Menu

TMCnet News

[February 11, 2008] Wasted Security Efforts Tweet (Information Week Via Thomson Dialog NewsEdge) Peter Tippett says it's time for IT security pros to stop wasting their energy. At last week's Computer Forensics Show, Tippett-VP of risk intelligence for Verizon Business and the inventor of the program that became Norton AntiVirus-said about a third of today's security practices are outdated, based on concepts no longer in tune with today's computing environments. "A large part of what we do for our companies is based on a sort of flat-Earth thinking," Tippett said. Example: The industry spends way too much time on vulnerability research, testing, and patching, considering that only 3% of the vulnerabilities discovered are exploited, he said. He compared it to automobile safety research: "If I sat up in a window of a building, I might find that I could shoot an arrow through the sunroof of a Ford and kill the driver. ... If I disclose that vulnerability, shouldn't the automaker put in some sort of arrow deflection device to patch the problem? ... And because it's potentially fatal to the driver, I rate it as 'critical.'" Also, many security strategies are built around defending one computer rather than a community of computers. Long passwords make each computer safer, but to a network of 10,000 machines, a hacker still needs to guess only one correctly. Security pros also strive too much for 100% application security and perfecting patching and virus-updating processes. Security teams need to assess those efforts more rigorously against the security payoff. Example: Only 8% of companies enable routers to do "default deny" on inbound traffic, yet it's a simple effort that could pay high dividends. Security awareness training also gets a bad rap because it doesn't change every employee's behavior, but it can deliver on a cost-benefit basis. If Tippett's message is uncomfortable to hear, it might be tempting to dismiss him as just trying to sell Verizon Business' services. Don't. http://informationweek.com/ Copyright 2008 CMP Media LLC. All rights reserved. Copyright ? 2008 CMP Media LLC [ Back To TMCnet.com's Homepage ]

Videos

Alliant Technologies at The Platform
12/08/2010

Interview with Mera
03/12/2009

Interview with Panasonic
10/23/2009

White Papers

Contact Center Agility in the Post-COVID World

Native Azure Compliance Recording for Microsoft Teams

Workplace transformation for the dynamic workforce

Podcasts

Sessions