Menu
Kim Kardashian Leaked Photos Backlash

Kim Kardashian Leaked Photos Backlash

Mazda Miata 2016 model revealed

Mazda Miata 2016 model revealed

The Sexiest Halloween Costumes of 2014

The Sexiest Halloween Costumes of 2014

Miley Cyrus New Butt Gets in Trouble with Law

Miley Cyrus New Butt Gets in Trouble with Law

Larry Ellison Steps Down as CEO of Oracle

Larry Ellison Steps Down as CEO of Oracle

Taking Security Seriously after the Target Hack

Feb 7 2014, 12:15pm CST | by , in News | Shopping Tips

Taking Security Seriously after the Target Hack
 
 

YouTube Videos Comments

Full Story

Taking Security Seriously after the Target Hack

Yesterday, U.S. Federal Reserve Governor Daniel Tarullo noted that “uniform disclosure” requirements were needed for banking institutions, so that their customers were made aware precisely when a data breach occurs.  Millions of Target and Neiman Marcus customers were affected this past holiday shopping season and I’m not sure if you caught this one in late December but American Express had a data breach as well.  System security and data integrity – don’t leave home without it.  But wait, it gets worse.

If the name of the late, great hacker and security evangelist Barnaby Jack doesn’t ring a bell with you, go watch his demonstration on “Jackpotting” an ATM machine.  If you want a full system vulnerability lesson, his presentation at the 2010 Black Hat conference should be mandatory viewing.  You might be surprised to learn that the large majority (upwards of 80 percent) of point of sales machines at retailers and even ATM machines run the Windows operating system, and many times older versions of it in fact.  Talk about a “target-rich” environment – no pun intended of course.

It doesn’t take a rocket scientist to figure out that cyber criminals are quickly getting more sophisticated than current security, intrusion detection and prevention technology can defend against.  And honestly, I have to wonder if collectively we all care enough to really dig into the problem, or if the computer security industry as a whole is willing to take the disruptive measures required to address the issue head-on.  One way to tackle the surging data breach epidemic is with a technology called “whitelisting.”

There are a few start-up companies in this space and I recently had the chance to sit down with Walter Siryk, CEO of Savant Protection a Hudson, New Hampshire-based company that has developed an automated application whitelisting product called Savant Enforcer.  It’s not going to sound too sexy to the average end user and frankly, even CIOs may find it unfashionable but in short, whitelisting is a method of locking-down a machine such that only trusted executables, DLLs and other necessary system and application components are allowed to run – everything else is denied.  The idea is to start with a known, clean system installation and then lock it down in that state so absolutely nothing can be changed.  If an employee or anyone else plugs in a USB memory stick, for example, that might have malware on it, access to the stick is denied.  If an employee clicks a phishing link in an email or on the web, whatever payload is targeted to the machine gets denied access.  In what Savant calls “Lock-Down Mode,” nothing gets in and only the software image, as it exists on the machine and provisioned by your IT administrator, is allowed to run.

It’s a simple concept really but proper implementation of the technology is key.  Savant’s Siryk notes that part of Savant’s secret sauce is that it is designed to implement individual, encrypted whitelists for each and every end point machine in a network.  A whitelist on an end point can be managed by an authorized admin but if a machine is ever compromised, that compromise doesn’t propagate through the network and spread to other machines.  For example, you can allow updates for Adobe products on one machine as the product allows for “filter sets” of trusted software.  However, there is no global whitelist that can be compromised by an exploit that manages to get through as a result of allowing that one machine access to some weak or compromised software package.  Further, Rene Thibault, VP of Sales at Savant notes that part of the reason the Target data breach was so tricky for them to track down, was because the malware package kept renaming itself.  With Savant’s product, nothing on the system is allowed to be renamed or changed in anyway, so malware containment is much more effective and easier to locate.  In addition, Savant Enforcer’s management system logs any and all changes that are made to systems on the network, authorized or otherwise.

Savant’s Siryk notes that “PCI Compliance isn’t enough.  It’s becoming just a checkbox item. We need to start thinking deny by default.  Whitelisting should be a part of your total security solution.”

Savant’s initial target markets are those of industrial controls, managed service providers, point of sale applications and the enterprise – though I could easily see a product like this as a valuable tool to protect my less-than-technically-savvy family member’s machines from getting all screwed up with malware, requiring me to bail them out every few months.

If you follow system security, regardless of your opinion on the concept of whitelisting, it’s pretty clear the traditional conventions of AV, anti-malware, intrusion detection and prevention are no longer working.  It’s time to get serious about security and stop settling for the level of protection we have now because it’s simply just not enough.

Source: Forbes

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Music Midtown 2014 Blasts Through Piedmont Park
Music Midtown 2014 Blasts Through Piedmont Park
Music Midtown's one of Atlanta's biggest concerts and festivals and this year the stars came in droves. Eminem headlined while Jack White, John Mayer, Iggy Azalea, and Lorde all made their mark.
 
 
Upcoming &#039;Bond&#039; Film To Begin Filming In December
Upcoming 'Bond' Film To Begin Filming In December
Main villain to be physically imposing character.
 
 
Rihanna Leaked Photos also Found In latest Hacker Scandal
Rihanna Leaked Photos also Found In latest Hacker Scandal
This weekend another big leak of private celebrity photos has hit the web. First time victims Kaley Cuoco and Jennifer Lawrence are hit again and now reports surface that Rihanna's private photos are also among the leak pics.
 
 
Kim Kardashian Leaked Photos Backlash
Kim Kardashian Leaked Photos Backlash
We have a new celebrity nude photo scandal this weekend. A hacker has published nude photos of Kim Kardashian and others on 4Chan. The internet seems though to have no sympathies for Kim Kardashian's violation of privacy.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.