Posted by Monte Robertson on Wed, Aug 18, 2010 @ 01:49 PM
If there ever was a good example of why we need Layered Security when it comes to Computer Security Software, this is it. Multiple layers in computer security work together and cover for each other. Layers are the only chance anyone has at staying protected and here is an example of why.
Network Solutions, the huge domain registration company, had a Widget (real name of the application), they provided to website owners on parked domains (domains that are not yet live with content), and through their blog on growsmartbusiness.com.
The Widget application dropped a Trojan dropper on unsuspecting visitors.
It is estimated that anywhere from 500,000 to up to 5 million web sites could have been dishing out this malicious code.
And if that was not enough, only about 60% of the Antivirus Software updated as of 8/13/2010 on VirusTotal were detecting the dropper as malicious. That link shows the results as of that day. That means 40% were not even aware of the malicious code at that time and the threat had been out for months.
There are a number of variables when considering if you are infected, or not.
- Did you or anyone on your network visit any of the infected web sites?
- Do your users have administrative rights on their computers? Part of computer security is having a restricted environment so users can not install software that is not approved.
- Did the computer security software you use in all of the layers you have, have the ability to detect this dropper? This would include Firewalls, gateways, web filters and the last line of defense - the end points.
- Do you have the time to check the computer security software on the entire network?
Computer Security Software can do only so much. It takes people, processes, policies and solutions to create an effective Layered Security Solution. Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Jul 08, 2010 @ 06:24 AM
There are a number of vectors or paths that can lead to compromising computer security. Threats are sent to computers via email and instant messaging. Computer users unknowingly go out and get threats while surfing the Internet. There is the silent threat from disgruntled or greedy insiders. Finally there are threats delivered by plugging accessories into the computer. How well known are all these computer security threat vectors?
- Most people know that threats from Malware are often delivered by email. This is the oldest threat vector.
- Fewer however are aware that the delivery medium has now shifted to the web and more Malware is now delivered from the web than email.
- Very few know about or have considered the insider threat potential.
- Almost no one is aware of threats coming from USB devices, picture frames and other devices affected with malware from the Manufacturer.
Email security is getting better all the time. Given a good layered solution it is hard to get a virus attached to an email delivered. Most email threats now come in the form of links to malicious websites. Your email security solution provider needs to specialize in email security in order to have a chance to keep up with the threats to computer security from this threat vector.
People implicitly trust the Internet by clicking on links in emails or surfing fearlessly because they don’t know any better or realize that any site can be infected and dishing out malicious code. The majority of the threats today are delivered by compromised web sites dishing out malicious code. Like email security your web security solution provider needs to specialize in this layer of computer security as well.
The threat from disgruntled employees or employees trying to make a quick buck can be the most damaging and hardest to prevent. It is unfortunate that we also have to consider a threat from those who we employ and helping provide their livelihood. Steps in restricting access to resources, including servers, files, and intellectual properties may be considered as part of the computer security process.
If that weren’t enough USB devices, including free thumb drives given away at trade shows, picture frames and other USB connected devices are being infected with malware during the manufacturing process. Because so many computers auto run programs installed on these devices it is an attractive vector. Taking steps in removing the auto run command and locking down USB devices will become more popular and now is the time to get ahead of this computer security threat vector.
Computer security threats come in many forms and so should your proactive response. It takes a combination of security software & solutions, people and procedures to have a chance at staying protected these days. Think layers and stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Fri, Apr 09, 2010 @ 11:34 AM
When we started providing security software and information to those who needed help the most, it was not immediately clear to us that different tools were good at different things. A variety of vendors existed but not many people were taking a serious look at the real differences between security software offerings.
Most purchases back then were based on how good the marketing was or which solution had this bell or that whistle. As it turns out, bell & whistle does not good Internet security make!
Antivirus software and Firewalls (remember Black Ice and Tiny?), were popular and widely available but there was not much else. This was the beginning of Layered Security. We didn't recognize it at first but it was a beginning. We used to carry every type of Antivirus software we could get our hands on but quickly discovered that there were real differences in the solutions. Not to mention lots of conflicts.
