BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Long live perimeter security

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 6 Nov 2013 23:20:27 -0700
http://www.networkworld.com/news/2013/110513-long-live-perimeter-275650.html?source=nww_rss

It is not possible to build the perfect security perimeter. But that
doesn't mean you shouldn't try.

Most security experts agree that just because something is not 100%
bulletproof doesn't mean it is worthless, even if, as Bayshore Networks CEO
Francis Cianfrocca, puts it: "The traditional network perimeter is no
longer defensible."

The most recent stark illustration of that is Adobe. The company
acknowledged in mid-September that hackers had broken in a month or so
earlier and accessed customer names, encrypted credit and debit card
numbers and expiration dates, as well as source code. The company has not
yet reported how the attackers got in but clearly, whatever perimeter
defenses were in place were not enough.

But Cianfrocca himself, in his next breath, declares that enterprises
should keep investing in traditional perimeter defenses. "You still have to
keep your front doors locked, even as you confront threats from entities
that freely move through or bypass them," he said.

Gary McGraw, CTO of Cigital, calls perimeter security "basic hygiene," and
likens putting software security ahead of network security to, "putting on
your pants before putting on your underwear."

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: