|
|
|
|
|
Thursday, December 27, 2007 2:06 PM/EST
Today I learned a bit more about the McAfee Security Innovation Alliance from Pinkesh Shah, senior director of product management for policy compliance and risk management. From the conversation I picked up on two important concepts that will likely be a recurring theme for security in 2008. The first is deeper integration of the products that make up McAfee's security suite and more integration through partnerships, which is where the McAfee SIA (Security Innovation Alliance) comes in. The second is security infrastructure consolidation. In 2008 I'm planning on a closer look at McAfee's SIA, which is similar to Check Point's Opsec program. One of the compelling things about an integration program is the obvious benefit of being able to integrate competitive products into the McAfee infrastructure. SIA was launched in Oct. 2007, so the first half of 2008 will be a critical time to watch what happens with the offering....
Wednesday, December 19, 2007 4:27 PM/EST
Anti-Malware Testing Working Group is a group of vendors and test organizations that plan to release methodologies for testing security products. Brian Prince, one of my news colleagues, has more on the story here. The question Brian asks, "Why has testing lagged so far behind the threat landscape?" is a good one, but one that's got an easy answer. It's very expensive to do this type of testing. In many ways it's like testing spam ... you have to have a fresh crop of malware every time you test, so it's practically impossible to repeat the tests. BAD (Behavioral Anomaly Detection) software, which is supposed to be superior to signature-based anti-malware systems because it can catch zero-day attacks, usually requires some type of user interaction (such as signing up for mail lists, interacting with a system or clicking on a call-to-action to activate the malware). At a recent Symantec security...
Wednesday, December 12, 2007 6:29 PM/EST
I attended a Symantec endpoint security reviewer workshop in San Francisco Dec. 11. These workshops are always an interesting mix of "head fixing" on the part of the workshop sponsor (Symantec is far from the only company that holds such events) combined with often feisty reviewers on the other side. Our wrangles yesterday ranged from what constitutes malware (does a piece of malware have to be active to be considered a threat?) to what constitutes a good test for false positives in a behavior analysis tool (Symantec says the minimum test harness configuration should include 500 legitimate applications to get a meaningful test of a behavior-based threat prevention tool.) We didn't spend that much time on virtualization except to say that some malware turns itself off if it detects a VM because virus makers know how much the security industry relies on VMs to expedite the testing and detection process....
Monday, December 10, 2007 6:03 PM/EST
For most small and midsize organizations, use the following formula to find a Web host provider: Price (where low is good and high is bad) divided by services (where more is better) equals "our decision." There are some nonintuitive factors that must now be brought into play to get the best hosting provider for your organization. But first, let me set the stage for this discussion with a real-life example. I'm on an e-mail thread started by Diane Steinhauser, the executive director of the TAM (Transportation Authority of Marin). This thread, along with several long phone calls that I've had with Diane reveal that business leaders must also consider hosting security as part of the selection criteria. The problem is that there isn't an independent rating system or licensing body for Web host providers. Thus, picking a "good" hoster now also means asking a lot of questions about reputation and...
Monday, August 20, 2007 8:37 PM/EST
"Virtual Honeypots" is a must-read book that should be added to any security professional's bookshelf today. It's my "analyst's choice" for the month of August and well worth going out to your local bookstore to pick up a copy. Niels Provos and Thorsten Holz provide one of the best reference guides to honeypots currently available. The authors--Provos is a staff engineer at Google, and Holz a Ph.D. student at the University of Mannheim--go through the development of the honeypot through the lens of network and system monitoring. By setting up an observation system to see how it is probed, attacked or compromised, IT security pros can get a better idea of how to defend the systems under their care. While the book is easily accessible to any IT person, those with at least some experience with Linux--and with the willingness to use a Linux-based platform--will get the most out of...
|
|
