John PescatoreBack in 2007, I nominated Fireeye as a Gartner “Cool Vendor” since I’m constantly looking for vendors doing interesting things to deal with the “arbitrary malware” problem – developing wire-speed techniques to determine if in-bound executables are malicious or not.
Today there is an announcement that In-Q-Tel (IQT,) the CIA’s “venture capital” organization, has invested in Fireeye:
“FireEye is a critical addition to our strategic investment portfolio for security technologies,” said T.J. Rylander, a Partner at IQT. “FireEye offers a valuable combination of next-generation malware protection, and its approach to detecting and defeating malware is unique and potentially game changing.”
This is no guarantee of success – the vast majority of In-Q-Tel’s investments do not break through to the commercial side – but it is nice to see the US Government making more investment in techniques to deal with current and next generation threats.
Contrast that with another government announcement this week in this AP piece:
WASHINGTON – Stung by an embarrassing electronic leak last month revealing ethics investigations into dozens of lawmakers, Congress moved Tuesday to prohibit federal employees from using the same type of Internet file-sharing software blamed for the disclosure.
Oy – I knew this was coming, as I blogged back on November 2nd when the sensitive government information leaked out via employees with file sharing software installed:
Now, the knee-jerk reaction will likely be to try to legislate bans on P2P software but that is dealing with the symptom, not the problem. The problem is that normal users can never keep up with what needs to be done to keep business data secure on their home PCs or on consumer-grade web sites and services. Enterprises have to put security controls in place to monitor, contain and ultimately secure the use of all business information, whether in the data center, on a managed PC or on a home PC.
This “let’s legislate the problem away” approach never works. The users violated security policy and they will break laws, too. Some of it is as simple as speed limits don’t stop speeding, radar traps and traffic cameras do. But, the other issue is threats continually evolve and users can not be expected to keep up – let alone will legislators or legislation ever keep up. Remember back in 2001 when some politicians wanted to make buffer overflows illegal?
The government investing in using advanced forms of protection is a much better use of tax dollars than more legislation.
Category: Uncategorized Tags:
2 responses so far ↓
1 Rob Lewis November 19, 2009 at 2:00 pm
Many organizations have policies that designate user access rights, but lack a comprehensive means to enforce them. If there is no means to enforce policies, then does one really have security? Without enforcement, the opportunity for unauthorized behaviors by authorized users will always exist.
Isn’t it curious when you read about those accounts where just the announcement of monitoring technologies and policies changes staff behavior. If they were not doing anything dubious, why would behavior have to change?
2 uberVU - social comments November 23, 2009 at 7:22 am
Social comments and analytics for this post…
This post was mentioned on Twitter by Fireeye: Gartner: Invest in Prevention, or Legislate Away Threats? http://bit.ly/eSTEH | John Pescatore on In-Q-Tel’s FireEye investment…
Leave a Comment