Neil MacDonald

A member of the Gartner Blog Network

Entries Tagged as 'Best Practices'


This Just In: Signature-based Protection Ineffective Against Targeted Attacks

by Neil MacDonald  |  January 31, 2013  |  1 Comment

  Seriously, is anyone surprised? I’m sure you’ve seen the news about Chinese infiltration at the New York Times: http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html According to the article: Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec [...]

1 Comment »

Category: Beyond Anti-Virus Endpoint Protection Platform     Tags: , , , , , ,

Virtual Firewalls or Physical? Wrong Question.

by Neil MacDonald  |  November 5, 2012  |  2 Comments

I still see people getting bogged down in rather meaningless arguments as to whether or not firewalls will be virtualized. They will (and, in fact, are). The bigger trend is the shift from proprietary hardware to software running on commodity hardware (in almost all cases, x86). That’s the big shift. Whether or not a given [...]

2 Comments »

Category: Cloud Cloud Security Next-generation Security Infrastructure Virtualization Virtualization Security     Tags: , , , , , , ,

If a Tree Falls in the Forest, is it Encrypted?

by Neil MacDonald  |  September 6, 2012  |  1 Comment

There’s a story behind the title of this blog Recently, I had a discussion in regards to Microsoft’s BitLocker with a client. One of the issues I call out in my research on BitLocker is that (unlike competing third party products), Microsoft doesn’t have an option to synchronize the pre-boot PIN with the Windows login [...]

1 Comment »

Category: General Technology Information Security Microsoft Microsoft Security Windows 7     Tags: , , , , ,

Intrusion Prevention Systems? We Need Intrusion Resilient Systems

by Neil MacDonald  |  February 3, 2012  |  1 Comment

I’ve blogged before about advanced threats that easily bypass our traditional protection mechanisms and reside undetected for extended periods of time on our systems. On one of the panels I moderated on APTs, Dave Merkel from Mandiant put it best. “You are compromised, get over it”. Others in the US Government have come to the [...]

1 Comment »

Category: Application Security Beyond Anti-Virus Cloud Cloud Security Next-generation Security Infrastructure Security Intelligence     Tags: , , , , , , , , ,

Link Web Application Firewalls to Dynamic Application SecurityTesting Tools

by Neil MacDonald  |  January 9, 2012  |  6 Comments

I called this a “security no brainer” years ago and the advice is absolutely still relevant today. In Gartner’s latest Magic Quadrant for Dynamic Application Security Testing (DAST) solutions for clients, one of the evaluation criteria we looked at was whether or not the vulnerability knowledge of the DAST solution could be exported and used [...]

6 Comments »

Category: Application Security Security Intelligence     Tags: , , ,

The Single Most Important Way to Improve Endpoint Security

by Neil MacDonald  |  August 23, 2011  |  2 Comments

Run more of your Windows users without administrator rights. I’ve talked about this several times before – including here, here and here. While it may not be feasible to remove administrator rights from all users, it is an absolutely achievable goal to continue to improve the percentage of Windows users running without administrator rights year [...]

2 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Microsoft Security Windows 7     Tags: , , , , , ,

Protecting Intellectual Property in Source Code Requires a Two Prong Strategy

by Neil MacDonald  |  August 5, 2011  |  1 Comment

I had a discussion with a client today looking to protect sensitive intellectual property in their source code. I discussed two primary areas of risk: 1) that the developers (some of which were offshored) might take the code and 2) once the code was distributed to customers, it might be reverse engineered or copied Addressing [...]

1 Comment »

Category: Application Security Applications Information Security     Tags: , , ,

Some Thoughts on RSA SecurID Risk

by Neil MacDonald  |  June 9, 2011  |  1 Comment

On 3 June 2011, RSA, the Security Division of EMC, confirmed that Lockheed Martin had proof that hackers attacked its network partly by using data stolen in a March 2011 attack on RSA. Subsequently, on 6 June 2011, RSA announced a program to replace customers’ RSA SecurID one-time password (OTP) authentication product tokens We’ve updated [...]

1 Comment »

Category: Application Security Endpoint Protection Platform Information Security     Tags: , , , ,

Four Security Breaches, Four Security Lessons

by Neil MacDonald  |  May 23, 2011  |  2 Comments

There’s been a bunch of highly publicized attacks recently. Each one has a major lesson for information security. 1) Barracuda’s breach Major lesson: Test all of your web-enabled applications for vulnerabilities as a part of the ongoing application development and change process. This was the root cause of the breach. Minor lesson: Web application firewalls [...]

2 Comments »

Category: Application Security Cloud Cloud Security Information Security     Tags: , , , , ,

Are APTs Really New? Observations from the APT Summit

by Neil MacDonald  |  April 4, 2011  |  Comments Off

I recently had the opportunity to kick off a summit in Washington DC on the topic of Advanced Persistent Threats along with a number of other speakers representing different technologies and services that could be used to prevent or identify advanced intrusions. Here are my observations from the summit: 1) APT is first and foremost [...]

Comments Off

Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure     Tags: , , , , ,