Neil MacDonald

On 3 June 2011, RSA, the Security Division of EMC, confirmed that Lockheed Martin had proof that hackers attacked its network partly by using data stolen in a March 2011 attack on RSA. Subsequently, on 6 June 2011, RSA announced a program to replace customers’ RSA SecurID one-time password (OTP) authentication product tokens We’ve updated [...]

1 Comment »

Category: Application Security Endpoint Protection Platform Information Security     Tags: Best Practices, Defense-in-Depth, Endpoint Protection Platform, Information Security, Security-Summit-NA

Share

I’m attending Symantec’s worldwide analyst conference in New York City today (24 May 2011). Symantec’s CEO, Enrique Salem, kicked off the morning with a discussion of Symantec’s role in the changing world of IT and information security. Enrique called out five megatrends that are challenging our preconceptions about the role of IT and information security: [...]

Comments Off

Category: Cloud Cloud Security Information Security Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: Cloud Security, Information Security, Next-generation Data Center, Next-generation Security Infrastructure, Security-Summit-NA, Virtualization Security

Share

There’s been a bunch of highly publicized attacks recently. Each one has a major lesson for information security. 1) Barracuda’s breach Major lesson: Test all of your web-enabled applications for vulnerabilities as a part of the ongoing application development and change process. This was the root cause of the breach. Minor lesson: Web application firewalls [...]

2 Comments »

Category: Application Security Cloud Cloud Security Information Security     Tags: application security testing tools, Best Practices, Cloud Security, Defense-in-Depth, Information Security, Security-Summit-NA

Share

I’m having lots of discussions with clients on Microsoft’s new Forefront Endpoint Protection offering that was released in December of 2010. In addition to recent licensing changes, the biggest change over the pervious release (formerly called Forefront Client Security) is the change out of the management, policy and reporting infrastructure underneath to be based on [...]

1 Comment »

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security     Tags: Beyond Anti-Virus, Endpoint Protection Platform, Information Security, Microsoft Security, Reducing Complexity, Reducing Cost, Security-Summit-NA, Windows

Share

I saw this article recently describing an attack against one or more zero day vulnerabilities in Google’s Chrome browser. Worse, the attack reportedly is able to break outside of the “sandbox” (created by the use of mandatory integrity controls within Windows) and execute code at a different trust level. The attack is reportedly not stopped [...]

Comments Off

Category: Application Security Information Security Windows 7     Tags: Apple, Application Security, Beyond Anti-Virus, Browser Security, Security-Summit-NA, Windows

Share

Rapid adoption rates, three hundred and fifty thousand apps, but not much malware. What gives? 1) The power of whitelisting. Call it what you may, but having Apple act as the steward of all applications via its App Store is a form of whitelisting (where the list of approved applications [whitelist] is defined by those [...]

3 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Microsoft Security Windows 7     Tags: Apple, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Security-Summit-NA, Windows

Share

I’ve made the argument before that complete information security protection requires a combination of prevention and detection. Further, I believe we have overinvested, become overly reliant on and dangerously complacent with our preventative capabilities. The result is we are exposed and are woefully underinvested in our detection capabilities. At first, my assertions may sound counterintuitive. [...]

3 Comments »

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: Adaptive Security Infrastucture, Cloud Security, Defense-in-Depth, Information Security, Next-generation Security Infrastructure, Security-Summit-NA

Share

Whether or not you agree with the use of the term “Advanced Persistent Threat” (APT), we can agree that there is a very real threat from advanced intrusions which persist undetected in our systems. By definition, these intrusions are advanced so our traditional (and increasingly ineffective) protection mechanisms such as firewalls and antivirus don’t catch [...]

4 Comments »

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Information Security, Security-Summit-NA, Whitelisting

Share

I recently had the opportunity to kick off a summit in Washington DC on the topic of Advanced Persistent Threats along with a number of other speakers representing different technologies and services that could be used to prevent or identify advanced intrusions. Here are my observations from the summit: 1) APT is first and foremost [...]

Comments Off

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: Adaptive Security Infrastucture, Best Practices, Beyond Anti-Virus, Defense-in-Depth, Information Security, Whitelisting

Share

I was performing some background research on the number and severity of vulnerabilities produced by Apple, Microsoft and other vendors when I ran across something quite interesting. (BTW – I was researching the issue addressed in this research note for clients — whether or not antimalware software is recommended for enterprise Apple Macintosh endpoints.) Microsoft, like [...]

4 Comments »

Category: Application Security Information Security Microsoft Security Windows 7     Tags: Apple, Application Security, application security testing tools, Browser Security, Microsoft, Windows

Share