Network World recently published an interesting article about a practice at Google. It turns out they keep rigorous track of all their hard drives, and when they are no longer needed they shred and destroy them to prevent any chance of data leakage.
At first glance this practice sounds like almost overkill, but in this day and age of continual security breaches, this practice may actually turn out to be the safe and prudent one to follow, and certainly only the tip of the iceberg in terms of security practices you can follow to prevent data leakage at your organization.
We've talked previously here on this blog about DLP (data leakage protection) solutions that tie into your existing web proxies using the ICAP protocol. This article on hard drive destruction to prevent data leakage is a good reminder to look into DLP solutions for your proxy if you haven't done so already.
Thursday, April 28, 2011
Wednesday, April 27, 2011
Why Intel Bought McAfee
A year after the acquisition of McAfee by Intel, there's still discussion about just why Intel would be interested in a security company like Intel. The latest article to tackle this is on readwriteweb.com, and basically explains that Intel didn't buy McAfee to put security into silicon, like many speculated when the acquisition was first announced.
Instead it's because security for silicon is going to come more and more from software and putting that software lower in the stack, and that's the primary driver for Intel's acquisition according to the article.
That sort of leaves one wondering how much effort Intel's going to put into maintaining the security products that work much higher in the chain, like their Secure Web Gateway, which is an application level security device. We'll just have to wait and see.
Instead it's because security for silicon is going to come more and more from software and putting that software lower in the stack, and that's the primary driver for Intel's acquisition according to the article.
That sort of leaves one wondering how much effort Intel's going to put into maintaining the security products that work much higher in the chain, like their Secure Web Gateway, which is an application level security device. We'll just have to wait and see.
Tuesday, April 26, 2011
Language Recognition
Last week Blue Coat announced that it added Norwegian to its list of languages it recognizes when analyzing websites for malware and categorization in its Webpulse system. It brings Blue Coat to 18 languages recognized by Webpulse, and 50 languages categorized in their database.
Language recognition doesn't seem to be something very many security firms tout as a feature, so I'm wondering how important is it that your security company recognize Norwegian, or even Chinese, Spanish or German? My guess is while the individual language may not be important to you, the ability to classify sites written in different languages is.
As a side note, Blue Coat's also the company that some time ago claimed they recognized Klingon as a language in their threat detection and web site classification modules.
Language recognition doesn't seem to be something very many security firms tout as a feature, so I'm wondering how important is it that your security company recognize Norwegian, or even Chinese, Spanish or German? My guess is while the individual language may not be important to you, the ability to classify sites written in different languages is.
As a side note, Blue Coat's also the company that some time ago claimed they recognized Klingon as a language in their threat detection and web site classification modules.
Tuesday, April 19, 2011
With each new holiday comes new malware - Easter
With Easter approaching it should be no surprise that malware with an Easter theme is going around the web. McAfee has reported a wave of emails this morning which pretend to be Easter cards containing an animated greeting.
The download is instead a Trojan which contains key-logging software and backdoor access to return data and allow additional malware to be deployed.
So keep vigilant, and browse the web safely.
The download is instead a Trojan which contains key-logging software and backdoor access to return data and allow additional malware to be deployed.
So keep vigilant, and browse the web safely.
Thursday, April 14, 2011
More sites get hacked
In case you missed the news, another big name (not in security) got hacked this week. This time it was Wordpress, the guys that host and provide the software for many popular blog sites.
This on the heels of the recent news of the Epsilon breach, has a lot of IT admins on edge, wondering if their own web servers are safe.
It's a good reminder to look into reverse proxies and web application firewalls, the devices that are designed to keep the corporate web server safe. It was the fact that Barracuda took down their web application firewall that led to their security breach. Getting a reverse proxy or web application firewall in of itself probably isn't enough to call yourself secure, you also need to make sure the software on your webserver is up-to-date, and review any code you're running on your webserver.
This on the heels of the recent news of the Epsilon breach, has a lot of IT admins on edge, wondering if their own web servers are safe.
It's a good reminder to look into reverse proxies and web application firewalls, the devices that are designed to keep the corporate web server safe. It was the fact that Barracuda took down their web application firewall that led to their security breach. Getting a reverse proxy or web application firewall in of itself probably isn't enough to call yourself secure, you also need to make sure the software on your webserver is up-to-date, and review any code you're running on your webserver.
Firewall software open to TCP handshake hack
A new report from NSS shows that out of 6 common firewalls, 5 were vulnerable to a "TCP Split Handshake Attack", an attack that allows a hacker to trick the firewall in to thinking an IP connections is a trusted one from behind the firewall. Checkpoint was the only vendor that was not vulnerable. The other vendors tested included Cisco, Juniper, Palo Alto Networks, Fortinet and SonicWall, which were found to be vulnerable.
