Entries Categorized as 'Beyond Anti-Virus'
by Neil MacDonald | June 16, 2011 | Comments Off
It sounds counterintuitive, but today’s advanced threat environment requires new approaches to the ongoing security and management of server and desktop workloads. The trouble with Advanced Persistent Threats is that, by definition, they have evaded our traditional network and endpoint security controls and now reside undetected in our IT Systems. How many advanced intrusions will [...]
Category: Beyond Anti-Virus Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Adaptive Security Infrastucture, APTs, Beyond Anti-Virus, Defense-in-Depth, Next-generation Security Infrastructure, Security-Summit-NA, Virtualization, Virtualization Security
by Neil MacDonald | May 17, 2011 | 1 Comment
I’m having lots of discussions with clients on Microsoft’s new Forefront Endpoint Protection offering that was released in December of 2010. In addition to recent licensing changes, the biggest change over the pervious release (formerly called Forefront Client Security) is the change out of the management, policy and reporting infrastructure underneath to be based on [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Tags: Beyond Anti-Virus, Endpoint Protection Platform, Information Security, Microsoft Security, Reducing Complexity, Reducing Cost, Security-Summit-NA, Windows
by Neil MacDonald | May 4, 2011 | Comments Off
In discussions with clients, I still run into some confusion on whether or not removal of administrator rights constitutes “lockdown”. Perhaps this was the case a few years ago with older Windows applications and Windows XP, but this is not the case today with Windows 7. For example: Standard users can install and execute well-written [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Microsoft Security Windows 7 Tags: Apple, Beyond Anti-Virus, Endpoint Protection Platform, Lockdown, Microsoft Security, Security-Summit-NA, Whitelisting, Windows
by Neil MacDonald | May 2, 2011 | 3 Comments
Rapid adoption rates, three hundred and fifty thousand apps, but not much malware. What gives? 1) The power of whitelisting. Call it what you may, but having Apple act as the steward of all applications via its App Store is a form of whitelisting (where the list of approved applications [whitelist] is defined by those [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Microsoft Security Windows 7 Tags: Apple, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Security-Summit-NA, Windows
by Neil MacDonald | April 27, 2011 | 3 Comments
I’ve made the argument before that complete information security protection requires a combination of prevention and detection. Further, I believe we have overinvested, become overly reliant on and dangerously complacent with our preventative capabilities. The result is we are exposed and are woefully underinvested in our detection capabilities. At first, my assertions may sound counterintuitive. [...]
Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure Tags: Adaptive Security Infrastucture, Cloud Security, Defense-in-Depth, Information Security, Next-generation Security Infrastructure, Security-Summit-NA
by Neil MacDonald | April 14, 2011 | 4 Comments
Whether or not you agree with the use of the term “Advanced Persistent Threat” (APT), we can agree that there is a very real threat from advanced intrusions which persist undetected in our systems. By definition, these intrusions are advanced so our traditional (and increasingly ineffective) protection mechanisms such as firewalls and antivirus don’t catch [...]
Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure Tags: Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Information Security, Security-Summit-NA, Whitelisting
by Neil MacDonald | April 5, 2011 | Comments Off
This sounds exactly like what I wrote here and here. However, this quote isn’t mine. This quote comes from Deborah Plunkett who head the US National Security Agency’s Information Assurance Directorate. Deborah is quoted in this article on Reuters: “The most sophisticated adversaries are going to go unnoticed on our networks. We have to build [...]
Category: Beyond Anti-Virus Next-generation Security Infrastructure Virtualization Security Tags: Adaptive Security Infrastucture, Cloud Security, Defense-in-Depth, Information Security, Next-generation Security Infrastructure, Virtualization Security
by Neil MacDonald | April 4, 2011 | Comments Off
I recently had the opportunity to kick off a summit in Washington DC on the topic of Advanced Persistent Threats along with a number of other speakers representing different technologies and services that could be used to prevent or identify advanced intrusions. Here are my observations from the summit: 1) APT is first and foremost [...]
Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure Tags: Adaptive Security Infrastucture, Best Practices, Beyond Anti-Virus, Defense-in-Depth, Information Security, Whitelisting
by Neil MacDonald | March 11, 2011 | Comments Off
Google’s Android has made the news a couple of times already in 2011: Here, with a credit card snooping exploit proof of concept and most recently, with malware that had gotten into the Google application store. The latter was particularly serious as it involved a privilege escalation attack that broke out of the Android sandbox. [...]
Category: Application Security Beyond Anti-Virus Endpoint Protection Platform Tags: Apple, Application Security, application security testing tools, Best Practices, Beyond Anti-Virus, Endpoint Protection Platform, Whitelisting
by Neil MacDonald | March 9, 2011 | Comments Off
Sitting here in the airport getting ready to fly back home, it occurred to me that all of these hyped technologies have had a critical shift in mindset over the past several years. Each of these technologies was originally touted with their ability to block and control “bad things” from happening. With NAC, this entailed [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Security Intelligence Tags: Beyond Anti-Virus, Endpoint Protection Platform, Information Security, Next-generation Security Infrastructure, Whitelisting
