According to the article, these cyberattacks have been ongoing for the past 5 years.
5 years of vulnerabilities. Imagine the amount of data leakage over 5 years. State and corporate secrets that are no longer secrets.
What a frightening thought. If I was responsible for those endpoints I would be want a full assessment of the networks’ vulnerabilities and I would want them as soon as possible.
Now how do you assess agent based endpoint technologies? With an agentless technology that can scan each endpoint in less than 6 seconds and generate a complete report for the CIO/CISO to tell them what is missing on each endpoint.
As I see it, there is no time to waste for the companies and governments to secure their endpoints.
I came across this video and thought to myself “my, we have come a long way”. Or maybe I should say the “evil minions” of cyber doom have certainly done well for themselves. It is a well done video and an entertaining watch on the evolution of Information Security and where it is going. The good news is the job security front in information security looks pretty promising well into the future, because the threats both in scope and cost are clearly skyrocketing. The bad news is that I can’t help but think so much of this is/was avoidable through better endpoint management.
As the old cliché goes “bad news is good news, if you know what to do about it” really rings true in this case. My business puts me in a position to see first-hand so many vulnerabilities that simply put, enables a large majority of these issues. Endpoints represent the primary egress point for the majority of security problems. In the recent past a central focus of Infosec strategy was to build a strong border around the assets. With the proliferation of endpoints, especially unmanaged and mobile devices exploding in numbers, companies now operate in a “borderless” environment. After all, the greatest perimeter in the world is pretty worthless if it is permeated with thousands of holes each represented at every endpoint 10x over.
The challenge of the day really comes down to visibility and control of a company’s endpoints. Companies invest a small fortune in the solutions intended to mitigate the risks with solutions such as anti-virus/anti-malware, Patch/Configuration Management, Encryption, etc.
The evolution and trend we see here, should be a wakeup call to every CIO. Industry Analyst Derek Brink of the Aberdeen Group recently presented his findings on “The Zen of Network Access”. Their research insights indicate on a de-perimeterized or borderless network, enterprises will still want to authenticate, access, enforce and enable…but they won’t be able to do so in the same traditional ways. “Relying exclusively on enterprise-provisioned agents running on enterprise managed devices to provide visibility and control will not be feasible in the evolving enterprise network. A flexible, company-specific blend of agent-based and agent-less approaches will be required.” –I couldn’t concur more. It doesn’t take much pondering to wonder why so many companies are burned my so many threats when the typical company has between 1 and 3 or 1 in 4 of their endpoints out of compliance in their ability to fend off threats with the solutions heavily invested to handle the job.
The problem isn’t just that the solutions are not good enough to do the job, in fact in most cases they more than adequate, but they can’t do the job if they are not installed at all or properly optimized to do the job.
Companies can’t win this battle if they can’t ensure endpoint compliance. They can’t have compliance without 100% visibility of their endpoints.
I came across a story last week that blew my mind. It involved Wikileaks,RSA conference (and the sub event B-sides) , Anonymous and a CEO of a US intelligence firm.
As first glance I was a bit hesitant to write about the story. Some of the players involved are very skilled Hackers. But then I came to the realization that this is a sensational story – one in which everyone in our industry must read.
And there is a lesson involved in this story, never be so arrogant as to think you and your organization are “untouchable”. If you want to “out” the big guys, they are going to bring out the big guns.
Read the full story and all the attached articles – this one folks could be the makings of an excellent mystery novel.
My question is – how does an organization decide which platforms to cut and which to keep? How many organizations now a days have “nice to have” technology? Especially after the past downturn in the economy, who had the budget for the “nice to have” ?
So if we are talking about cutting the budgets for the “need to have”, how do you decide what needs to stay and what needs to go?
We do use social media on a regular basis for a variety of different reasons. LinkedIn, Twitter, blogs, etc have all been useful tools for our international organization.
Yesterday I spoke at a local marketing conference to explain how organizations can generate leads by using Twitter. This is a very basic presentation and most of the “meat” of the presentation was spoken.
![The Changing Role of the CIO [Infographic]](http://wikibon.org/blog/wp-content/uploads/2012/02/enterprise-cio-forum-full.jpg)
Ahuvah's Spin | Ahuvah | 
February 21, 2012 9:50 am | 
Comments (0) 
Subscribe