Some of my ‘so-called’ friends that help organize the RSA Security Bloggers event have decided that folks that attend should actually have blogged something recently, well I haven’t so to make them happy…
With the increasing frequency and severity of advanced threats perpetrated by highly-organized and sophisticated groups and nation-states, enterprises need to realize that they are either compromised or will be soon. Traditional techniques need to be augmented with more sophisticated and exhaustive methods to provide visibility into all aspects of the internal environment – this requires continuous monitoring and analysis of all ingress and egress traffic patterns from every host on the network regardless of the source, destination or type of traffic.
There are 5 key initiatives that every organization should implement:
Invest in security professionals that have strong experience with forensic investigation and incident response
Implement incident response programs that complement and extend current prevention approaches to information security
Deploy network security technologies that provide deep visibility into the state of the internal network and can collect, analyze and archive massive amounts of all network flow data
Ensure network monitoring solutions integrate with existing network security tools, such as IDS/IPS, SIEM, and firewalls
Make security awareness throughout the organization an ongoing element of the information security program
Brevity is a gift shared by very few in the security industry =)
Beijing, China – April 1, 2010 – The Chinese government announced that effective immediately all US based technology firms and associated products and services will be banned from all Chinese government and state-run agency IT environments. The ban is expected to include critical infrastructure, such as military, finance, utilities, and healthcare as well as education, retail and manufacturing companies. Continue reading →
Given the media hype around the Conficker worm (and now Gumblar), and the constant barrage of alarming disclosure announcements, I thought it would be a good time to take a calmer look at some of the security myths, misconceptions and mistruths that plague the industry.
Many of these cyber security myths have been around for close to a decade. They have driven marketing campaigns and have sold a lot of traditional newspapers. But for the most part these threats have proven much less dangerous than ballyhooed. Worse, they distract us from addressing the routine problems that lead to a more secure global IT environment. Until we can address every day vulnerabilities threats, how can we justify focusing on exotic edge cases? Continue reading →