NSS Labs independently tested the Check Point Power-1 11065, the Cisco ASA 5585-40, the Fortinet Fortigate 3950, the Juniper SRX 5800, the Palo Alto Networks PA-4020 and the SonicWall NSA E8500.
Many of these firewalls also offer web security, an offering similar to what secure web gateways and proxies offer, generally with a lower level of anti-malware protection. This report is a good reminder on why it's a better practice to keep different security products on different platforms, rather than go for a UTM (unified threat management) device that tries to do everything in one box. You don't want a vulnerability in one box to affect all your security. Typically email and web security should be kept on separate devices, not only to keep any vulnerabilities separate, but also because each can easily have a load that overwhelms any single device that would cause other security to be compromised.
NSS Labs independently tested the Check Point Power-1 11065, the Cisco ASA 5585-40, the Fortinet Fortigate 3950, the Juniper SRX 5800, the Palo Alto Networks PA-4020 and the SonicWall NSA E8500.
Many of these firewalls also offer web security, an offering similar to what secure web gateways and proxies offer, generally with a lower level of anti-malware protection. This report is a good reminder on why it's a better practice to keep different security products on different platforms, rather than go for a UTM (unified threat management) device that tries to do everything in one box. You don't want a vulnerability in one box to affect all your security. Typically email and web security should be kept on separate devices, not only to keep any vulnerabilities separate, but also because each can easily have a load that overwhelms any single device that would cause other security to be compromised.
Wednesday, April 13, 2011
Latest AV Comparatives report is out
If you're wondering which AV vendor to use on your web gateway, you might want to take a look at the latest AV Comparatives report.
It covers a long list of AV Vendors including: Avast, AVG, Avira, BitDefender, eScan, Eset, F-Secure, G Data, K7, Kaspersky, McAfee, Microsoft, Panda, PC Tools, Qihoo, Sophos, Symantec Norton, Trend Micro, Trustport and Webroot.
In terms of missed samples (lower is better), G Data topped the list followed by Trustport, Avast, Panda, and F-Secure. At the bottom of the list was K7, followed by Webroot, AVG, PC Tools and Sophos. This ranged from a 99.8% detection rate down to 84.4% for K7.
The other side of the testing looked at false positives. McAfee scored at the top with zero false positives, followed by Microsft, and a 3 way tie for third with BitDefender, eScan and F-Secure. At the bottom of the list was Trend Micro with 290 false positives, followed by Qihoo, Webroot, Eset, and Avast. Avast came in with 19 false positives.
In addition to detection rates and false positives, AV Comparatives also looked at speed of scanning. The highest throughput was Avast, followed by Panda, K7, Webroot and McAfee. The slowest vendor was Microsoft, followed by PC Tools, Qihoo, eScan and Eset.
Given these three parameters, 7 products were awarded the highest honors. These vendors included Trustport, F-Secure, Bitdefender, Avira, eScan, Kaspersky and McAfee.
Check out the report yourself at http://www.av-comparatives.org/images/stories/test/ondret/avc_od_feb2011.pdf
It covers a long list of AV Vendors including: Avast, AVG, Avira, BitDefender, eScan, Eset, F-Secure, G Data, K7, Kaspersky, McAfee, Microsoft, Panda, PC Tools, Qihoo, Sophos, Symantec Norton, Trend Micro, Trustport and Webroot.
In terms of missed samples (lower is better), G Data topped the list followed by Trustport, Avast, Panda, and F-Secure. At the bottom of the list was K7, followed by Webroot, AVG, PC Tools and Sophos. This ranged from a 99.8% detection rate down to 84.4% for K7.
The other side of the testing looked at false positives. McAfee scored at the top with zero false positives, followed by Microsft, and a 3 way tie for third with BitDefender, eScan and F-Secure. At the bottom of the list was Trend Micro with 290 false positives, followed by Qihoo, Webroot, Eset, and Avast. Avast came in with 19 false positives.
In addition to detection rates and false positives, AV Comparatives also looked at speed of scanning. The highest throughput was Avast, followed by Panda, K7, Webroot and McAfee. The slowest vendor was Microsoft, followed by PC Tools, Qihoo, eScan and Eset.
Given these three parameters, 7 products were awarded the highest honors. These vendors included Trustport, F-Secure, Bitdefender, Avira, eScan, Kaspersky and McAfee.
Check out the report yourself at http://www.av-comparatives.org/images/stories/test/ondret/avc_od_feb2011.pdf
Subscribe to:
Posts (Atom)
Posts