Some lessons must be learned the hard way, especially with new security technologies. We had to have strong marketing noise filters in order to standardize on the best security software we could find in terms of performance and detections over time.
Most of the threats at that time (or so we thought), came from the outside, aka the Internet, so we worked hard at securing the perimeter. It made perfect sense because this technique had been followed throughout history. Build walls around the castle as the first layer of security.
After some time it became clear that perimeters were strengthening, giving us a hard outer shell but like an egg, once you are inside everything went soft. Think about the original Trojan horse, hence the origin of the term. Insiders' were\are trusted implicitly and thinking that perimeter defense was enough was exactly where the wheels start to come loose.
At some level you have to trust users within the company and on other levels you have to protect them against themselves. When it comes to critical data we recommend choosing very carefully who has access to what data and build layered security around those choices.
As a result, our thinking about Layered Security is rapidly changing from a strictly Outside\In layered perimeter defense, to an Inside\Out defense. It now even includes offensive or proactive security (hint, virus signatures are old hat), and stand alone security strategies.
These days blended threats require a blended response. More to come. Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Fri, Mar 26, 2010 @ 08:13 PM
It appears that the US is in serious trouble when it comes to Cyber security.
Experience has shown us here at Software Security Solutions that most consumers (home computer users) feel that Antivirus software is all they need and that the Internet is a safe place (surprise, it is not). Businesses focus on keeping their business going, and not so much on computer security. Being part of a small business I certainly understand that focus.
Not much effort is required to find hard evidence showing that security software and security appliance hardware is not holding up to the latest threats. See an example despite all the efforts of the Antivirus and Internet Security Industry here.>Cyber threats to the US<
Cyber security requires much more than security software and hardware appliances can provide both at home and at work. It requires understanding, work, process and much more. The bottom line is; if we choose to connect critical information (making us a target) to the internet, then prepare to get the just desserts.
So what can we do? Right now the answer is Layered Security. The answer is complex, for now, but first we need to rewind a bit.
Job one could be to standardize. Job two could be to simplify.
Security Standards: (for Antivirus Software Manufactures)
Standards make it easier to manage and support whatever it is we are trying to do, if the standards are not written by a crack-pot. Why can't we start by standardizing the names of the threats we do know about? It is no secret that most the Antivirus software companies' detections are pretty much the same when we factor in the exposure risk. So why all the smoke and mirrors of every Antivirus company calling the same threat something different? What good does it do, and how does that help protect the end users?
Simplify - (for Antivirus Software Manufactures and end users alike)
Do we really need every widget, bell and whistle? Do we really need all those different programs doing the same thing differently? How are we at making sure every one of those programs on each computer is secure and up to date? What can we do to simplify, thus reducing the threat surface area? Is there opportunity in standardizing and simplifying our computer security?
When life is simple, life is good. Just ask someone that doesn't own a computer. They seem to get along just fine.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Fri, Feb 12, 2010 @ 02:11 PM
Uncommon Sense
Common sense isn't...so this blog will discern some of the information regarding computer security and how technology affects the small business. As a result, some of the noise and marketing we experience might be less meaningful. We will therefore be able to make more informed and better decisions. When business is running well we can focus on important matters, like fishing and stopping to smell the roses. There are some guidelines that might be helpful to know up front.
Securing your data - Is it possible?
Really what we are trying to do is simultaneously share and secure information. Hate to be the bearer of bad news but it can't be done. The problem begins with the fact that as soon as information is shared, it is not secure. So we are going to share as much as we can here, making this information as insecure and readily available as possible.
Layered Security - thinking in layers
Having layers of protection against the latest threats provides the best chance at remaining secure. With all the solutions out there it is not hard to determine that different tools are good at different things. Layered security is people, process, solutions and most of all common sense.
Thoughts on technology
Just because technology is available doesn't always mean we should use it. We like to ask the question; what are we trying to fix, and what options are there? We stay away from the bleeding edge of technology because well, you tend to bleed. Paying attention to the threats and solutions over time has provided insight on the future. We hope to help you simplify your life and be more productive in some way. Go fishing, buy your loved one some roses. Be safe now.
Security as a Service for Businesses who have better things to do. 303.232.9070