One of the top security executives in the world has admitted industry is trailing in the ongoing battle with computing threats.
Hacking expert Ron Nguyen, the director of Foundstone Professional Services out of Plano, Tex., describes the security problem as an un-winnable one because enterprise customers, along with SMB and consumers do not put enough resources into ensuring secure computing environments.
For the enterprise, security is under budgeted across the board and it is also under staffed. This puts IT managers way behind the security learning curve. Time is another factor and IT administrators continually play catch up with the hacking community.
A lack of education makes SMB users and consumers easy targets for virus writers, hackers, phishing scammers and others.
The on-going consolidation of hacking community has created an underground ecosystem with threats and vulnerabilities are bought and sold. This consolidation enables the bad guys to work together and in most cases beat the release dates of the security patches.
“The bad guys are well funded, organized and we are losing the battle,” Nguyen said, who is in Canada on a three city speaking tour to customers and channel executives in Toronto, Ottawa and Montreal. McAfee acquired Foundstone, which makes software for detecting and managing software vulnerabilities, in 2004 for US$86 million in cash.
Nguyen has not given up all hope, however. There is one strategy called White list/black list that may give the good guys a leg up in the battle, he said.
The White list/Black list works with digital signatures and would allow, for example, 200 applications and files open to users on a desktop PC and then block everything else out.
“The White list/Black list is a paradigm shift. There is a list of good apps and files and everything else is black listed and this could prevent attacks,” Nguyen said.
He acknowledged that a company such as Microsoft continually updating its operating system and its applications would test this strategy. But, for the uneducated user, which is still the top target amongst the hacking community, the White list/Black list could lower the risk for consumers.
For enterprises, the White list/Black list strategy may not make much of a dent because most of their IT environments are too sophisticated.
“This is not a silver bullet, but a piece of the puzzle,” Nguyen said.
The White list/Black list plan is still vaporware, but when developed can be a good compliment to security defenses, he said.
“Usually companies have a layered approach with perimeter security and intrusion detection. Think of this as some sort of anti-virus program that looks for only good things to run on your desktop,” Nguyen said.
His advice for the channel is to be more aware of threats out.
Comment: cdnedit@itbusiness.ca