Entries Tagged as 'Defense-in-Depth'
by Neil MacDonald | June 9, 2011 | 1 Comment
On 3 June 2011, RSA, the Security Division of EMC, confirmed that Lockheed Martin had proof that hackers attacked its network partly by using data stolen in a March 2011 attack on RSA. Subsequently, on 6 June 2011, RSA announced a program to replace customers’ RSA SecurID one-time password (OTP) authentication product tokens We’ve updated [...]
Category: Application Security Endpoint Protection Platform Information Security Tags: Best Practices, Defense-in-Depth, Endpoint Protection Platform, Information Security, Security-Summit-NA
by Neil MacDonald | May 23, 2011 | 2 Comments
There’s been a bunch of highly publicized attacks recently. Each one has a major lesson for information security. 1) Barracuda’s breach Major lesson: Test all of your web-enabled applications for vulnerabilities as a part of the ongoing application development and change process. This was the root cause of the breach. Minor lesson: Web application firewalls [...]
Category: Application Security Cloud Cloud Security Information Security Tags: application security testing tools, Best Practices, Cloud Security, Defense-in-Depth, Information Security, Security-Summit-NA
by Neil MacDonald | May 9, 2011 | Comments Off
I don’t think so and I doubt many people would agree with this either. The reason I bring this up is that I was having an interesting discussion with colleagues on Cloud security and availability (spurred by the recent Amazon outage) and a statement was made something along the lines of “If I must have [...]
Category: Cloud Security Tags: Cloud Security, Defense-in-Depth, Security-Summit-NA
by Neil MacDonald | May 2, 2011 | 3 Comments
Rapid adoption rates, three hundred and fifty thousand apps, but not much malware. What gives? 1) The power of whitelisting. Call it what you may, but having Apple act as the steward of all applications via its App Store is a form of whitelisting (where the list of approved applications [whitelist] is defined by those [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Microsoft Security Windows 7 Tags: Apple, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Security-Summit-NA, Windows
by Neil MacDonald | April 27, 2011 | 3 Comments
I’ve made the argument before that complete information security protection requires a combination of prevention and detection. Further, I believe we have overinvested, become overly reliant on and dangerously complacent with our preventative capabilities. The result is we are exposed and are woefully underinvested in our detection capabilities. At first, my assertions may sound counterintuitive. [...]
Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure Tags: Adaptive Security Infrastucture, Cloud Security, Defense-in-Depth, Information Security, Next-generation Security Infrastructure, Security-Summit-NA
by Neil MacDonald | April 14, 2011 | 4 Comments
Whether or not you agree with the use of the term “Advanced Persistent Threat” (APT), we can agree that there is a very real threat from advanced intrusions which persist undetected in our systems. By definition, these intrusions are advanced so our traditional (and increasingly ineffective) protection mechanisms such as firewalls and antivirus don’t catch [...]
Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure Tags: Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Information Security, Security-Summit-NA, Whitelisting
by Neil MacDonald | April 12, 2011 | Comments Off
We talk about the need for analytics and business intelligence to help the business make better business decisions, It is time to bring this same technology to the information security department. What we need is actionable, prioritized and risk-based insight from this sea of information. I’ll take it a bit further. There are some emerging [...]
Category: Cloud Security Next-generation Security Infrastructure Security Intelligence Tags: Adaptive Security Infrastucture, Beyond Anti-Virus, Cloud Security, Defense-in-Depth, Next-generation Data Center, Next-generation Security Infrastructure
by Neil MacDonald | April 5, 2011 | Comments Off
This sounds exactly like what I wrote here and here. However, this quote isn’t mine. This quote comes from Deborah Plunkett who head the US National Security Agency’s Information Assurance Directorate. Deborah is quoted in this article on Reuters: “The most sophisticated adversaries are going to go unnoticed on our networks. We have to build [...]
Category: Beyond Anti-Virus Next-generation Security Infrastructure Virtualization Security Tags: Adaptive Security Infrastucture, Cloud Security, Defense-in-Depth, Information Security, Next-generation Security Infrastructure, Virtualization Security
by Neil MacDonald | April 4, 2011 | Comments Off
I recently had the opportunity to kick off a summit in Washington DC on the topic of Advanced Persistent Threats along with a number of other speakers representing different technologies and services that could be used to prevent or identify advanced intrusions. Here are my observations from the summit: 1) APT is first and foremost [...]
Category: Beyond Anti-Virus Information Security Next-generation Security Infrastructure Tags: Adaptive Security Infrastucture, Best Practices, Beyond Anti-Virus, Defense-in-Depth, Information Security, Whitelisting
by Neil MacDonald | March 15, 2011 | Comments Off
The conventional wisdom is that a user who is configured with “standard user” privileges (the least possible in Windows 7) cannot install software (or malware for that matter). This is incorrect. Software that writes to the user’s data directory, and that doesn’t write to protected portions of the registry, can install correctly as a standard [...]
Category: Endpoint Protection Platform Microsoft Security Windows 7 Tags: Best Practices, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Microsoft Security, Reducing Cost, Whitelisting, Windows
