BreachExchange mailing list archives
Long live perimeter security
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 6 Nov 2013 23:20:27 -0700
http://www.networkworld.com/news/2013/110513-long-live-perimeter-275650.html?source=nww_rss It is not possible to build the perfect security perimeter. But that doesn't mean you shouldn't try. Most security experts agree that just because something is not 100% bulletproof doesn't mean it is worthless, even if, as Bayshore Networks CEO Francis Cianfrocca, puts it: "The traditional network perimeter is no longer defensible." The most recent stark illustration of that is Adobe. The company acknowledged in mid-September that hackers had broken in a month or so earlier and accessed customer names, encrypted credit and debit card numbers and expiration dates, as well as source code. The company has not yet reported how the attackers got in but clearly, whatever perimeter defenses were in place were not enough. But Cianfrocca himself, in his next breath, declares that enterprises should keep investing in traditional perimeter defenses. "You still have to keep your front doors locked, even as you confront threats from entities that freely move through or bypass them," he said. Gary McGraw, CTO of Cigital, calls perimeter security "basic hygiene," and likens putting software security ahead of network security to, "putting on your pants before putting on your underwear." [...]
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Long live perimeter security Audrey McNeil (Nov 11)