Skip to main content

Home/ NBISE Institute/ Group items tagged firewall

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
dhtobey Tobey

Outgunned: How Security Tech Is Failing Us -- InformationWeek - 0 views

www.informationweek.com/...showArticle.jhtml

NBISE security scanning firewall software

shared by dhtobey Tobey on 29 Jan 11 - No Cached
  • "Years ago when we started writing checks, we might have been tackling five to 10 a day," says Paul Wood, a senior analyst with Symantec Hosted Services. "It's now well over 10,000 a day and growing." According to McAfee's 2010 Q2 Threat Report, the company identified 10 million pieces of malware in the first half of this year and is tracking close to 45 million in its malware database.
  • Vulnerability assessment products are also behind the curve, as Greg Ose and Patrick Toomey, both Neohapsis application security consultants, found when they recently set out to measure the relative effectiveness of various vulnerability scanners. "It's a question frequently raised by our customers," Toomey says. "They know the tools aren't going to catch all of the problems, but can they count on them to catch, say, 80% of the bad ones?" What Ose and Toomey discovered was far worse than even they had anticipated. Out of the 1,404 vulnerabilities accounted for by the Common Vulnerabilities and Exposures project during the sample period, there were only 371 signatures. In the best cases, the tools were in the 20% to 30% effectiveness range.
  • Toomey's observations are in line with those of security researcher Larry Suto, who earlier this year reported that Web application vulnerability scanners missed almost half (49%) of the vulnerabilities present during his tests.
  • ...5 more annotations...
  • But there's also a new twist to consider: With an increased number of attackers targeting and hijacking the credentials of IT personnel, the outsider can become the insider, at least from the perspective of our technology controls. Forward-thinking companies will move now to address this scenario. Think about how you'll detect large, anomalous query spikes against key tables in sensitive databases. Ensure you can spot large-scale document downloads from file shares and internal document management systems. If a hijacked credential is used to log into a large number of machines during a short time frame, you should have the ability to spot that activity.
    • dhtobey Tobey
      dhtobey Tobey on 29 Jan 11
       
      Investing in workforce development and professionalizatino of the infosec workforce may do more.. combat ingenuity with ingenuity, not automation.
  • investing even a small percentage of your security budget in only a few specialized systems to help here will go further than throwing good money at yesterday's outdated controls.
  • Stop rewarding ineffectiveness and start rewarding innovation. Maybe right now you're struggling with a scary realization: "The millions I'm spending on firewalls and antivirus technology is relatively worthless if my adversary is skilled."
  • Greg Shipley is an InformationWeek contributor and a former CTO
1 - 1 of 1
Showing 20 items per page