- 1
- 2
- < previous
4. There is more to risk than just weak software
Security vendors push protecting against software vulnerabilities, but those flaws don't represent the source of the bulk of successful exploits, Corman says. Weak passwords, weak configurations of devices - particularly default configurations - and weak people - easy victims of social engineering, are bigger problems, he says. "If software were perfect, we'd still have viruses, Trojans, etc., that don't need software flaws to work," he says.
5. Compliance threatens security
Compliance itself is not bad, but complying with security standards set by government, such as HIPAA, or industries, such as PCI, are not enough to keep networks secure, Corman says. The problem is that regulations create a budget and resource conflict between what compliance demands and what network executives think really needs doing to best secure the business it supports. Complying with such standards also signals to potential attackers the exact defenses businesses have. "If PCI tells them where the fortifications are and they start targeting other areas," he says.
6. Vendor blind spots allowed the Storm worm outbreak to happen
Corporate defenses that check behavior of network devices can spot machines taken over by the bot network, but there is no such protection for consumer networks. Behavior-based antivirus software for endpoints and anomaly detection systems also work, but not for those who don't have them, he says. "Storm recognized the biggest blind spots in antivirus and exploited them, and Storm employs great social engineering," Corman says.
7. Security has grown well past do-it-yourself
Security vendors try to convince businesses that security is so complex that they cannot possibly do it alone, Corman says. But the security needs of businesses are so individual that merely choosing a product is not enough. "It's not enough to have the right tool. It needs to be installed and configured properly for the environment," he says, and that can best be done by the IT staff itself.
- 1
- 2
- < previous
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
Delivering the Power of Choice with Microsoft Dynamics CRM
Controlling storage costs with Oracle database 11g
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Email Archiving Implementation: Five Costly Mistakes to Avoid
How to improve employee productivity in small and medium businesses
Strategies for Eliminating .PST Files
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 2008-12-04 15:04:00+11
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 2008-12-04 13:34:00+11
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Your organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.
Buying Guides
Latest Products
Buying Guides
