CoreTrace WhiteSpace

The Application Whitelisting and Security Weblog

Top Endpoint Security Stories for February 2011: RSA, poisoned websites & (of course) cloud security…

March 8, 2011 at 10:35 am, by JT Keating

Each year, several key topics emerge from RSA that get everybody thinking. This year was no different. From next-generation cyber security to the impact the cloud could have on the industry, every security professional today is thinking about how they’re going to protect their network from evolving cyber threats, regardless of the type of attack or operating platform. Here are some of the top endpoint security stories for February 2011. Continue reading this post…

Notes from RSA: Security experts echo industry concerns around traditional defense strategies

February 22, 2011 at 11:12 am, by JT Keating

There seems to be a consistent theme at this year’s RSA Conference around the ineffectiveness of traditional defense strategies against modern malware attacks. Each day, I’ve jotted down notes from various sessions that include things like:

  • Blacklist-based filters are ‘insecure by default’ systems. – Alberto Revelli, Senior Consultant, Cigital
  • Blacklisting will not work anymore. – Enrique Salem, CEO, Symantec
  • Malware with ~200 lines of code can defeat AV software with ~10 million lines of code. – William J. Lynn III, U.S. Deputy Secretary of Defense
  • There are too many ways to test for bad input/parameters. You’re better off making the effort to ensure good validation of the known good. – Alberto Revelli
  • Coding using whitelisting approach/methodology develops more secure applications. – Alberto Revelli
  • Properly deployed whitelisting would have stopped all of last year’s attacks. – George Kurtz, CTO, McAfee

Not surprising, many of these same concerns fall in line with how experts in the security industry now see traditional antivirus software. In the article, “Attack mitigation tools fall short, security vendors say,” Gary Golumb, principal security researcher at Netwitness said industry assumptions about the effectiveness of attack mitigation technologies and approaches have been, in his terms, “horribly off base.” Continue reading this post…

From the “what more proof do you need?” file: 90% of the most secure firms may be affected by botnets…

April 15, 2010 at 12:17 pm, by Toney Jennings

An RSA study released on Wednesday claims that most major U.S. corporations — including up to 88% of Fortune 500 companies — may be affected by botnet activity from computers compromised by the Zeus Trojan.

In the article, “88 percent of firms show Zeus botnet activity,” RSA’s FraudAction Anti-Trojan services analyzed data stolen by Zeus from infected computers that included IP addresses and emails that belonged to the corporations. Among the stolen data found on the sites where infected computers drop the stolen data was compromised email addresses from about 60% of the firms. Continue reading this post…

Top endpoint security stories for March 2010 — March Madness sums up month of security concerns

April 1, 2010 at 1:32 pm, by Toney Jennings

In the midst of March Madness, it seems like security professionals everywhere are scurrying to find ways to safeguard their enterprises from new forms of malware and exploit techniques that have successfully bypassed most antivirus protections throughout the first quarter of 2010. With systems constantly under attack, what’s important is making sure our computer endpoints are protected from the latest viruses and botnets out there. Check out some of the top stories from March 2010.
 Continue reading this post…