Commenting on a report from Trustwave claiming that antivirus (AV) software is powerless to stop data breaches, Avecto says the study’s conclusion is similar to that of a Best Buy Guide to Chocolate Fireguards – the end result is always going to be a negative one.
Paul Kenyon, chief operating officer with the Windows privilege management specialist said
This report conclusion made me smile, as the reality is that, if a system compromise has occurred, then the security surrounding IT has obviously failed. Never mind that 99.9 per cent of the other times the IT defences have worked – what this study really proves is that a multi-layered security defence strategy is the only way to go
In taking a multi-layered security approach, he says, IT security systems can help defend against today’s hybridised and multi-vectored technology aggression ranging from a simple piece of virus malware, all the way through to a man-in-the-browser blitzkrieg
And, he went on to say, while the primary aim of today’s attacks is to monetise a cybercriminal fraud – or simply embarrass an organisation, as illustrated by the latest politically-motivated hacktivist attacks — defending against these technology barrages requires a well-planned strategy.
That strategy, he explained, goes way beyond the simple use of AV software and needs to involve advanced technologies that include security privilege management controlling who can use which software assets, as well as from what location and at what time.
Although taking this approach may sound complex, says Kenyon, the fundamental principle is one of breaking the security process into a series of simple stages and the building the defences up from there.
Limiting admin privileges to true administrators only, engenders advancement towards the least risk Windows 7 desktop. By ensuring all other users log on with standard user rights, and only elevating applications, a new option previously unavailable to organizations is introduced.
Put simply, Kenyon says, this means that if a hacker gains access to a general user account which are in the majority – they have no admin privileges. Coupled with the aforementioned endpoint management controls, you then end up with the aim of a highly effective IT security strategy: a least risk environment: Source: Gartner Making the Most of Windows 7 Security, dated 24th August 2010 Dan Blum
In my opinion, the takeout from this report is that AV technology should no longer be the solus security system that companies rely upon to defend the integrity of their data and allied IT platforms. Better security in today’s electronic space means tapping the power of technologies such as privilege management as an integral part of your defences,
Avecto The data breach report Trustwave’s 2012 Global Security Report – Trustwave’s 2012 Global Security Report studied 300 incidents across 18 countries where the company’s SpiderLabs division was called into investigate what had gone wrong.
Techworld writes : — Large numbers of data breaches are being initiated by targeted malware that antivirus software simply can’t detect, an analysis of 300 real-world incidents from 2011 has suggested.
Slideshow: By the Numbers: The Impact of Data Breaches Slideshow: The Data Breach Quiz
What did you miss in the last Safenetting post Send in your items for Safenetting readers Facebook Safe Netting Join / Like / contribute : UGNN FaceBook Group, (ug.netnews)
If you think you’re a victim, file a complaint with the FBI Internet Crime Complaint Center : IC3.
You can also keep up with the efforts to curb spam and cybercrime by reading the news at Knujon and HostExploit.com. And, you should switch to SpamCop and take a stand against spam.
