Is security really dead? Perhaps it’s your lack of depth


shutterstock_ToeTag170I attend a lot of conferences. I mean a LOT of conferences. There has been a growing theme at all of these events among practitioners…

Firewalls are dead. Anti-virus is dead. IDS/IPS is dead. [insert security product X here] is dead.

Meanwhile, all of the presentations at these conferences tell us why product Y is garbage and company Z is incompetent and how to break SSL into tiny pieces.

Where have all the defenders gone? Is it a lost cause? Are we well and truly hopeless and defeated?

Absolutely not. In fact it is one of my favourite reasons to attend a Security BSides event. Real local IT people sharing actual techniques that are helping them defend their organizations.

That is the real story to be learned if you want a more effective defense. No one tool or technique is going to save your bacon.

Slade-Chet-BsidesVancouver170If you want to present at a conference and prove how you can break any given tool, you won’t have too much difficulty.

If you want to present at a conference about effectively combining technologies to increase attack complexity, you may have a tougher fight.

Therein lies the truth. There are many different approaches to breaking into an organization, which unfortunately means we need to combine just as many techniques for an effective defense.

This is one of the things Sophos recognized early on about endpoint security.

Why sell web protection, firewall, anti-virus, HIPS, DLP and device control as separate SKUs when you need all of them to properly defend your endpoints?

Don’t have every application patched on every workstation? Gateway web protection can help stop Blackhole exploit kit and its ilk from weaseling its way in through that hole.

firewall170Think your firewall is there to keep things out? Perhaps it is time for a new approach. Not only should it be used to keep things in, but the logs it generates may be one of your most valuable assets.

Finally completed that project to encrypt your laptops? USB sticks? What about the cloud?

Most organizations already have these tools, the question to be asked is whether they are deployed in a complementary manner.

All of these tools have weaknesses, but the whole is greater than the sum of its parts. You don’t always need to buy a new widget, sometimes it is simply how you use what you have.

If you are interested in learning more about defense in depth in the 21st century you may want to join me for a webcast explaining this in more detail.

shutterstock_webinar170It’s called “Breaking the chain of criminality: Fighting malware one link at a time” and will be live on GoToWebinar at 2pm EDT, 10am PDT, 6pm UTC on Thursday 11 April 2013.

The harder we make it on the attackers, the more likely we are to defend our asse(t)s. I hope you can join me and bring your questions for a lively Q&A at the end of the webinar.

Webinar and toe tag images courtesy of Shutterstock, photo of me speaking at BSides from Rob Slade’s Twitter feed.