses and malware variants successfully bypassing security solutions, it is time to shift our way of thinking about how to protect our networks from new and unknown forms of malware and viruses.
With online crime losses doubling in 2009, we simply can’t afford to rely solely on AV software to protect our critical infrastructures from the countless number of malware variants out there. If these solutions are already losing the battle against highly visible malware, I can’t imagine the success rate of stopping unknown attacks would be any better.
As an example of how the industry currently looks at these problems, NSS Labs’ CTO, Vikram Phatak, said: “There are many ways to possibly exploit a vulnerability, and rather than focusing on every attack method, vendors need to focus on [shielding] the vulnerability itself.”
Vikram is correct in pointing out that you can’t defend against every attack method, but focusing on protecting against exploitation of the vulnerability is reactive, and a failure as well. This still leaves companies open to newly discovered vulnerabilities, relies on reactive patching and security system updates, and will ultimately fall on its face. We need to completely rethink our approach to endpoint security that begins with a foundation of whitelisting that would defeat new malware completely independently of the vulnerability or attack.
With industrialized hacking on the rise, organizations serious about protecting their data must take proactive measures if they expect to win the war against cybercriminals. That’s Imperva CTO Amichai Shulman’s straight-forward message to applications owners everywhere and lists some real trends that are threatening businesses everywhere. My take, this is a good list, but while proactive is good, protective is better.
In this week’s TechJournal South article, “Industrialized hacking tops five data security trends for 2010″, Mr. Shulman’s data security firm listed its top five security predictions for 2010: Continue reading this post…
I recently wrote about a the 60 Minutes special on cyber security, and how a former chief of national intelligence didn’t believe the U.S. is prepared for a sophisticated attack that could bring down a major power grid. Opinions varied about the special itself, but the one thing people shouldn’t overlook is that cyber threats are real and that the infrastructure that protects our power grids needs to be defended.
The spotlight on this need continued last week when President Obama issued a statement saying December was Critical Infrastructure Protection (CIP) Month. Proclamations like these won’t change the world. Our systems won’t magically become secure, and most of the people responsible for these systems are already working hard to defend them.
That said, this proclamation adds to the increased awareness of the need for infrastructure protection against all attacks including cyber attacks. Continue reading this post…
If you missed it this weekend, I am including a link to the 60 Minutes special on cyber security this weekend as well as embedding the video below. The episode is a sobering look at the threats to not only to the systems that comprise our power grid, but it also sheds light on just how vulnerable we are as a nation to an online attack.
Watch CBS News Videos Online
The story begins with an interview of Admiral Mike McConnell, former chief of national intelligence, who has this to say:
“If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a cascading effect. All of those things are in the art of the possible from a sophisticated attacker,” McConnell explained.
“Do you believe our adversaries have the capability of bringing down a power grid?” Kroft asked.
“I do,” McConnell replied.
Asked if the U.S. is prepared for such an attack, McConnell told Kroft, “No. The United States is not prepared for such an attack.”
As someone who has worked in the computer industry for over 20 years, it is often easy to simply look at compliance requirements as a necessary evil that brings very little real value to business. In the case of regulations governing security on the Internet, like the North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC-CIP) guidelines, their goal is nothing short of our National security.
In general, this was a very thorough piece that not only deals with grid security, but also highlights recent Internet based attacks and provides details of how important it is to defend all of our critical systems. If you have some time today this segment is certainly worth watching.
This week Michael Assante, the Chief Security Officer (CSO) for the North American Electric Reliability Corporation (NERC), testified before congress about the threats facing the modern electric grid. The focus of this testimony in particular was the readiness of the systems comprising the electric grid to defend themselves against cyber attacks. At the beginning of his testimony, Mr. Assante called out the unique aspect of the dangers posed by a cyber attack and why that was so concerning to him.
“Unlike other concerns, such as extreme weather, security-related threats can be driven by malicious actors who intentionally manipulate or disrupt normal operations as part of a premeditated design to cause damage. Cyber-related threats pose a special set of concerns in that they can arise virtually anytime, anywhere and change and emerge without warning.” Continue reading this post…