Security Startups Focusing On Threats, Not Malware

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/threat-intelligence/167901121/security/client-security/240002122/security-startups-focusing-on-threats-not-malware.html

By Robert Lemos
Contributing Writer
Dark Reading
June 14, 2012

Security consultant Dino Dai Zovi hacked Macs and co-authored a book on 
how to secure them. Tillmann Werner researched ways to detect the 
Conficker worm on infected networks and advocated an offensive approach 
to dealing with the threat. Shawn Henry chased cybercriminals during his 
23-year career at the FBI. And, Dan Guido teaches at NYU Poly and 
espouses a "Know Your Attacker" philosophy.

All four have left previous positions and joined startups that are 
creating services and products that focus on ways to make attacks more 
painful for the attackers. Rather than continue finding vulnerabilities 
or pointing out ways attackers can infiltrate networks, groups of 
well-known researchers are increasingly coming together to find better 
ways to identify and hinder attackers.

"I think that smart security folks intuitively understand what most 
large businesses have been learning the hard way -- that most of what 
the security industry works on has little impact on the ability for 
attackers to achieve their goals," Guido says.

As attackers become more skilled at quiet, targeted attacks, traditional 
defenses are failing to catch them. While some security companies, for 
example, can search their logs of blocked programs for evidence that 
their products stopped Flame, it took the antivirus industry at least 
four years to detect the attack.

[...]


--
Certified Ethical Hacker, ISSMP, ISSAP, CISSP training
with Expanding Security gives the best training and support.
Get a free live class invite weekly. Best programs, best prices.
http://www.ExpandingSecurity.com/PainPill