In my previous post, I talked about my personal crusade to update security and operational professionals about application whitelisting. Part of that mission is to dispel some of the misconceptions about application whitelisting that people are spreading across the Internet, and shed some light on how application whitelisting is now a widely accepted security and operational solution that secures thousands of systems across all major vertical markets and organizational sizes.
The recent article, “Taking Cybersecurity Lessons To The Bank,” articulates outdated perceptions of application whitelisting, the limitations of blacklisting, and how education is virtually helpless against the growing magnitude of today’s targeted cyber threats. While I agree with most of the article’s assertions around blacklisting and education, the viewpoint on application whitelisting is an example of the quick and trite, and completely outdated, perception of whitelisting that incumbent antivirus companies want people to believe. If security professionals read articles like this one and continue believing the outdated notions, our computers and data will remain easy targets for hackers — and they really don’t have to be. Continue reading this post…
August was a busy month for IT security professionals. Not only were they dealing with significant developments in malware threats, many experts were left dumbfounded by Intel’s announcement that it would acquire McAfee. While we are all trying to make sense of it all, only time will tell. Here are some of the top endpoint security stories of August 2010. Continue reading this post…
One of the hottest topics in cyberspace is the “Protect Cyberspace as a National Asset Act” (PCNAA), a bill the U.S. Senate is considering that would help strengthen the mechanisms by which government and private industry protect the safety and security of the Internet. According to the article, “Plan cyberwar defenses now, before any attacks succeed,” the flaws in America’s counterterrorism strategy continue to leave our cyber-communications network vulnerable to attacks aimed at breaching our personal privacy, stealing our secrets, and even physically harming us.
While it is good news that Congress is taking proactive steps before things explode, their solution to consolidate power within the government to legally monitor and respond to cyber threats as they occur is no way to get on top of the actual problem. Instead of proactively addressing the situation with a reactive set of solutions, they need to carry these measures through with proactive solutions that prevent the situations in the first place. Continue reading this post…
Laser focus attacks, new exploits, and ongoing security woes continue to leave many organizations in disarray about how to defend their networks against highly targeted cyber-attacks. Even the government, which has taken a hard stance on protecting our digital infrastructure, has been slow to move. Here were some of the top security stories from May 2010. Continue reading this post…
A recent study by NSS Labs revealed just how ineffective some of today’s top anti-virus software solutions are at stopping one of the most highly profiled and successful cyber attacks of 2010. According to the article, “More Anti-Virus Fail,” NSS Labs created variants of the Operation Aurora attack to see how many AV products caught the malicious code. The result: Only one out of the seven products tested correctly thwarted multiple exploits and malicious code payloads.
This says a lot about the current state of the AV industry. With so many new viruses and malware variants successfully bypassing security solutions, it is time to shift our way of thinking about how to protect our networks from new and unknown forms of malware and viruses.
With online crime losses doubling in 2009, we simply can’t afford to rely solely on AV software to protect our critical infrastructures from the countless number of malware variants out there. If these solutions are already losing the battle against highly visible malware, I can’t imagine the success rate of stopping unknown attacks would be any better.
As an example of how the industry currently looks at these problems, NSS Labs’ CTO, Vikram Phatak, said: “There are many ways to possibly exploit a vulnerability, and rather than focusing on every attack method, vendors need to focus on [shielding] the vulnerability itself.”
Vikram is correct in pointing out that you can’t defend against every attack method, but focusing on protecting against exploitation of the vulnerability is reactive, and a failure as well. This still leaves companies open to newly discovered vulnerabilities, relies on reactive patching and security system updates, and will ultimately fall on its face. We need to completely rethink our approach to endpoint security that begins with a foundation of whitelisting that would defeat new malware completely independently of the vulnerability or attack.