Neil MacDonald

A member of the Gartner Blog Network

Archives for April, 2011


If Detection is “Security 101”, Why do we Keep Getting Nailed with APTs?

by Neil MacDonald  |  April 27, 2011  |  3 Comments

I’ve made the argument before that complete information security protection requires a combination of prevention and detection. Further, I believe we have overinvested, become overly reliant on and dangerously complacent with our preventative capabilities. The result is we are exposed and are woefully underinvested in our detection capabilities. At first, my assertions may sound counterintuitive. [...]

3 Comments »

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: , , , , ,

Advanced Persistent Threats: Finding the Needle in a Haystack

by Neil MacDonald  |  April 14, 2011  |  4 Comments

Whether or not you agree with the use of the term “Advanced Persistent Threat” (APT), we can agree that there is a very real threat from advanced intrusions which persist undetected in our systems. By definition, these intrusions are advanced so our traditional (and increasingly ineffective) protection mechanisms such as firewalls and antivirus don’t catch [...]

4 Comments »

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: , , , , ,

Information Security is Becoming a Big Data Problem

by Neil MacDonald  |  April 12, 2011  |  Comments Off

We talk about the need for analytics and business intelligence to help the business make better business decisions, It is time to bring this same technology to the information security department. What we need is actionable, prioritized and risk-based insight from this sea of information. I’ll take it a bit further. There are some emerging [...]

Comments Off

Category: Cloud Security Next-generation Security Infrastructure Security Intelligence     Tags: , , , , ,

Even With Windows 7, Privilege Management Tools May be Needed

by Neil MacDonald  |  April 8, 2011  |  Comments Off

One of the top recommendations I made to increase your security “bang for the buck” in 2011 was to increase the percentage of users that run without administrative access. For clients, we’ve recently published a research note that details the best practices for removing administrator rights from Windows users. One of the best practices is [...]

Comments Off

Category: Microsoft Security Windows 7     Tags: , , ,

“There’s no Such Thing as ‘Secure’ Anymore”

by Neil MacDonald  |  April 5, 2011  |  Comments Off

This sounds exactly like what I wrote here and here. However, this quote isn’t mine. This quote comes from Deborah Plunkett who head the US National Security Agency’s Information Assurance Directorate. Deborah is quoted in this article on Reuters: “The most sophisticated adversaries are going to go unnoticed on our networks. We have to build [...]

Comments Off

Category: Beyond Anti-Virus Next-generation Security Infrastructure Virtualization Security     Tags: , , , , ,

Are APTs Really New? Observations from the APT Summit

by Neil MacDonald  |  April 4, 2011  |  Comments Off

I recently had the opportunity to kick off a summit in Washington DC on the topic of Advanced Persistent Threats along with a number of other speakers representing different technologies and services that could be used to prevent or identify advanced intrusions. Here are my observations from the summit: 1) APT is first and foremost [...]

Comments Off

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: , , , , ,