Between insider threats and malware attacks, the idea of trust-but-verify is dead as a security model, according to a new report by Forrester Research.
In its place, Forrester analyst John Kindervag contends enterprises should embrace the concept of zero trust, a model where insiders and outsiders are equally untrustworthy, and security administrators stop trusting packets as if they are people. The change, he said, is necessary due in part to the "innumerable instances" of trusted users going rogue on enterprise networks.
[A]ddressing Stuxnet goes beyond using quality security controls, said Mark Weatherford, vice president and chief security officer at NERC. The industry, he said, needs to demand higher quality software that is free from defects.
"This is not an indictment on [the] control system industry; it's an indictment on the IT business in general," Weatherford said. "We're still seeing products that come out that are susceptible to vulnerabilities that quite frankly have been in the wild for quite some time."
I'm also an advocate of third-party software that helps companies manage elevated accounts. I often run into Cyber-Ark's privilege identity manager solutions. It's pretty cool stuff and perfect for managing elevated accounts. Admin accounts can be locked into a digital vault, then protected by granular policies that enforce rules and checkout procedures in order for an elevated account to be used. One of my favorite features is the one-time-use passwords, where the password is changed for each user and occasion. You can also easily enable auditing of who used what accounts when.
Emerging as the sentinels of this modern scourge are companies like WatchGuard, the Seattle-based manufacturer of appliances dedicated to inoculating computer networks from the spread of viruses. The company in November unveiled three new models in its XCS series of 1U appliances to provide small and midsize businesses with always-on protection from spam, viruses, spyware, phishing and other threats borne by e-mail.
As such, I've frequently advised small business owners to avoid banking on Windows systems, since all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows. What's more, the tools these crooks are using - mainly the Zeus Trojan - almost always outpace anti-virus detection at least by a few days, and by then it's usually too late.
The decade-old software provider, based in Pasadena, Calif., on Jan. 19 announced Version 4 of its EnCase eDiscovery platform.
EnCase provides legal and IT teams with an integrated software package that includes all the necessary functions for in-house electronic discovery, such as legal hold, precollection analytics, and identification, preservation and collection.
The latest news is that Guidance, in its Version 4, has added a couple of other important features: processing, analysis and early case assessment, and first-pass review.
Altor Networks' flagship Altor Virtual Firewall (VF) combines a VMware VMsafe firewall with virtual-aware IDS, designed to stop malware outbreaks that can rapidly infect virtual machines. The product is also designed to eliminate blind spots on the network caused by lack of visibility between host servers and VMs. Plus, it gives customers the ability to sail through compliance audits by providing the ability to filter, monitor and report virtual traffic.
A panel of CIOs from state government, health care and the insurance sector told cloud providers from Microsoft (NSDQ:MSFT), Google (NSDQ:GOOG), Amazon (NSDQ:AMZN) and Joyent on Thursday that they no longer need to be sold on the benefits of cloud infrastructure -- they get them. But that doesn't mean they're ready to trust the cloud, either.
Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.
