Folks in California are so used to earthquakes that sometimes they barely notice when one happens. Folks in the security business are so busy and swamped with the noise of the market that we often miss tectonic shifts in our own world. Let me help you with that last one:
BREAKING NEWS: “Endpoint Security Earthquake Hits: McAfee Actively Endorses Application Whitelisting. Magnitude & Ramifications Are Significant.”
This week, McAfee, one of the two dominant forces in reactive, blacklist-based endpoint security, actively and unequivocally endorsed Application Whitelisting. Ironically, in hard coverage of Symantec’s recent problems with pcAnywhere, the industry is actively recommending application whitelisting too.
First, let’s cover the major quake: McAfee’s active endorsement of application whitelisting—for corporate desktops and laptops. Continue reading this post…
Earlier this week, I wrote a post comparing the cybersecurity strategies of the United States and Australian Departments of Defense. In that post, I applauded the Australians for having a strategy that was “detailed, well-researched and supported, and focused on proactively solving security problems rather than blindly reinforcing outdated and ineffective strategies.” The strategy was based on the DoD’s Defence Signals Directorate’s (DSD) analysis of attacks–learning from what happened to suggest approaches that would have prevented the attacks/breaches. The strategy outlined 35 mitigations, with a strong recommendation to implement the top 4 strategies (#4 is application whitelisting, btw):
“While no single strategy can prevent this type of malicious activity, the effectiveness of implementing the top four strategies remains unchanged. Implemented as a package, these strategies would have prevented at least 70% of the intrusions that DSD analysed and responded to in 2009, and at least 85% of the intrusions responded to in 2010.”
Also earlier this week, McAfee released a report that just about everyone in the security industry has likely now read, “Revealed: Operation Shady RAT”. The report, written by Dmitri Alperovitch, VP Threat Research at McAfee, is an eye opening read covering targeted intrusions into over 70 global companies, governments and non-profit organizations over the last 5 years. The report covers the types of organizations hit the hardest (not shockingly, defense contractors led the list with 13 of the intrusions detected), the ramifications of the breaches, estimated times each were compromised (shortest being 1 month, an honor shared by 9 victims) and even outlines the generic attack approaches utilized: Continue reading this post…
With all the talk about the motivation behind Intel’s purchase of McAfee, it seems readily apparent that differentiation in the market for mobile devices, from smartphones to laptops, is a primary element of the acquisition. Four things are converging in this market that help explain Intel’s interest in the mobile device market and McAfee — with the last one likely being the most important:
- It is a huge and rapidly growing market, and adoption of the devices continues to skyrocket.
- The devices are basically small computers, with many of the same types of online access, personal information, etc. that other computers have.
- Malware attacks are starting to hit the mobile community, and people need to protect their devices and themselves.
- Intel currently has very little presence in this market, and it needs a foothold — and thus, a why to differentiate themselves from the already entrenched players such as ARM and Qualcomm. Continue reading this post…
The white flag is a universal symbol of truce, a ceasefire if you will. In war, or in this case the war against cybercrime, McAfee this week issued a sort of truce with its call to arms for the security industry to take the offensive against malware attacks. This action speaks volumes about the current state of the security industry. And we couldn’t agree more. If one of the world’s leading antivirus security software makers is saying that the cat-and-mouse game of trying to keep up with the record amount of malware seen in the first half of 2010 is not working, then we all need to sit up and listen. Continue reading this post…
Yesterday, McAfee announced its intent to acquire one of CoreTrace’s fellow application whitelisting brethren, Solidcore. We are happy for our friends at Solidcore, but even happier for the application whitelisting market overall. Continue reading this post…