Sophos Cloud Optix
I attend a lot of conferences. I mean a LOT of conferences. There has been a growing theme at all of these events among practitioners…
Firewalls are dead. Anti-virus is dead. IDS/IPS is dead. [insert security product X here] is dead.
Meanwhile, all of the presentations at these conferences tell us why product Y is garbage and company Z is incompetent and how to break SSL into tiny pieces.
Where have all the defenders gone? Is it a lost cause? Are we well and truly hopeless and defeated?
Absolutely not. In fact it is one of my favourite reasons to attend a Security BSides event. Real local IT people sharing actual techniques that are helping them defend their organizations.
That is the real story to be learned if you want a more effective defense. No one tool or technique is going to save your bacon.
If you want to present at a conference and prove how you can break any given tool, you won’t have too much difficulty.
If you want to present at a conference about effectively combining technologies to increase attack complexity, you may have a tougher fight.
Therein lies the truth. There are many different approaches to breaking into an organization, which unfortunately means we need to combine just as many techniques for an effective defense.
This is one of the things Sophos recognized early on about endpoint security.
Why sell web protection, firewall, anti-virus, HIPS, DLP and device control as separate SKUs when you need all of them to properly defend your endpoints?
Don’t have every application patched on every workstation? Gateway web protection can help stop Blackhole exploit kit and its ilk from weaseling its way in through that hole.
Think your firewall is there to keep things out? Perhaps it is time for a new approach. Not only should it be used to keep things in, but the logs it generates may be one of your most valuable assets.
Finally completed that project to encrypt your laptops? USB sticks? What about the cloud?
Most organizations already have these tools, the question to be asked is whether they are deployed in a complementary manner.
All of these tools have weaknesses, but the whole is greater than the sum of its parts. You don’t always need to buy a new widget, sometimes it is simply how you use what you have.
If you are interested in learning more about defense in depth in the 21st century you may want to join me for a webcast explaining this in more detail.
It’s called “Breaking the chain of criminality: Fighting malware one link at a time” and will be live on GoToWebinar at 2pm EDT, 10am PDT, 6pm UTC on Thursday 11 April 2013.
The harder we make it on the attackers, the more likely we are to defend our asse(t)s. I hope you can join me and bring your questions for a lively Q&A at the end of the webinar.
Webinar and toe tag images courtesy of Shutterstock, photo of me speaking at BSides from Rob Slade’s Twitter feed.
Sophos UTM ftw
I personally am interested in the new IT/network security discussions. Not just because someone will ask me to fix their computer. Because the bad guys aren't going to give up so I need to not give up and stop them!
I have believed for years that no ONE tool can protect against ALL potential attacks. That's why I have always tried to find a range of tools that can work together, two or even three AV products, a commercial firewall as well as the Windows one, Anti-malware and Anti-Trojan systems as well as Anti-rootkit products. Some I have running all the time as 'background' services, others are run on a regular basis and when an attempted attack is reported by the running systems. Plus hardware and software protection in the 'web facing' devices.
So I have never accepted the view often expressed in the past by many in the AV industry that you cannot run two different products at the same time, you can by careful selection. Experience also shows that one is not enough.
This reminds me of Bruce Schneier's classic words of wisdom: Security is a process, not a product.
Only the naive think installing product X will protect them, the wise understand security is a layered approach, utilising various different technologies and techniques, at every layer and entry point into a network/computer system.
I have various and sundry defenses and I use all of them, all the time.