Via: Wikibon

and take a look at our Endpoint Risk Assessment infographic

According to the article, these cyberattacks have been ongoing for the past 5 years.

5 years of vulnerabilities. Imagine the amount of data leakage over 5 years. State and corporate secrets that are no longer secrets.

What a frightening thought. If I was responsible for those endpoints I would be want a full assessment of the networks’ vulnerabilities and I would want them as soon as possible.

Now how do you assess agent based endpoint technologies? With an agentless technology that can scan each endpoint in less than 6 seconds and generate a complete report for the CIO/CISO to tell them what is missing on each endpoint.

As I see it, there is no time to waste for the companies and governments to  secure their endpoints.

Watch how we help fix critical McAfee ePo Deployment Problems

As the old cliché goes “bad news is good news, if you know what to do about it” really rings true in this case.  My business puts me in a position to see first-hand so many vulnerabilities that simply put, enables a large majority of these issues.  Endpoints represent the primary egress point for the majority of security problems.  In the recent past a central focus of Infosec strategy was to build a strong border around the assets.  With the proliferation of endpoints, especially unmanaged and mobile devices exploding in numbers, companies now operate in a “borderless” environment.  After all, the greatest perimeter in the world is pretty worthless if it is permeated with thousands of holes each represented at every endpoint 10x over.

The challenge of the day really comes down to visibility and control of a company’s endpoints.  Companies invest a small fortune in the solutions intended to mitigate the risks with solutions such as anti-virus/anti-malware, Patch/Configuration Management, Encryption, etc.

The evolution and trend we see here, should be a wakeup call to every CIO.  Industry Analyst Derek Brink of the Aberdeen Group recently presented his findings on “The Zen of Network Access”.  Their research insights indicate on a de-perimeterized or borderless network, enterprises will still want to authenticate, access, enforce and enable…but they won’t be able to do so in the same traditional ways.  “Relying exclusively on enterprise-provisioned agents running on enterprise managed devices to provide visibility and control will not be feasible in the evolving enterprise network.  A flexible, company-specific blend of agent-based and agent-less approaches will be required.” –I couldn’t concur more.  It doesn’t take much pondering to wonder why so many companies are burned my so many threats when the typical company has between 1 and 3 or 1 in 4 of their endpoints out of compliance in their ability to fend off threats with the solutions heavily invested to handle the job.

The problem isn’t just that the solutions are not good enough to do the job, in fact in most cases they more than adequate, but they can’t do the job if they are not installed at all or properly optimized to do the job.

Companies can’t win this battle if they can’t ensure endpoint compliance.  They can’t have compliance without 100% visibility of their endpoints.

Watch the video to see just how far we have come:

As first glance I was a bit hesitant to write about the story. Some of the players involved are very skilled Hackers. But then I came to the realization that this is a sensational story – one in which everyone in our industry must read.

And there is a lesson involved in this story, never be so arrogant as to think you and your organization are “untouchable”.  If you want to “out” the big guys, they are going to bring out the big guns.

Read the full story and all the attached articles – this one folks could be the makings of an excellent mystery novel.

Here is the article:

After dealing with Anonymous, HBGary Federal’s CEO resigns

My question is – how does an organization decide which platforms to cut and which to keep? How many organizations now a days have “nice to have” technology? Especially after the past  downturn in the economy, who had the budget for the “nice to have” ?

So if we are talking about cutting the budgets for the “need to have”, how do you decide what needs to stay and what needs to go?

Yesterday I spoke at a local marketing conference to explain how organizations can generate leads by using Twitter. This is a very basic presentation and most of the “meat” of the presentation was spoken.

I came across the Smart Enterprise Exchange today and there are some wonderful blog posts and videos by leading CIO’s.

Here is one frank video with CIO’s from Hill International, Liberty Mutual, Broadridge Financial Solutions, Inc