Earlier this week, I came across some coverage about some of the Australian Department of Defence’s (DoD) cyber-security strategies. While not completely fair, I found it an interesting study in contrasts between the Australian strategies/tactics and those recently outlined by the United States DoD.
Toney Jennings, CoreTrace CEO and a former Air Force information warfare officer, recently blogged on the US DoD’s “Strategy for Operating in Cyber-Space”. The main objective of his “DoD Cyberspace Strategy: Is the DoD really ready to embrace new technologies & companies???” post was to openly challenge the US DoD to modify their procurement and evaluation processes to enable small and innovative companies to assist in cyber defense. However, Toney also made a few other key points. Most relevant to this post is that Toney highlighted that the document was extremely high level and highly prone to status quo thinking and actions, e.g.,
“Unfortunately, a significant portion of the document is simply reiterating the government’s ‘business as usual’ tactics. I’ve got to believe that for the five strategic initiatives, the DoD already has active programs in place. Therefore, the first question that comes to mind is how effective are these defenses? I suspect that the fundamental problem with the existing defenses is that the government is using traditional security solutions that don’t measure up against evolving cyber attacks. The root of this problem stems from the fact that the government continues to favor status-quo, ‘no one ever got fired for buying from’ large companies and contractors.”
Which brings me to the Australian DoD. In contrast to the high-level US cyberstrategy document, the Australian DoD’s “Strategies to Mitigate Targeted Cyber Intrusions”” plan is detailed, well-researched and supported, and focused on proactively solving security problems rather than blindly reinforcing outdated and ineffective strategies. Continue reading this post…
Growing evidence suggests that a rootkit infection was *one* of the culprits behind last week’s Blue Screen of Death incident that caused countless Windows PCs to lock down after installing several Microsoft security patches. While many follow-up articles have focused on the malware infection that caused the problem, including Robert Westervelt’s SearchSecurity.com article, “Windows blue screen may be result of rootkit infection,” from an endpoint security standpoint, most seem to be missing the point. And that point is even though malware may be causing this problem, rushed patching is a process that can always cause problems. Continue reading this post…
This week I kicked off our Planet Antivirus challenge with a blog entry highlighting the top 5 failures of antivirus. My fifth point highlighted the fact that relying on antivirus resulted in a reliance on fire drill patching as a result:
Relying on antivirus ties companies to fire drill software patching — The side effect of relying on antivirus to protect endpoints is that companies are now tied to reactive software application patching as well. Because we can’t trust our antivirus software to protect the endpoint, we also must remain constantly aware and vigilant about identifying and fixing vulnerabilities in our applications on the endpoint. The resulting combination of rushed patches and signatures is a significant drain on the human resources of an organization.
It’s rare that such a post has supporting evidence appear just days after it is published, but this week, that is exactly what happened. It was reported this week that a Windows XP security update resulted in the notorious Blue Screen of Death (BSOD), locking up many users’ Windows XP PCs. In the article, “Windows patch cripples XP with blue screen, users claim,” hundreds of Windows users expressed their frustrations on the company’s support forum throughout the week. Continue reading this post…
I truly believe that 2010 is a turning point in endpoint security. The old antivirus model has reached the end of its practical usefulness and the disadvantages of an approach with a foundation of blacklisting far outweigh its benefits. Operation Aurora and the attacks against major online brands perfectly illustrates the failure of our old paradigm to protect endpoints.
Later this week, we are launching a fun (and funny) awareness campaign, called Planet Antivirus, highlighting the weaknesses of antivirus and focusing on the need to completely rethink our approach to how we defend endpoints. Today I am kicking this campaign off by highlighting the top five failures of antivirus technology: Continue reading this post…
November was a busy month for security stories. The month kicked off with more stories of massive security patches from both Microsoft and Apple leaving me to wonder when the patching madness will ever end. Windows 7 was found to have a flaw that allows denial of service attacks. Internet Explorer v7 (IE7) even made it into the news with the latest vulnerability, but I question efforts to patch an aging application, why not just upgrade or use Firefox? If they aren’t willing to upgrade, do people really think they will patch IE7?
Without further delay, here are the stories that caught my eye in November: Continue reading this post…