I have heard a lot of discussion around Signature based security systems and Behavior based systems. There doesn’t seem to be a lot of benefit to either without the other though. One of the nastier trojans, Zeus, is still evading most AV products on the market. I need to look into this more but it seems like companies either lean towards heavy signature and light behavior or light signature and heavy behavior. It shouldn’t be a religious debate. Companies should focus on strong signatures and strong behavior anomalies to determine if a machine is infected. I am very curious to see how Microsoft’s entry in the market will affect it.
Wednesday, September 30, 2009
Saturday, September 12, 2009
I think anyone in the security profession has to be a little paranoid to be any good at their job. You have to be a little paranoid to be able to see risk everywhere and assess what you can solve, what you can’t and the most important piece; the difference between the two.
As a parent you are constantly reminded by your children that no matter how hard you try, they will find a way to hurt themselves. The best you can do is minimize the risk and make sure you have an escalation plan. The same thing is true in security. Limit your risk and be aware of the steps to take when something does happen. One of the most difficult things for me to do is tell the difference between what I can do and what I should do (ie no kennels for the kids to keep them safe).
Now as far as security goes it is the same thing, find what you can do to best secure your data but also make sure that the people who need access to that data still can be productive. I find that too often I get into the mind set of “locking it down” instead of the business mindset of how to make it as secure as possible without affecting productivity.
Just because you can make something more secure doesn’t mean you should. You need to take a step back and think about what the extra security will affect and weigh the consequences. Sometimes being a little paranoid is okay, but not turning on your computer so that you never get a virus may be going to far….or maybe it isn’t.
Tuesday, September 8, 2009
I was recently at the hospital for an extended period of time and found that they really had a great Access Control solution. The solution I am talking about is their physical solution for the maternity ward specifically. Every time you wanted to enter or exit the ward you had to buzz in and out and have someone check to make sure you weren’t smuggling babies. And if you want to take your baby out you need to be checked and double checked to make sure your wrist strap has the same ID as the baby you are smuggling. What if your office had someone that checked you in in the morning and out in the evening to make sure you had the same things you came in with? Sounds a little far fetched and not time or cost efficient but don’t be surprised to see your company move a little closer to being big brother with all of the headlines talking about insider threats.
